PI installs and works with flask but won't run with WSGI


I’m trying to get PI running to replace LinOTP2, because it seems like a more actively maintained project with a more active community ( :wave: ) … but I’m falling at the first hurdle on Debian 10. It’s worth noting there’s an Ansible-based server management script that makes python3 the default (mostly so Ansible itself and a bunch of AWS-related plugins can work properly). With that in mind, I’ll just list what I’ve done so far:


apt-get install python3-virtualenv virtualenv
useradd -m privacyidea

AS privacyidea USER

mkdir /home/privacyidea/privacyidea
cd /home/privacyidea/privacyidea
virtualenv -p python3.7 venv # see https://github.com/privacyidea/privacyidea#readme
source venv/bin/activate
pip3 install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v3.6/requirements.txt --ignore-installed
pip3 install privacyidea==3.6

Then I do the database set-up manually, I’m using a MariaDB RDS instance at AWS. Then…


mkdir /etc/privacyidea
vim /etc/privacyidea/pi.cfg
# seeded from https://privacyidea.readthedocs.io/en/latest/installation/system/inifile.html#cfgfile
# but replace:
# PI_ENCFILE = '/home/privacyidea/enckey'
# PI_AUDIT_KEY_PRIVATE = '/home/privacyidea/privacyidea/private.pem'
# PI_AUDIT_KEY_PUBLIC = '/home/privacyidea/privacyidea/public.pem'
PEPPER="$(tr -dc A-Za-z0-9_ </dev/urandom | head -c24)"
echo "PI_PEPPER = '$PEPPER'" >> /etc/privacyidea/pi.cfg
SECRET="$(tr -dc A-Za-z0-9_ </dev/urandom | head -c24)"
echo "SECRET_KEY = '$SECRET'" >> /etc/privacyidea/pi.cfg

AS privacyidea USER

pi-manage create_enckey
pi-manage create_audit_keys
pi-manage createdb
pi-manage admin add admin
pi-manage runserver

And PI starts and runs on port 5000. If I set up an SSH bridge to http://localhost:8080 I can use it and everything works. Yay!



apt-get install apache2 libapache2-mod-wsgi
a2enmod ssl
a2enmod wsgi

Then I put the model vhost in the repo in place:

Only thing noteworthy is I change the path to the .wsgi file so it points to the one in the virtual env, but I don’t suppose that matters - the content looks fine.

Now if I just start Apache like that I get ImportError: No module named privacyidea.app. I figured some libraries are missing, so I used the pi-manage shell command to show PYTHONPATH when it’s running via Flask, and I added the output from that to the daemon line, like this:

        WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea \

And what I’m getting in the Apache error log is this:

mod_wsgi (pid=29593): Failed to exec Python script file '/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi'.
mod_wsgi (pid=29593): Exception occurred processing WSGI script '/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi'.
Traceback (most recent call last):
   File "/home/privacyidea/privacyidea/venv/etc/privacyidea/privacyideaapp.wsgi", line 4, in <module>
     from privacyidea.app import create_app
   File "/home/privacyidea/privacyidea/venv/lib/python3.7/site-packages/privacyidea/app.py", line 25, in <module>
     import logging.config
   File "/usr/lib/python3.7/logging/config.py", line 517
     '%r' % name) from e
 SyntaxError: invalid syntax

I have no idea where to go from here, it works fine with Flask, I’ve passed WSGI all the same Python paths, I can’t see anything wrong with perms or config, and anyway… it works with Flask … but it will not start with WSGI! Any clues? :weary:

Thanks in advance!

You need libapache2-mod-wsgi-py3 if you install into a python3 virtualenv.
The apache module you installed is intended for python2.

By the way: Good decision to move from this other software to privacyIDEA! :wink:
You probably might have spotted the migration script in the github repo, which transfers the enrolled tokens.

You are a :star: ! It works!
And thanks, I did see the migration script already. :wink:

1 Like