[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
IMO your first error [ ERROR ] Failed to execute stage 'Environment customization': a byte-like object is required, not 'str' seems to me as related to python2=>python3 upgrade and worth filing a bug with all the relevant details On Thu, Jun 11, 2020 at 8:38 PM Stack Korora wrote: > Greetings, > I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4. > I would appreciate some help please. > > When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307 > Schema (Generic)" because that's what my LDAP guy said I should do. :-) > > Next I select the default Yes for "Use DNS". > > I select 4 for "Failover between multiple hosts". > > I put in my two hosts "svr1.my.domain srv2.my.domain". > > To select the protocol I type "ldaps". > > To select the method to obtain the PEM I type "File". > > Then the "File path". A full path to the file. Not quoted. Yes, I > checked that I typed it correct. I can copy-paste into "ls" and it's > fine with the correct read permissions and everything. (I can't copy > paste into the script but that's another issue.) > > It immediately fails with: > [ ERROR ] Failed to execute stage 'Environment customization': a > byte-like object is required, not 'str' > > There is a log file, here is the snippet at the point it goes wrong. > > 2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:SEND File path: > 2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:RECEIVE > /etc/pki/ca-trust/source/anchors/Infrastructure.pem > 2020-06-11 11:36:24,375-0500 DEBUG otopi.context > context._executeMethod:145 method exception > Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in > _executeMethod > method['method']() > File > > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 781, in _customization_late > cacert, cacertfile, insecure = self._getCACert() > File > > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 357, in _getCACert > _cacertfile.write('\n'.join(cacert) + '\n') > File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper > return func(*args, **kwargs) > TypeError: a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 ERROR otopi.context > context._executeMethod:154 Failed to execute stage 'Environment > customization': a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/error=bool:'True' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[( 'TypeError'>, TypeError("a bytes-like object is required, not 'str'",), > )]' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain > srv2.my.domain' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > > QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:779 ENVIRONMENT DUMP - END > > > Can someone help please? > Thanks! > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/MHBAPSJOFLAWFMBT4HPJAZUYB3ODL7BX/ > ___
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
On 2020-06-11 20:55, Stack Korora wrote: > Well made one discovery. While named with an 's' in EL7, in EL8 that 's' > is missing. ovirt-engine-extensions-aaa-ldap is now > ovirt-engine-extension-aaa-ldap. > > However, even after fixing that in the properties it still gives the > same error message (just missing the 's' now). I do have the packages > installed and I do have > /usr/share/java/ovirt-engine-extension-aaa-ldap/ovirt-engine-extension-aaa-ldap.jar > (and the symlinks that point there). Still throws errors. :-( I finally cracked it. There's a bunch of small minor changes that don't allow for the config file from 4.3 to work with 4.4. Things like dropping the 's' or exchanging the '-' for '.'. Also had a heck of a time with the ugly verbosity of the output from ovirt-engine-extension-aaa-ldap tool. Not nearly as clean as it was under 4.3. But, as I said, I cracked the issue and I've got it working. Thanks to all on the list. I found a lot of good info in searching the archive. Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7AMQAQKPUQGI3MDGQV5KT3CN3HOBJKZZ/
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
On 2020-06-11 20:32, Stack Korora wrote: > [snip] >> Since I wasn't getting anywhere with this, I decided to try a few >> things. I copied the following files from a working 4.3 on RHEL 7 >> (again, this setup is CentOS8 with 4.4): >> /etc/ovirt-engine/aaa/ldap.jks >> /etc/ovirt-engine/aaa/ldap.properties >> /etc/ovirt-engine/extensions.d/ldap-authn.properties >> /etc/ovirt-engine/extensions.d/ldap-authz.properties >> >> I verified permissions were all good (including SELinux). I restarted a >> few services but wasn't getting anything at all of value telling me what >> was wrong...so I rebooted. That did the trick! Now I get an error, >> though nothing of use is turning up from the internet searches. >> >> # ovirt-engine-extensions-tool info list-extensions >> [snip] >> SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error >> loading 'ldap-authn': The module 'org.ovirt.engine-extensions.aaa.ldap' >> cannot be loaded: org.ovirt.engine-extensions.aaa.ldap >> SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error >> loading 'ldap-authz': The module 'org.ovirt.engine-extensions.aaa.ldap' >> cannot be loaded: org.ovirt.engine-extensions.aaa.ldap >> [snip] >> >> I do have these packages installed: >> ovirt-engine-extensions-aaa-ldap >> ovirt-engine-extensions-aaa-ldap-setup Well made one discovery. While named with an 's' in EL7, in EL8 that 's' is missing. ovirt-engine-extensions-aaa-ldap is now ovirt-engine-extension-aaa-ldap. However, even after fixing that in the properties it still gives the same error message (just missing the 's' now). I do have the packages installed and I do have /usr/share/java/ovirt-engine-extension-aaa-ldap/ovirt-engine-extension-aaa-ldap.jar (and the symlinks that point there). Still throws errors. :-( Thoughts? Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HUVCIP4KVLMPI3GBGVZTMFUNHRMHRSBW/
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
Bottom posted update: On 2020-06-11 17:35, Stack Korora wrote: > Greetings, > I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4. > I would appreciate some help please. > > When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307 > Schema (Generic)" because that's what my LDAP guy said I should do. :-) > > Next I select the default Yes for "Use DNS". > > I select 4 for "Failover between multiple hosts". > > I put in my two hosts "svr1.my.domain srv2.my.domain". > > To select the protocol I type "ldaps". > > To select the method to obtain the PEM I type "File". > > Then the "File path". A full path to the file. Not quoted. Yes, I > checked that I typed it correct. I can copy-paste into "ls" and it's > fine with the correct read permissions and everything. (I can't copy > paste into the script but that's another issue.) > > It immediately fails with: > [ ERROR ] Failed to execute stage 'Environment customization': a > byte-like object is required, not 'str' > > There is a log file, here is the snippet at the point it goes wrong. > > 2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:SEND File path: > 2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:RECEIVE > /etc/pki/ca-trust/source/anchors/Infrastructure.pem > 2020-06-11 11:36:24,375-0500 DEBUG otopi.context > context._executeMethod:145 method exception > Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in > _executeMethod > method['method']() > File > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 781, in _customization_late > cacert, cacertfile, insecure = self._getCACert() > File > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 357, in _getCACert > _cacertfile.write('\n'.join(cacert) + '\n') > File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper > return func(*args, **kwargs) > TypeError: a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 ERROR otopi.context > context._executeMethod:154 Failed to execute stage 'Environment > customization': a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/error=bool:'True' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[( 'TypeError'>, TypeError("a bytes-like object is required, not 'str'",), > )]' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain > srv2.my.domain' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:779 ENVIRONMENT DUMP - END > Since I wasn't getting anywhere with this, I decided to try a few things. I copied the following files from a working 4.3 on RHEL 7 (again, this setup is CentOS8 with 4.4): /etc/ovirt-engine/aaa/ldap.jks /etc/ovirt-engine/aaa/ldap.properties /etc/ovirt-engine/extensions.d/ldap-authn.properties /etc/ovirt-engine/extensions.d/ldap-authz.properties I verified permissions were all good (including SELinux). I restarted a few services but wasn't getting anything at all of value telling me what was wrong...so I rebooted. That did the trick! Now I get an error, though nothing of use is turning up from the internet searches. # ovirt-engine-extensions-tool info list-extensions [snip] SEVERE: Extension 'ldap-authn.prop