Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname
The exact same error is in the /var/log/ipareplica-install log Here are the last few relevant lines. File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py", line 28, in from backports.ssl_match_hostname import match_hostname 2016-08-11T03:53:02Z DEBUG The ipa-replica-install command failed, exception: ImportError: No module named ssl_match_hostname 2016-08-11T03:53:02Z ERROR No module named ssl_match_hostname [root@lcars log]# On Thu, Aug 11, 2016 at 10:51 AM, Rob Crittendenwrote: > White Hat wrote: >> >> When attempting to run ipa-replica-install I get a python error, No >> module named ssl_match_hostname >> >> >> This is on a CentOS 7.2 x86_64 testing box. >> >> All available updates including kernel installed, and system rebooted >> same day. Same error before and after patching and reboot. >> >> Let me know if you want to see the yum history log info. >> >> - Operating system version >> [root@lcars site-packages]# cat /etc/redhat-release >> CentOS Linux release 7.2.1511 (Core) >> >> [root@lcars site-packages]# uname -a >> Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1 >> SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux >> >> - Here are the installed packages. All were installed using yum. >> [root@lcars site-packages]# yum list installed | awk '/backports|ipa-/' >> ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.18 >> @updates >> ipa-client.x86_64 4.2.0-15.0.1.el7.centos.18 >> @updates >> ipa-python.x86_64 4.2.0-15.0.1.el7.centos.18 >> @updates >> ipa-server.x86_64 4.2.0-15.0.1.el7.centos.18 >> @updates >> ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.18 >> @updates >> python-backports.noarch1.0-6.el7 >> @anaconda >> python-backports.x86_641.0-8.el7 >> installed >> python-backports-ssl_match_hostname.noarch >> >> I have the following repositories enabled: >> base/7/x86_64 >> epel/x86_64 >> extras/7/x86_64 >> updates/7/x86_64 >> >> - Other threads on this issue suggest using pip to install >> backports.ssl_match_hostname. I still get the same error after doing >> that. >> >> [root@lcars site-packages]# pip install backports.ssl_match_hostname >> Requirement already satisfied (use --upgrade to upgrade): >> backports.ssl_match_hostname in /usr/lib/python2.7/site-packages >> >> [root@lcars site-packages]# pip install --upgrade >> backports.ssl_match_hostname >> Requirement already up-to-date: backports.ssl_match_hostname in >> /usr/lib/python2.7/site-packages >> >> - Here's the actual attempt >> [root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns >> --forwarder=4.2.2.1 >> /root/replica-info-lcars.internal.madisonrentals.biz.gpg >> WARNING: conflicting time synchronization service 'chronyd' will >> be disabled in favor of ntpd >> >> Directory Manager (existing master) password: >> >> Your system may be partly configured. >> Run /usr/sbin/ipa-server-install --uninstall to clean up. >> >> ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module >> named ssl_match_hostname >> >> Even when running the suggested ipa-server-install --uninstall, I >> still receive the error about the missing module. >> >> Here's what I have in /usr/lib/python2.7/site-packages >> >> [root@lcars site-packages]# pwd >> /usr/lib/python2.7/site-packages >> [root@lcars site-packages]# ls | awk '/backports.ssl/' >> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info >> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info >> >> - And here are the contents of each directory. >> [root@lcars site-packages]# cd >> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/ >> >> [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls >> dependency_links.txt PKG-INFO SOURCES.txt top_level.txt >> >> [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd .. >> [root@lcars site-packages]# ls >> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info >> dependency_links.txt installed-files.txt PKG-INFO SOURCES.txt >> top_level.txt >> >> Another thread suggested that this can be caused by a missing >> __init__.py file, however, creating this file in both directories >> doesn't help. >> >> A commit by Heimes may shed some light on this. >> The commit is in regards to otptoken and states that: >> >> "The otptoken plugin is the only module in FreeIPA that uses Python's ssl >> module instead of NSS. The patch replaces ssl with NSSConnection. It >> uses the default NSS database to lookup trust anchors. NSSConnection >> uses NSS for hostname matching. The package >> python-backports-ssl_match_hostname is no longer required." >> >> The master IPA server is up and running with no issues. >> >> An ipa connection between replica server and master reports that the >> connection is working. >> >> What else could I be missing? > > > Is there a more complete traceback in /var/log/ipareplica-install?
Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname
White Hat wrote: When attempting to run ipa-replica-install I get a python error, No module named ssl_match_hostname This is on a CentOS 7.2 x86_64 testing box. All available updates including kernel installed, and system rebooted same day. Same error before and after patching and reboot. Let me know if you want to see the yum history log info. - Operating system version [root@lcars site-packages]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@lcars site-packages]# uname -a Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1 SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux - Here are the installed packages. All were installed using yum. [root@lcars site-packages]# yum list installed | awk '/backports|ipa-/' ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-client.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-python.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-server.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.18 @updates python-backports.noarch1.0-6.el7 @anaconda python-backports.x86_641.0-8.el7 installed python-backports-ssl_match_hostname.noarch I have the following repositories enabled: base/7/x86_64 epel/x86_64 extras/7/x86_64 updates/7/x86_64 - Other threads on this issue suggest using pip to install backports.ssl_match_hostname. I still get the same error after doing that. [root@lcars site-packages]# pip install backports.ssl_match_hostname Requirement already satisfied (use --upgrade to upgrade): backports.ssl_match_hostname in /usr/lib/python2.7/site-packages [root@lcars site-packages]# pip install --upgrade backports.ssl_match_hostname Requirement already up-to-date: backports.ssl_match_hostname in /usr/lib/python2.7/site-packages - Here's the actual attempt [root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns --forwarder=4.2.2.1 /root/replica-info-lcars.internal.madisonrentals.biz.gpg WARNING: conflicting time synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module named ssl_match_hostname Even when running the suggested ipa-server-install --uninstall, I still receive the error about the missing module. Here's what I have in /usr/lib/python2.7/site-packages [root@lcars site-packages]# pwd /usr/lib/python2.7/site-packages [root@lcars site-packages]# ls | awk '/backports.ssl/' backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info - And here are the contents of each directory. [root@lcars site-packages]# cd backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/ [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls dependency_links.txt PKG-INFO SOURCES.txt top_level.txt [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd .. [root@lcars site-packages]# ls backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info dependency_links.txt installed-files.txt PKG-INFO SOURCES.txt top_level.txt Another thread suggested that this can be caused by a missing __init__.py file, however, creating this file in both directories doesn't help. A commit by Heimes may shed some light on this. The commit is in regards to otptoken and states that: "The otptoken plugin is the only module in FreeIPA that uses Python's ssl module instead of NSS. The patch replaces ssl with NSSConnection. It uses the default NSS database to lookup trust anchors. NSSConnection uses NSS for hostname matching. The package python-backports-ssl_match_hostname is no longer required." The master IPA server is up and running with no issues. An ipa connection between replica server and master reports that the connection is working. What else could I be missing? Is there a more complete traceback in /var/log/ipareplica-install? I'm curious where the import is originating? If not instrumenting ipa-replica-install with pdb would be a way to find it. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname
When attempting to run ipa-replica-install I get a python error, No module named ssl_match_hostname This is on a CentOS 7.2 x86_64 testing box. All available updates including kernel installed, and system rebooted same day. Same error before and after patching and reboot. Let me know if you want to see the yum history log info. - Operating system version [root@lcars site-packages]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@lcars site-packages]# uname -a Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1 SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux - Here are the installed packages. All were installed using yum. [root@lcars site-packages]# yum list installed | awk '/backports|ipa-/' ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-client.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-python.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-server.x86_64 4.2.0-15.0.1.el7.centos.18 @updates ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.18 @updates python-backports.noarch1.0-6.el7 @anaconda python-backports.x86_641.0-8.el7 installed python-backports-ssl_match_hostname.noarch I have the following repositories enabled: base/7/x86_64 epel/x86_64 extras/7/x86_64 updates/7/x86_64 - Other threads on this issue suggest using pip to install backports.ssl_match_hostname. I still get the same error after doing that. [root@lcars site-packages]# pip install backports.ssl_match_hostname Requirement already satisfied (use --upgrade to upgrade): backports.ssl_match_hostname in /usr/lib/python2.7/site-packages [root@lcars site-packages]# pip install --upgrade backports.ssl_match_hostname Requirement already up-to-date: backports.ssl_match_hostname in /usr/lib/python2.7/site-packages - Here's the actual attempt [root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns --forwarder=4.2.2.1 /root/replica-info-lcars.internal.madisonrentals.biz.gpg WARNING: conflicting time synchronization service 'chronyd' will be disabled in favor of ntpd Directory Manager (existing master) password: Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module named ssl_match_hostname Even when running the suggested ipa-server-install --uninstall, I still receive the error about the missing module. Here's what I have in /usr/lib/python2.7/site-packages [root@lcars site-packages]# pwd /usr/lib/python2.7/site-packages [root@lcars site-packages]# ls | awk '/backports.ssl/' backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info - And here are the contents of each directory. [root@lcars site-packages]# cd backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/ [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls dependency_links.txt PKG-INFO SOURCES.txt top_level.txt [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd .. [root@lcars site-packages]# ls backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info dependency_links.txt installed-files.txt PKG-INFO SOURCES.txt top_level.txt Another thread suggested that this can be caused by a missing __init__.py file, however, creating this file in both directories doesn't help. A commit by Heimes may shed some light on this. The commit is in regards to otptoken and states that: "The otptoken plugin is the only module in FreeIPA that uses Python's ssl module instead of NSS. The patch replaces ssl with NSSConnection. It uses the default NSS database to lookup trust anchors. NSSConnection uses NSS for hostname matching. The package python-backports-ssl_match_hostname is no longer required." The master IPA server is up and running with no issues. An ipa connection between replica server and master reports that the connection is working. What else could I be missing? Thanks, Chris. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project