Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

write help or how to install, configure and run this #186

Open
urobasa opened this issue Jan 19, 2023 · 15 comments
Open

write help or how to install, configure and run this #186

urobasa opened this issue Jan 19, 2023 · 15 comments

Comments

@urobasa
Copy link

urobasa commented Jan 19, 2023

write how to install, configure and run this
@WillNilges
Copy link
Member

Hey @urobasa, thanks for the issue!

Did you see the instructions in the HACKING directory? Anything in particular you're confused on? Lemme know, and I'll do my best to clear it up!

@urobasa
Copy link
Author

urobasa commented Jan 21, 2023

"If you want to test locally, you should copy HACKING/.env.sample to HACKING/.env, and talk to an RTP about filling in secrets."
HACKING/.env.sample - not found

@urobasa
Copy link
Author

urobasa commented Jan 21, 2023

./HACKING/launch_env.sh
Error: unable to find network with name or ID proxstar: network not found

@urobasa
Copy link
Author

urobasa commented Jan 21, 2023

After create network - podman network create proxstar
and run ./HACKING/launch_env.sh
FileNotFoundError: [Errno 2] No such file or directory: '/opt/app-root/bin/websockify'

@urobasa
Copy link
Author

urobasa commented Jan 24, 2023

@WillNilges
./HACKING/launch_env.sh

  • podman run --rm -d --network=proxstar --name=proxstar-redis redis:alpine
    33c4783919c387b6d394a5a2aa90b0211d79ecd4430f959cee7a35a81e817355
  • podman run --rm -d --network=proxstar --name=proxstar-postgres -e POSTGRES_PASSWORD=changeme -v ./HACKING/proxstar-postgres/volume:/var/lib/postgresql/data:Z proxstar-postgres
    78755156ab1c600b448d9a22813866612ce2b998ba9308e1645b4cb7c74779a4
  • podman run --rm -d --network=proxstar --name=proxstar-rq-scheduler --env-file=HACKING/.env --entrypoint ./start_scheduler.sh proxstar
    1fd19edd79f6ba5878d3e2dc1801495d6ed56bd603168aa45dedb17e7df79379
  • podman run --rm -d --network=proxstar --name=proxstar-rq --env-file=HACKING/.env --entrypoint ./start_worker.sh proxstar
    86b386b86a24a57215602319f4d7d4678a961a1b5e69d44b361aaa6708dd07f9
  • podman run --rm -it --network=proxstar --name=proxstar -p 8000:8000 -p 8001:8001 --env-file=HACKING/.env '--entrypoint=["gunicorn", "proxstar:app", "--bind=0.0.0.0:8000"]' proxstar
    [2023-01-24 20:05:59 +0000] [1] [INFO] Starting gunicorn 20.0.4
    Booting Websockify server in daemon mode...
    Websockify is stopped. Starting websockify.
    Traceback (most recent call last):
    File "/usr/local/bin/gunicorn", line 8, in
    sys.exit(run())
    File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 58, in run
    WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
    File "/usr/local/lib/python3.8/site-packages/gunicorn/app/base.py", line 228, in run
    super().run()
    File "/usr/local/lib/python3.8/site-packages/gunicorn/app/base.py", line 72, in run
    Arbiter(self).run()
    File "/usr/local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 198, in run
    self.start()
    File "/usr/local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 138, in start
    self.cfg.on_starting(self)
    File "/opt/proxstar/gunicorn.conf.py", line 39, in on_starting
    start_websockify(app.config['WEBSOCKIFY_PATH'], app.config['WEBSOCKIFY_TARGET_FILE'])
    File "/opt/proxstar/gunicorn.conf.py", line 21, in start_websockify
    subprocess.call(
    File "/usr/local/lib/python3.8/subprocess.py", line 340, in call
    with Popen(*popenargs, **kwargs) as p:
    File "/usr/local/lib/python3.8/subprocess.py", line 858, in init
    self._execute_child(args, executable, preexec_fn, close_fds,
    File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
    FileNotFoundError: [Errno 2] No such file or directory: '/opt/app-root/bin/websockify'

@WillNilges
Copy link
Member

Hey, sorry about the delay, currently having health isssues.

  1. Oops, guess .env.sample got renamed. Lives here now.
  2. Pretty sure we use https://docker.io for all our container needs. But it really shouldn't matter.
  3. Looks like I forgot to add the network creation command. Run this: podman network create proxstar
  4. That looks like an issue with the container you built. Kinda weird, that one. Can't think of a oneliner to fix it.
  5. See #4. Probably an issue with where websockify resides in your container. Can you get a shell in there and see if which websockify resolves?

@urobasa
Copy link
Author

urobasa commented Jan 24, 2023

Containers creates a script ./HACKING/launch_env.sh in your repo
command in this file ->
podman run --rm -it --network=proxstar --name=proxstar -p 8000:8000 -p 8001:8001 --env-file=HACKING/.env '--entrypoint=["gunicorn", "proxstar:app", "--bind=0.0.0.0:8000"]' proxstar

Since an error occurs during the creation of the container by the script, the last container in the script is not created, so I cannot enter it, it was not created due to an error

@urobasa
Copy link
Author

urobasa commented Jan 24, 2023

I wish you get well

@WillNilges
Copy link
Member

Thanks :)

You should still be able to launch the container manually with a different entrypoint, and poke around.

@urobasa
Copy link
Author

urobasa commented Feb 7, 2023

It is available to house members at proxstar.csh.rit.edu behind PYOIDC authentication.
is this a prerequisite?
is my local ldap not enough?

@WillNilges
Copy link
Member

Yes, we host our service behind keycloak, but all of that should be configurable, so you can use your own instance. You just have to point it there. You're gonna need to change the fields in the .env file under # OIDC and # LDAP accordingly.

@urobasa
Copy link
Author

urobasa commented Feb 14, 2023

your env contains ldap user and password and required for run web interface
but there is no variable for ldap server.
Is it in your hardcode?

@WillNilges
Copy link
Member

The PROXSTAR_LDAP_BIND_DN variable should consist of a URI (not just a username) that has all the information that proxstar needs (sans the password)

It'll look something like this:

krbprincipalname=proxstar/[email protected],cn=services,cn=accounts,dc=example,dc=com

@urobasa
Copy link
Author

urobasa commented Jun 15, 2023
edited
Loading

after start keycloak i get error

  1. keycloak authorize success
  2. proxstar -
    oic.utils.keyio.UpdateFailed: {"error": "service_error", "error_description": "Remote key update from 'https://keycloak2.xxx:8443/realms/xxx/protocol/openid-connect/certs' failed, HTTP status HTTPSConnectionPool(host='keycloak2.xxx', port=8443): Max retries exceeded with url: /realms/xxx/protocol/openid-connect/certs (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))"}

main local CA installed to container proxstar
on keycloak installed cert from this CA
why this cert is not valid?

@WillNilges
Copy link
Member

Hmm... I can't think of anything off the top of my head. Have you configured all of your OIDC environment variables (check config.py for a complete list)? We use flask_pyoidc for authentication. Maybe try checking in those communities?

To be clear, is this an error log from Proxstar? Do you have a more complete backtrace?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@urobasa @WillNilges