Scripting installation

mllovera · October 4, 2019, 6:46pm

Hi team,
I’m using AWS EC2 instances (Ubuntu) and when I install privacyIDEA manually it works ok, but when I try to install it via CloudFormation with UserData, it fail, do you have an example to install PrivacyIdea without human interaction?

Regards
Max Llovera

cornelinux · October 4, 2019, 8:10pm

No.
You should provide more information. “it fails” is bit sparse.

Without user interaction you can use a script:

#!/bin/bash
apt update
apt install privacyidea-apache2

mllovera · October 9, 2019, 2:43pm

Hi Cornelinux,
I was able to install PrivacyIDEA with the scripts only, my issue was I was using an old version of AMI, I needed to updated it to current version Ubuntu 18.04 LTS, ami-04b9e92b5572fa0d1,
Thanks for your quick response.

Regards

mllovera · October 9, 2019, 3:16pm

I’m trying to use OTP and I configured the Realms, resolvers but when I tried to validate from a centos box the OTP is not working.
I’m reviewing the logs and I’m seeing errors like below:

{"jsonrpc": "2.0", "signature": "rsa_sha256_pss:--hiden--", "detail": null, "version": "privacyIDEA 3.1.1", "result": {"status": false, "error": {"message": "(_mysql_exceptions.OperationalError) (1054, \"Unknown column 'pidea_audit.policies' in 'field list'\")\n[SQL: SELECT count(*) AS count_1 \nFROM (SELECT pidea_audit.id AS pidea_audit_id, pidea_audit.date AS pidea_audit_date, pidea_audit.signature AS pidea_audit_signature, pidea_audit.action AS pidea_audit_action, pidea_audit.success AS pidea_audit_success, pidea_audit.serial AS pidea_audit_serial, pidea_audit.token_type AS pidea_audit_token_type, pidea_audit.user AS pidea_audit_user, pidea_audit.realm AS pidea_audit_realm, pidea_audit.resolver AS pidea_audit_resolver, pidea_audit.administrator AS pidea_audit_administrator, pidea_audit.action_detail AS pidea_audit_action_detail, pidea_audit.info AS pidea_audit_info, pidea_audit.privacyidea_server AS pidea_audit_privacyidea_server, pidea_audit.client AS pidea_audit_client, pidea_audit.loglevel AS pidea_audit_loglevel, pidea_audit.clearance_level AS pidea_audit_clearance_level, pidea_audit.policies AS pidea_audit_policies \nFROM pidea_audit \nWHERE pidea_audit.action LIKE %s AND pidea_audit.realm = %s AND pidea_audit.user = %s AND pidea_audit.success = false AND pidea_audit.date >= %s) AS anon_1]\n[parameters: ('%/validate/check', 'defrealm', 'max.llovera', datetime.datetime(2019, 10, 9, 15, 3, 40, 431672))]\n(Background on this error at: http://sqlalche.me/e/e3q8)", "code": -500}}, "time": 1570633720.547045, "id": 1}

To configure privacyIDEA and Radius I used below scripts:
# Configure privacyIDEA
wget https://lancelot.netknights.it/NetKnights-Release.asc
gpg --dry-run --import --with-fingerprint NetKnights-Release.asc
apt-key add NetKnights-Release.asc
add-apt-repository http://lancelot.netknights.it/community/bionic/stable
apt update -y
apt install privacyidea-apache2 -y
apt-get install privacyidea-radius -y
sed -i “/^SQLALCHEMY_DATABASE_URI/c\SQLALCHEMY_DATABASE_URI = “$DB_URI”” /etc/privacyidea/pi.cfg
pi-manage createdb
pi-manage create_enckey
pi-manage create_audit_keys
Do I need to run an extra command or script for this version? because when I did the firs login I needed to add a new column too:
ALTER TABLE smtpserver ADD COLUMN enqueue_job TINYINT NOT NULL DEFAULT 0 AFTER timeout;

cornelinux · October 11, 2019, 3:58pm

You must not do this. This could cause problems
The deb package already takes care of this.