2.2 to 2.3 upgrade failure

Question
1

This is what I get when trying to upgrade on Ubuntu 14 per the upgrade
instructions at
http://privacyidea.readthedocs.org/en/v2.3/installation/upgrade.html#stopping-your-server

Ultimately what happens is I get wrong otp pin in the web gui and the
system no longer authenticates to the remote servers.
The log file is empty.

root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File “/usr/bin/pi-manage.py”, line 401, in
manager.run()
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”, line
405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”, line
384, in handle
return handle(app, *positional_args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_script/commands.py”, line
145, in handle
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”, line
88, in stamp
config = _get_config(directory)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”, line
37, in _get_config
config.set_main_option(‘script_location’, directory)
File “/usr/lib/python2.7/dist-packages/alembic/config.py”, line 142, in
set_main_option
self.file_config.set(self.config_ini_section, name, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 753, in set
ConfigParser.set(self, section, option, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'alembic’
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File “/usr/bin/pi-manage.py”, line 401, in
manager.run()
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”, line
405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”, line
384, in handle
return handle(app, *positional_args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_script/commands.py”, line
145, in handle
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”, line
88, in stamp
config = _get_config(directory)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”, line
37, in _get_config
config.set_main_option(‘script_location’, directory)
File “/usr/lib/python2.7/dist-packages/alembic/config.py”, line 142, in
set_main_option
self.file_config.set(self.config_ini_section, name, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 753, in set
ConfigParser.set(self, section, option, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: ‘alembic’

root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db upgrade -d
/usr/lib/privacyidea/migrations
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
INFO [alembic.migration] Context impl MySQLImpl.
INFO [alembic.migration] Will assume non-transactional DDL.
INFO [alembic.migration] Running upgrade 2181294eed0b -> e5cbeb7c177, Add
column ‘priority’ to table ‘resolverealm’

Thanks,

Todd

2

Hi Todd,

I am sorry for this inconvenience.
When using the ubuntu packages you do not need to run this manually as
it is run in the post install script.

Anyway, when stamping you also need to specify the directory, where the
migration scripts are located. I will adapt the documentation
immediately.

pi-manage.py db stamp 4f32a4e1bf33 -d /usr/lib/privacyidea/migrations
pi-manage.py db upgrade -d /usr/lib/privacyidea/migrations

Kind regards
CorneliusAm Dienstag, den 26.05.2015, 13:06 -0700 schrieb Todd F:

This is what I get when trying to upgrade on Ubuntu 14 per the upgrade
instructions at
2.4. Upgrading — privacyIDEA 2.3 documentation

Ultimately what happens is I get wrong otp pin in the web gui and the
system no longer authenticates to the remote servers.
The log file is empty.

root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp
4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the
file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File “/usr/bin/pi-manage.py”, line 401, in
manager.run()
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”,
line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”,
line 384, in handle
return handle(app, *positional_args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_script/commands.py”,
line 145, in handle
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”,
line 88, in stamp
config = _get_config(directory)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”,
line 37, in _get_config
config.set_main_option(‘script_location’, directory)
File “/usr/lib/python2.7/dist-packages/alembic/config.py”, line 142,
in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 753, in set
ConfigParser.set(self, section, option, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: ‘alembic’
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp
4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the
file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File “/usr/bin/pi-manage.py”, line 401, in
manager.run()
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”,
line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File “/usr/lib/python2.7/dist-packages/flask_script/init.py”,
line 384, in handle
return handle(app, *positional_args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_script/commands.py”,
line 145, in handle
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”,
line 88, in stamp
config = _get_config(directory)
File “/usr/lib/python2.7/dist-packages/flask_migrate/init.py”,
line 37, in _get_config
config.set_main_option(‘script_location’, directory)
File “/usr/lib/python2.7/dist-packages/alembic/config.py”, line 142,
in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 753, in set
ConfigParser.set(self, section, option, value)
File “/usr/lib/python2.7/ConfigParser.py”, line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: ‘alembic’

root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db upgrade
-d /usr/lib/privacyidea/migrations
The configuration name is: production
Additional configuration can be read from the
file /etc/privacyidea/pi.cfg
INFO [alembic.migration] Context impl MySQLImpl.
INFO [alembic.migration] Will assume non-transactional DDL.
INFO [alembic.migration] Running upgrade 2181294eed0b → e5cbeb7c177,
Add column ‘priority’ to table ‘resolverealm’

Thanks,

Todd


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3a16b1b3-051b-4d5f-bc00-441d5adaace6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

3

Hi Todd,

in your pi.cfg you propably have a line

SUPERUSER_REALM = super

This line defines realms, where those users can log in with
administrative rights.

This line should be

SUPERUSER_REALM = [‘adminRealm1’, ‘adminRealm2’]

or whatever realms you want to use as admin realms.
If none:

SUPERUSER_REALM =

Kind regards
CorneliusAm Mittwoch, den 27.05.2015, 18:45 -0700 schrieb Todd F:

Well, I had to install form scratch to get the wrong otp pin problem
solved, but now I can see all of my AD users and it tests fine in a
ldap_users realm.
But I can’t logon to the gui as an ldap user. Here is what is in the
privacyidea.log.

[2015-05-27
18:27:46,415][6378][140193862629120][WARNING][privacyidea.lib.resolver:124] the passed key u’filename’ is not a paramet$
[2015-05-27
18:28:24,379][6378][140193929770752][WARNING][privacyidea.lib.utils:170] the passed key u’fileName’ is not a parameter $
[2015-05-27
18:35:28,474][1056][140690891945728][ERROR][privacyidea.app:1423]
Exception on /auth [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”,
line 191, in get_auth_token
superuser_realms=superuser_realms)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 237, in login_mode
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py”,
line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type ‘type’ is not iterable
[2015-05-27
18:35:39,767][1056][140690791233280][ERROR][privacyidea.app:1423]
Exception on /auth [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py”,
line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”,
line 191, in get_auth_token
superuser_realms=superuser_realms)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py”, line 237, in login_mode
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py”,
line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type ‘type’ is not iterable

Thanks,

Todd


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/c53b51c7-25db-4b1d-90af-ade20468402a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

4

Well, I had to install form scratch to get the wrong otp pin problem
solved, but now I can see all of my AD users and it tests fine in a
ldap_users realm.
But I can’t logon to the gui as an ldap user. Here is what is in the
privacyidea.log.

[2015-05-27
18:27:46,415][6378][140193862629120][WARNING][privacyidea.lib.resolver:124]
the passed key u’filename’ is not a paramet$
[2015-05-27
18:28:24,379][6378][140193929770752][WARNING][privacyidea.lib.utils:170]
the passed key u’fileName’ is not a parameter $
[2015-05-27
18:35:28,474][1056][140690891945728][ERROR][privacyidea.app:1423] Exception
on /auth [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
191, in get_auth_token
superuser_realms=superuser_realms)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 237, in login_mode
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py”, line
119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type ‘type’ is not iterable
[2015-05-27
18:35:39,767][1056][140690791233280][ERROR][privacyidea.app:1423] Exception
on /auth [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functionsrule.endpoint
File
"/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line
83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py”, line
191, in get_auth_token
superuser_realms=superuser_realms)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File
"/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py",
line 237, in login_mode
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py”, line
119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type ‘type’ is not iterable

Thanks,

Todd