Hi,
I’m trying to get PI running to replace LinOTP2, because it seems like a more actively maintained project with a more active community ( 
) … but I’m falling at the first hurdle on Debian 10. It’s worth noting there’s an Ansible-based server management script that makes python3 the default (mostly so Ansible itself and a bunch of AWS-related plugins can work properly). With that in mind, I’ll just list what I’ve done so far:
AS ROOT
apt-get install python3-virtualenv virtualenv
useradd -m privacyidea
AS privacyidea USER
mkdir /home/privacyidea/privacyidea
cd /home/privacyidea/privacyidea
virtualenv -p python3.7 venv # see https://github.com/privacyidea/privacyidea#readme
source venv/bin/activate
pip3 install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v3.6/requirements.txt --ignore-installed
pip3 install privacyidea==3.6
Then I do the database set-up manually, I’m using a MariaDB RDS instance at AWS. Then…
AS ROOT
mkdir /etc/privacyidea
vim /etc/privacyidea/pi.cfg
# seeded from https://privacyidea.readthedocs.io/en/latest/installation/system/inifile.html#cfgfile
# but replace:
# PI_ENCFILE = '/home/privacyidea/enckey'
# PI_AUDIT_KEY_PRIVATE = '/home/privacyidea/privacyidea/private.pem'
# PI_AUDIT_KEY_PUBLIC = '/home/privacyidea/privacyidea/public.pem'
PEPPER="$(tr -dc A-Za-z0-9_ </dev/urandom | head -c24)"
echo "PI_PEPPER = '$PEPPER'" >> /etc/privacyidea/pi.cfg
SECRET="$(tr -dc A-Za-z0-9_ </dev/urandom | head -c24)"
echo "SECRET_KEY = '$SECRET'" >> /etc/privacyidea/pi.cfg
AS privacyidea USER
pi-manage create_enckey
pi-manage create_audit_keys
pi-manage createdb
pi-manage admin add admin
pi-manage runserver
And PI starts and runs on port 5000. If I set up an SSH bridge to http://localhost:8080 I can use it and everything works. Yay!
So…
AS ROOT
apt-get install apache2 libapache2-mod-wsgi
a2enmod ssl
a2enmod wsgi
Then I put the model vhost in the repo in place:
Only thing noteworthy is I change the path to the .wsgi file so it points to the one in the virtual env, but I don’t suppose that matters - the content looks fine.
Now if I just start Apache like that I get ImportError: No module named privacyidea.app. I figured some libraries are missing, so I used the pi-manage shell command to show PYTHONPATH when it’s running via Flask, and I added the output from that to the daemon line, like this:
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea \
python-path=/home/privacyidea/privacyidea/venv/bin:/home/privacyidea/privacyidea/venv/lib/python37.zip:/home/privacyidea/privacyidea/venv/lib/python3.7:/home/privacyidea/privacyidea/venv/lib/python3.7/lib-dynload:/usr/lib/python3.7:/home/privacyidea/privacyidea/venv/lib/python3.7/site-packages
And what I’m getting in the Apache error log is this:
mod_wsgi (pid=29593): Failed to exec Python script file '/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi'.
mod_wsgi (pid=29593): Exception occurred processing WSGI script '/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi'.
Traceback (most recent call last):
File "/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi", line 4, in <module>
from privacyidea.app import create_app
File "/home/privacyidea/privacyidea/venv/lib/python3.7/site-packages/privacyidea/app.py", line 25, in <module>
import logging.config
File "/usr/lib/python3.7/logging/config.py", line 517
'%r' % name) from e
^
SyntaxError: invalid syntax
I have no idea where to go from here, it works fine with Flask, I’ve passed WSGI all the same Python paths, I can’t see anything wrong with perms or config, and anyway… it works with Flask … but it will not start with WSGI! Any clues? 
Thanks in advance!
! It works!