Tâche #31004
Scénario #30578: Faire fonctionner Eclair sur un ScribeAD
La formula Salt ne fonctionne pas sur l'image CD
Début:
29/10/2020
Echéance:
% réalisé:
100%
Restant à faire (heures):
0.0
Description
root@scribe:/# salt-call grains.append roles '["ad/member", "veyon/master", "veyon/client"]'
[ERROR ] Exception while creating a ThreadPool for resolving FQDNs: [Errno 38] Function not implemented
local:
----------
roles:
- ad/member
- veyon/master
- veyon/client
root@scribe:/# salt-call state.highstate
[ERROR ] Exception while creating a ThreadPool for resolving FQDNs: [Errno 38] Function not implemented
[ERROR ] Command 'kinit --password-file=/root/kinit-password eole-workstation-manager' failed with return code: 1
[ERROR ] stderr: kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMPEDAGO.ETB1.LAN
[ERROR ] retcode: 1
[ERROR ] {'pid': 184305, 'retcode': 1, 'stdout': '', 'stderr': 'kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMPEDAGO.ETB1.LAN'}
[ERROR ] Command '['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'veyon']' failed with return code: 100
[ERROR ] stdout: Reading package lists...
Building dependency tree...
Reading state information...
[ERROR ] stderr: E: Unable to locate package veyon
[ERROR ] retcode: 100
[ERROR ] Problem encountered installing package(s). Additional info follows:
errors:
- E: Unable to locate package veyon
[ERROR ] Command 'veyon-cli service register' failed with return code: 127
[ERROR ] stderr: /bin/bash: veyon-cli: command not found
[ERROR ] retcode: 127
[ERROR ] {'pid': 185342, 'retcode': 127, 'stdout': '', 'stderr': '/bin/bash: veyon-cli: command not found'}
[WARNING ] The function "module.run" is using its deprecated version and will expire in version "Phosphorus".
[ERROR ] {'ret': False}
local:
----------
ID: ad/member/linux/package/conflicts/pkg.purged
Function: pkg.purged
Result: True
Comment: All specified packages are already absent
Started: 06:43:36.362163
Duration: 54.723 ms
Changes:
----------
ID: ad/member/linux/package/install/pkg.installed
Function: pkg.installed
Result: True
Comment: 7 targeted packages were installed/updated.
Started: 06:43:36.425155
Duration: 25265.986 ms
Changes:
----------
adcli:
----------
new:
0.9.0-1
old:
heimdal-clients:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
krb5-config:
----------
new:
2.6ubuntu1
old:
ldap-utils:
----------
new:
2.4.49+dfsg-2ubuntu1.3
old:
libbasicobjects0:
----------
new:
0.6.1-2
old:
libc-ares2:
----------
new:
1.15.0-1build1
old:
libcollection4:
----------
new:
0.6.1-2
old:
libdhash1:
----------
new:
0.6.1-2
old:
libhdb9-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libini-config5:
----------
new:
0.6.1-2
old:
libipa-hbac0:
----------
new:
2.2.3-3
old:
libkadm5clnt7-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libkadm5srv8-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libkafs0-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libnfsidmap2:
----------
new:
0.25-5.1ubuntu1
old:
libnss-sss:
----------
new:
2.2.3-3
old:
libotp0-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libpam-pwquality:
----------
new:
1.4.2-1build1
old:
libpam-sss:
----------
new:
2.2.3-3
old:
libpath-utils1:
----------
new:
0.6.1-2
old:
libref-array1:
----------
new:
0.6.1-2
old:
libsasl2-modules-gssapi-mit:
----------
new:
2.1.27+dfsg-2
old:
libsl0-heimdal:
----------
new:
7.7.0+dfsg-1ubuntu1
old:
libsss-certmap0:
----------
new:
2.2.3-3
old:
libsss-idmap0:
----------
new:
2.2.3-3
old:
libsss-nss-idmap0:
----------
new:
2.2.3-3
old:
libsss-sudo:
----------
new:
2.2.3-3
old:
python3-sss:
----------
new:
2.2.3-3
old:
realmd:
----------
new:
0.16.3-3
old:
sssd:
----------
new:
2.2.3-3
old:
sssd-ad:
----------
new:
2.2.3-3
old:
sssd-ad-common:
----------
new:
2.2.3-3
old:
sssd-common:
----------
new:
2.2.3-3
old:
sssd-ipa:
----------
new:
2.2.3-3
old:
sssd-krb5:
----------
new:
2.2.3-3
old:
sssd-krb5-common:
----------
new:
2.2.3-3
old:
sssd-ldap:
----------
new:
2.2.3-3
old:
sssd-proxy:
----------
new:
2.2.3-3
old:
sssd-tools:
----------
new:
2.2.3-3
old:
----------
ID: ad/member/linux/config/krb5/file.managed
Function: file.managed
Name: /etc/krb5.conf
Result: True
Comment: File /etc/krb5.conf updated
Started: 06:44:01.700725
Duration: 82.704 ms
Changes:
----------
diff:
---
+++
@@ -1,96 +1,17 @@
[libdefaults]
- default_realm = DOMPEDAGO.ETB1.LAN
-
-# The following krb5.conf variables are only for MIT Kerberos.
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
-
-# The following encryption type specification will be used by MIT Kerberos
-# if uncommented. In general, the defaults in the MIT Kerberos code are
-# correct and overriding these specifications only serves to disable new
-# encryption types as they are added, creating interoperability problems.
-#
-# The only time when you might need to uncomment these lines and change
-# the enctypes is if you have local software that will break on ticket
-# caches containing ticket encryption types it doesn't know about (such as
-# old versions of Sun Java).
-
-# default_tgs_enctypes = des3-hmac-sha1
-# default_tkt_enctypes = des3-hmac-sha1
-# permitted_enctypes = des3-hmac-sha1
-
-# The following libdefaults parameters are only for Heimdal Kerberos.
- fcc-mit-ticketflags = true
+ default_realm = "DOMPEDAGO.ETB1.LAN"
+ dns_lookup_realm = true
+ dns_lookup_kdc = true
+ rdns = false
[realms]
- ATHENA.MIT.EDU = {
- kdc = kerberos.mit.edu
- kdc = kerberos-1.mit.edu
- kdc = kerberos-2.mit.edu:88
- admin_server = kerberos.mit.edu
- default_domain = mit.edu
- }
- ZONE.MIT.EDU = {
- kdc = casio.mit.edu
- kdc = seiko.mit.edu
- admin_server = casio.mit.edu
- }
- CSAIL.MIT.EDU = {
- admin_server = kerberos.csail.mit.edu
- default_domain = csail.mit.edu
- }
- IHTFP.ORG = {
- kdc = kerberos.ihtfp.org
- admin_server = kerberos.ihtfp.org
- }
- 1TS.ORG = {
- kdc = kerberos.1ts.org
- admin_server = kerberos.1ts.org
- }
- ANDREW.CMU.EDU = {
- admin_server = kerberos.andrew.cmu.edu
- default_domain = andrew.cmu.edu
- }
- CS.CMU.EDU = {
- kdc = kerberos-1.srv.cs.cmu.edu
- kdc = kerberos-2.srv.cs.cmu.edu
- kdc = kerberos-3.srv.cs.cmu.edu
- admin_server = kerberos.cs.cmu.edu
- }
- DEMENTIA.ORG = {
- kdc = kerberos.dementix.org
- kdc = kerberos2.dementix.org
- admin_server = kerberos.dementix.org
- }
- stanford.edu = {
- kdc = krb5auth1.stanford.edu
- kdc = krb5auth2.stanford.edu
- kdc = krb5auth3.stanford.edu
- master_kdc = krb5auth1.stanford.edu
- admin_server = krb5-admin.stanford.edu
- default_domain = stanford.edu
- }
- UTORONTO.CA = {
- kdc = kerberos1.utoronto.ca
- kdc = kerberos2.utoronto.ca
- kdc = kerberos3.utoronto.ca
- admin_server = kerberos1.utoronto.ca
- default_domain = utoronto.ca
- }
+ DOMPEDAGO.ETB1.LAN = {
+ kdc = addc.dompedago.etb1.lan:88
+ admin_server = addc.dompedago.etb1.lan:749
+ default_domain = dompedago.etb1.lan
+ }
[domain_realm]
- .mit.edu = ATHENA.MIT.EDU
- mit.edu = ATHENA.MIT.EDU
- .media.mit.edu = MEDIA-LAB.MIT.EDU
- media.mit.edu = MEDIA-LAB.MIT.EDU
- .csail.mit.edu = CSAIL.MIT.EDU
- csail.mit.edu = CSAIL.MIT.EDU
- .whoi.edu = ATHENA.MIT.EDU
- whoi.edu = ATHENA.MIT.EDU
- .stanford.edu = stanford.edu
- .slac.stanford.edu = SLAC.STANFORD.EDU
- .toronto.edu = UTORONTO.CA
- .utoronto.ca = UTORONTO.CA
+ .dompedago.etb1.lan = DOMPEDAGO.ETB1.LAN
+ dompedago.etb1.lan = DOMPEDAGO.ETB1.LAN
----------
ID: eole-workstation/ad/grains/grains.list_append
Function: grains.list_present
Name: roles
Result: True
Comment: Value ['ad/member'] is already in grain roles
Started: 06:44:01.786268
Duration: 1.618 ms
Changes:
----------
ID: ad/member/linux/join/passwd-file/file.managed
Function: file.managed
Name: /root/kinit-password
Result: True
Comment: File /root/kinit-password updated
Started: 06:44:01.788113
Duration: 1639.008 ms
Changes:
----------
diff:
New file
----------
ID: ad/member/linux/join/kinit/cmd.run
Function: cmd.run
Name: kinit --password-file=/root/kinit-password eole-workstation-manager
Result: False
Comment: Command "kinit --password-file=/root/kinit-password eole-workstation-manager" run
Started: 06:44:03.428258
Duration: 38177.197 ms
Changes:
----------
pid:
184305
retcode:
1
stderr:
kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMPEDAGO.ETB1.LAN
stdout:
----------
ID: ad/member/linux/join/join/cmd.run
Function: cmd.run
Name: realm -v join --unattended "dompedago.etb1.lan"
Result: False
Comment: One or more requisite failed: ad.member.linux.join.ad/member/linux/join/kinit/cmd.run
Started: 06:44:41.606833
Duration: 0.005 ms
Changes:
----------
ID: ad/member/linux/join/kdestroy/cmd.run
Function: cmd.run
Name: kdestroy
Result: False
Comment: One or more requisite failed: ad.member.linux.join.ad/member/linux/join/kinit/cmd.run
Started: 06:44:41.607068
Duration: 0.002 ms
Changes:
----------
ID: ad/member/linux/join/passwd-file/file.absent
Function: file.absent
Name: /root/kinit-password
Result: True
Comment: Removed file /root/kinit-password
Started: 06:44:41.607235
Duration: 1.249 ms
Changes:
----------
removed:
/root/kinit-password
----------
ID: ad/member/linux/config/sssd/ini.options_present
Function: ini.options_present
Name: /etc/sssd/sssd.conf
Result: False
Comment: One or more requisite failed: ad.member.linux.join.ad/member/linux/join/kinit/cmd.run, ad.member.linux.join.ad/member/linux/join/kdestroy/cmd.run, ad.member.linux.join.ad/member/linux/join/join/cmd.run
Started: 06:44:41.609247
Duration: 0.004 ms
Changes:
----------
ID: ad/member/linux/service/running/service.running/sssd
Function: service.running
Name: sssd
Result: False
Comment: One or more requisite failed: ad.member.linux.join.ad/member/linux/join/kinit/cmd.run, ad.member.linux.join.ad/member/linux/join/kdestroy/cmd.run, ad.member.linux.join.ad/member/linux/join/join/cmd.run, ad.member.linux.config.sssd.ad/member/linux/config/sssd/ini.options_present
Started: 06:44:41.609415
Duration: 0.002 ms
Changes:
----------
ID: pam_mount/package/install/dependencies/pkg.installed
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: keyutils
The following packages were already installed: cifs-utils
Started: 06:44:41.609481
Duration: 13114.042 ms
Changes:
----------
keyutils:
----------
new:
1.6-6ubuntu1
old:
----------
ID: pam-mount/package/install/libpam-mount/pkg.installed
Function: pkg.installed
Name: libpam-mount
Result: True
Comment: The following packages were installed/updated: libpam-mount
Started: 06:44:54.729481
Duration: 15282.295 ms
Changes:
----------
libhx28:
----------
new:
3.24-1
old:
libpam-mount:
----------
new:
2.16-10
old:
libpam-mount-bin:
----------
new:
2.16-10
old:
----------
ID: pam-mount/config/file/file.managed
Function: file.managed
Name: /etc/security/pam_mount.conf.xml
Result: True
Comment: File /etc/security/pam_mount.conf.xml updated
Started: 06:45:10.020145
Duration: 110.025 ms
Changes:
----------
diff:
---
+++
@@ -1,44 +1,68 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
- See pam_mount.conf(5) for a description.
+See pam_mount.conf(5) for a description.
-->
<pam_mount>
- <!-- debug should come before everything else,
- since this file is still processed in a single pass
- from top-to-bottom -->
+ <!-- debug should come before everything else,
+ since this file is still processed in a single pass
+ from top-to-bottom -->
-<debug enable="0" />
+ <debug enable="0" />
- <!-- Volume definitions -->
+ <!-- Volume definitions -->
+ <volume mountpoint="~"
+ fstype="cifs"
+ options="cifsacl,cruid=%(USERUID),dir_mode=0700,domain=dompedago.etb1.lan,file_mode=0600,sec=krb5,uid=%(USERUID),username=%(USER)"
+ path="%(USER)/"
+ server="scribe.dompedago.etb1.lan">
+ <sgrp>domain users</sgrp>
+ </volume>
+
+ <volume mountpoint="~/commun"
+ fstype="cifs"
+ options="cifsacl,cruid=%(USERUID),dir_mode=0700,domain=dompedago.etb1.lan,file_mode=0600,sec=krb5,uid=%(USERUID),username=%(USER)"
+ path="commun/"
+ server="scribe.dompedago.etb1.lan">
+ <sgrp>domain users</sgrp>
+ </volume>
+
+ <volume mountpoint="~/professeurs"
+ fstype="cifs"
+ options="cifsacl,cruid=%(USERUID),dir_mode=0700,domain=dompedago.etb1.lan,file_mode=0600,sec=krb5,uid=%(USERUID),username=%(USER)"
+ path="professeurs/"
+ server="scribe.dompedago.etb1.lan">
+ <and>
+ <sgrp>domain users</sgrp>
+ <sgrp>professeurs</sgrp>
+ </and>
+ </volume>
- <!-- pam_mount parameters: General tunables -->
+ <!-- pam_mount parameters: General tunables -->
-<!--
-<luserconf name=".pam_mount.conf.xml" />
--->
+ <!--
+ <luserconf name=".pam_mount.conf.xml" />
+ -->
-<!-- Note that commenting out mntoptions will give you the defaults.
- You will need to explicitly initialize it with the empty string
- to reset the defaults to nothing. -->
-<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
-<!--
-<mntoptions deny="suid,dev" />
-<mntoptions allow="*" />
-<mntoptions deny="*" />
--->
-<mntoptions require="nosuid,nodev" />
+ <!-- Note that commenting out mntoptions will give you the defaults.
+ You will need to explicitly initialize it with the empty string
+ to reset the defaults to nothing. -->
+ <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
+ <!--
+ <mntoptions deny="suid,dev" />
+ <mntoptions allow="*" />
+ <mntoptions deny="*" />
+ -->
+ <mntoptions require="nosuid,nodev" />
-<!-- requires ofl from hxtools to be present -->
-<logout wait="0" hup="no" term="no" kill="no" />
+ <!-- requires ofl from hxtools to be present -->
+ <logout wait="0" hup="no" term="no" kill="no" />
- <!-- pam_mount parameters: Volume-related -->
-
-<mkmountpoint enable="1" remove="true" />
-
+ <!-- pam_mount parameters: Volume-related -->
+ <mkmountpoint enable="1" remove="1" />
</pam_mount>
----------
ID: Add Veyon grains
Function: grains.list_present
Name: roles
Result: True
Comment: Value ['veyon/master', 'veyon/client'] is already in grain roles
Started: 06:45:10.130886
Duration: 1.867 ms
Changes:
----------
ID: Install Veyon software
Function: pkg.installed
Name: veyon
Result: False
Comment: Problem encountered installing package(s). Additional info follows:
errors:
- E: Unable to locate package veyon
Started: 06:45:10.137401
Duration: 1849.588 ms
Changes:
----------
ID: Cleanup configuration file on error
Function: file.absent
Name: /tmp/veyon-config.json
Result: True
Comment: File /tmp/veyon-config.json is not present
Started: 06:45:11.987444
Duration: 394.247 ms
Changes:
----------
ID: Download Veyon Configuration
Function: file.managed
Name: /tmp/veyon-config.json
Result: False
Comment: One or more requisite failed: eole-workstation.veyon.package.install.Install Veyon software
Started: 06:45:12.382335
Duration: 0.004 ms
Changes:
----------
ID: Import Veyon configuration
Function: cmd.run
Name: veyon-cli config import veyon-config.json
Result: False
Comment: One or more requisite failed: eole-workstation.veyon.config.file.Download Veyon Configuration
Started: 06:45:12.383235
Duration: 0.004 ms
Changes:
----------
ID: Set LDAP password
Function: cmd.run
Name: veyon-cli config set LDAP/BindPassword $VEYON_PASSWORD
Result: False
Comment: One or more requisite failed: eole-workstation.veyon.config.import.Import Veyon configuration
Started: 06:45:12.383567
Duration: 0.003 ms
Changes:
----------
ID: Start Veyon service
Function: service.running
Name: veyon
Result: False
Comment: One or more requisite failed: eole-workstation.veyon.config.import.Set LDAP password, eole-workstation.veyon.config.import.Import Veyon configuration
Started: 06:45:12.383733
Duration: 0.002 ms
Changes:
----------
ID: Register Veyon service
Function: cmd.run
Name: veyon-cli service register
Result: False
Comment: Command "veyon-cli service register" run
Started: 06:45:12.384004
Duration: 11.18 ms
Changes:
----------
pid:
185342
retcode:
127
stderr:
/bin/bash: veyon-cli: command not found
stdout:
----------
ID: Restart Veyon Service
Function: cmd.run
Name: veyon-cli service restart
Result: False
Comment: One or more requisite failed: eole-workstation.veyon.config.import.Set LDAP password, eole-workstation.veyon.config.import.Import Veyon configuration
Started: 06:45:12.397154
Duration: 0.004 ms
Changes:
----------
ID: eole-workstation-mine-update-module-run
Function: module.run
Name: mine.update
Result: False
Comment: Module function mine.update executed
Started: 06:45:12.397225
Duration: 1507.692 ms
Changes:
----------
ret:
False
Summary for local
-------------
Succeeded: 11 (changed=10)
Failed: 13
-------------
Total states run: 24
Total run time: 97.493 s
Demandes liées
Révisions associées
ne pas généré les hosts dans ssh_config en mode non conteneur (ref #31004)
correction du script de change de mot de passe (ref #31004)
Historique
#1 Mis à jour par Emmanuel GARETTE il y a plus de 3 ans
Le compte eole-workstation-manager n'est pas correct.
root@scribe:~# cat /etc/eole/private/eole-workstation-manager.password eQdwm1GE0ll3XtBamL9zkcyWQSlYaeSDa1ioVvlRcl root@scribe:~# smbclient -L localhost -Ueole-workstation-manager%eQdwm1GE0ll3XtBamL9zkcyWQSlYaeSDa1ioVvlRcl session setup failed: NT_STATUS_LOGON_FAILURE
#2 Mis à jour par Emmanuel GARETTE il y a plus de 3 ans
- Statut changé de Nouveau à En cours
#3 Mis à jour par Emmanuel GARETTE il y a plus de 3 ans
- Assigné à mis à Emmanuel GARETTE
#4 Mis à jour par Emmanuel GARETTE il y a plus de 3 ans
Problème restant :
- l'installation de veyon ne se fait pas :
errors: - E: Unable to locate package veyon
Le paquet devrait être veyon-master ou veyon-service ?
- realm fonctionne avec dbus a priori, mais dbus n'est pas démarré :
# realm -v join --unattended "dompedago.etb1.lan" To run without a DBus bus use the install mode: --install=/ realm: Couldn't connect to system bus: Could not connect: No such file or directory
Avec l'option --install=/ ca semble fonctionner.
- une erreur sur la mine :
ID: eole-workstation-mine-update-module-run
Function: module.run
Name: mine.update
Result: False
Comment: Module function mine.update executed
Started: 13:48:39.964623
Duration: 1508.134 ms
Changes:
----------
ret:
False
#5 Mis à jour par Emmanuel GARETTE il y a plus de 3 ans
- Statut changé de En cours à Résolu
- % réalisé changé de 0 à 100
#6 Mis à jour par Joël Cuissinat il y a plus de 3 ans
- Statut changé de Résolu à Fermé
- Restant à faire (heures) mis à 0.0
OK, étude à garder sous le coude :)
#7 Mis à jour par Joël Cuissinat il y a plus de 3 ans
- Lié à Demande #31028: Problème avec salt dans le cadre d'éclair ajouté