Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

msg: cannot import name 'kinit_password' from 'ipapython.ipautil #1216

Open
Tas-sos opened this issue Mar 6, 2024 · 7 comments
Open

msg: cannot import name 'kinit_password' from 'ipapython.ipautil #1216

Tas-sos opened this issue Mar 6, 2024 · 7 comments

Comments

@Tas-sos
Copy link

Tas-sos commented Mar 6, 2024

  • Debian GNU/Linux 11.9 (bullseye)
  • ansible [core 2.15.9]
  • python version = 3.9.2
Python system libraries/modules/packages installed 
apt list --installed | grep python

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

hexchat-python3/oldstable,now 2.14.3-6+deb11u1 amd64 [installed]
libpython3-dev/oldstable,now 3.9.2-3 amd64 [installed]
libpython3-stdlib/oldstable,now 3.9.2-3 amd64 [installed,automatic]
libpython3.9-dev/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9-minimal/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9-stdlib/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python-apt-common/oldstable,now 2.2.1 all [installed,automatic]
python-pip-whl/oldstable,now 20.3.4-4+deb11u1 all [installed,automatic]
python3-aiohttp/oldstable,now 3.7.4-1 amd64 [installed,automatic]
python3-appdirs/oldstable,now 1.4.4-1 all [installed,automatic]
python3-apt/oldstable,now 2.2.1 amd64 [installed,automatic]
python3-argcomplete/oldstable,now 1.8.1-1.5 all [installed,automatic]
python3-async-timeout/oldstable,now 3.0.1-1.1 all [installed,automatic]
python3-attr/oldstable,now 20.3.0-1 all [installed,automatic]
python3-autopep8/oldstable,now 1.5.5-1 all [installed]
python3-brlapi/oldstable,now 6.3+dfsg-1+deb11u1 amd64 [installed,automatic]
python3-bs4/oldstable,now 4.9.3-1 all [installed,automatic]
python3-cairo/oldstable,now 1.16.2-4+b2 amd64 [installed,automatic]
python3-certifi/oldstable,now 2020.6.20-1 all [installed,automatic]
python3-cffi-backend/oldstable,now 1.14.5-1 amd64 [installed,automatic]
python3-chardet/oldstable,now 4.0.0-1 all [installed,automatic]
python3-click/oldstable,now 7.1.2-1 all [installed,automatic]
python3-colorama/oldstable,now 0.4.4-1 all [installed,automatic]
python3-configobj/oldstable,now 5.0.6-4 all [installed,automatic]
python3-cryptography/oldstable,now 3.3.2-1 amd64 [installed,automatic]
python3-cups/oldstable,now 2.0.1-4+b1 amd64 [installed,automatic]
python3-cupshelpers/oldstable,now 1.5.14-1 all [installed,automatic]
python3-dbus/oldstable,now 1.2.16-5 amd64 [installed,automatic]
python3-debconf/oldstable,now 1.5.77 all [installed,automatic]
python3-debian/oldstable,now 0.1.39 all [installed,automatic]
python3-debianbts/oldstable,now 3.1.0 all [installed,automatic]
python3-decorator/oldstable,now 4.4.2-2 all [installed,automatic]
python3-dev/oldstable,now 3.9.2-3 amd64 [installed,automatic]
python3-distro-info/oldstable,now 1.0+deb11u1 all [installed,automatic]
python3-distro/oldstable,now 1.5.0-1 all [installed,automatic]
python3-distutils/oldstable,now 3.9.2-1 all [installed,automatic]
python3-dns/oldstable,now 3.2.1-1 all [installed]
python3-firewall/oldstable,now 0.9.3-2 all [installed,automatic]
python3-gi-cairo/oldstable,now 3.38.0-2 amd64 [installed,automatic]
python3-gi/oldstable,now 3.38.0-2 amd64 [installed,automatic]
python3-gnucash/oldstable,now 1:4.4-1 amd64 [installed,automatic]
python3-gpg/oldstable,now 1.14.0-1+b2 amd64 [installed,automatic]
python3-html5lib/oldstable,now 1.1-3 all [installed,automatic]
python3-httplib2/oldstable,now 0.18.1-3 all [installed,automatic]
python3-ibus-1.0/oldstable,now 1.5.23-2 all [installed,automatic]
python3-idna/oldstable,now 2.10-1 all [installed,automatic]
python3-jedi/oldstable,now 0.18.0-1 all [installed]
python3-ldap/oldstable,now 3.2.0-4+b3 amd64 [installed]
python3-ldb/oldstable,oldstable-security,now 2:2.2.3-2~deb11u2 amd64 [installed,automatic]
python3-lib2to3/oldstable,now 3.9.2-1 all [installed,automatic]
python3-libvirt/oldstable,now 7.0.0-2 amd64 [installed,automatic]
python3-libxml2/oldstable,oldstable-security,now 2.9.10+dfsg-6.7+deb11u4 amd64 [installed,automatic]
python3-louis/oldstable,now 3.16.0-1 all [installed,automatic]
python3-lxml/oldstable,oldstable-security,now 4.6.3+dfsg-0.1+deb11u1 amd64 [installed,automatic]
python3-magic/oldstable,now 2:0.4.20-3 all [installed,automatic]
python3-mako/oldstable,now 1.1.3+ds1-2 all [installed,automatic]
python3-markupsafe/oldstable,now 1.1.1-1+b3 amd64 [installed,automatic]
python3-minimal/oldstable,now 3.9.2-3 amd64 [installed,automatic]
python3-multidict/oldstable,now 5.1.0-1 amd64 [installed,automatic]
python3-mypy-extensions/oldstable,now 0.4.3-2 all [installed,automatic]
python3-nautilus/oldstable,now 1.2.3-3+b1 amd64 [installed,automatic]
python3-nftables/oldstable,now 0.9.8-3.1+deb11u2 amd64 [installed,automatic]
python3-olefile/oldstable,now 0.46-3 all [installed,automatic]
python3-parso/oldstable,now 0.8.1-1 all [installed,automatic]
python3-pathspec/oldstable,now 0.8.1-1 all [installed,automatic]
python3-pep8/oldstable,now 1.7.1-9 all [installed,automatic]
python3-pil/oldstable,oldstable-security,now 8.1.2+dfsg-0.3+deb11u1 amd64 [installed,automatic]
python3-pip/oldstable,now 20.3.4-4+deb11u1 all [installed]
python3-pkg-resources/oldstable,now 52.0.0-4 all [installed,automatic]
python3-psutil/oldstable,now 5.8.0-1 amd64 [installed,automatic]
python3-pyasn1-modules/oldstable,now 0.2.1-1 all [installed,automatic]
python3-pyasn1/oldstable,now 0.4.8-1 all [installed,automatic]
python3-pyatspi/oldstable,now 2.38.1-1 all [installed,automatic]
python3-pycodestyle/oldstable,now 2.6.0-1 all [installed,automatic]
python3-pycurl/oldstable,now 7.43.0.6-5 amd64 [installed,automatic]
python3-pyfavicon/oldstable,now 0.1.1+dfsg1-3 all [installed,automatic]
python3-pygments/oldstable,now 2.7.1+dfsg-2.1 all [installed,automatic]
python3-pyinotify/oldstable,now 0.9.6-1.3 all [installed,automatic]
python3-pyotp/oldstable,now 2.3.0-1 all [installed,automatic]
python3-pysimplesoap/oldstable,now 1.16.2-3 all [installed,automatic]
python3-pyxattr/oldstable,now 0.7.2-1+b1 amd64 [installed,automatic]
python3-pyzbar/oldstable,now 0.1.8-2 all [installed,automatic]
python3-regex/oldstable,now 0.1.20201113-1 amd64 [installed,automatic]
python3-reportbug/oldstable,now 7.10.3+deb11u1 all [installed]
python3-requests/oldstable,now 2.25.1+dfsg-2 all [installed,automatic]
python3-selinux/oldstable,now 3.1-3 amd64 [installed,automatic]
python3-setuptools/oldstable,now 52.0.0-4 all [installed,automatic]
python3-six/oldstable,now 1.16.0-2 all [installed,automatic]
python3-slip-dbus/oldstable,now 0.6.5-2 all [installed,automatic]
python3-slip/oldstable,now 0.6.5-2 all [installed,automatic]
python3-smbc/oldstable,now 1.0.23-1+b1 amd64 [installed,automatic]
python3-software-properties/oldstable,now 0.96.20.2-2.1 all [installed,automatic]
python3-soupsieve/oldstable,now 2.2.1-1 all [installed,automatic]
python3-speechd/oldstable,now 0.10.2-2+deb11u2 all [installed,automatic]
python3-sqlparse/oldstable,now 0.4.1-1 all [installed,automatic]
python3-systemd/oldstable,now 234-3+b4 amd64 [installed,automatic]
python3-tabulate/oldstable,now 0.8.7-0.1 all [installed,automatic]
python3-talloc/oldstable,now 2.3.1-2+b1 amd64 [installed,automatic]
python3-toml/oldstable,now 0.10.1-1 all [installed,automatic]
python3-typed-ast/oldstable,now 1.4.2-1 amd64 [installed,automatic]
python3-typing-extensions/oldstable,now 3.7.4.3-1 all [installed,automatic]
python3-unidiff/oldstable,now 0.5.5-2 all [installed,automatic]
python3-uno/oldstable,oldstable-security,now 1:7.0.4-4+deb11u8 amd64 [installed,automatic]
python3-urllib3/oldstable,now 1.26.5-1~exp1 all [installed,automatic]
python3-venv/oldstable,now 3.9.2-3 amd64 [installed]
python3-webencodings/oldstable,now 0.5.1-2 all [installed,automatic]
python3-wheel/oldstable,now 0.34.2-1 all [installed,automatic]
python3-xdg/oldstable,now 0.27-2 all [installed,automatic]
python3-yaml/oldstable,now 5.3.1-5 amd64 [installed,automatic]
python3-yapf/oldstable,now 0.30.0-1 all [installed]
python3-yarl/oldstable,now 1.6.3-2 amd64 [installed,automatic]
python3-yoyo/oldstable,now 7.3.1+dfsg1-1 all [installed,automatic]
python3.9-dev/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9-minimal/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9-venv/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3/oldstable,now 3.9.2-3 amd64 [installed,automatic]
Python required modules ( requirements.txt ) 
ansible-core==2.15.9

# Collections Requirements
# freeipa.ansible_freeipa.ipaservice
netaddr==1.2.1
gssapi==1.8.3
ipalib==4.10.2
Ansible required collections ( requirements.yml ) 
---

collections:
  - name: ansible.posix
    version: 1.5.4

  - name: community.general
    version: '>=7.4.0,<7.5.0'

  - name: freeipa.ansible_freeipa
    version: '>=1.11.1,<1.12.0'

Output

failed: [testvm.example.com -> localhost] 
(item=
    {'path': '/etc/httpd/conf/httpd.keytab',
     'principal': 'HTTP/[email protected]',
     'aliases': ['HTTP/[email protected]'], 
     'owner': 48, 
     'group': 48, 
     'mode': '0400'})
 => changed=false 
  ansible_loop_var: item
  invocation:
    module_args:
      action: service
      allow_create_keytab_group: null
      allow_create_keytab_host: null
      allow_create_keytab_hostgroup: null
      allow_create_keytab_user: null
      allow_retrieve_keytab_group: null
      allow_retrieve_keytab_host: null
      allow_retrieve_keytab_hostgroup: null
      allow_retrieve_keytab_user: null
      auth_ind: null
      certificate: null
      delete_continue: null
      force: null
      host: null
      ipaadmin_password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      ipaadmin_principal: ipaadmin-username
      ipaapi_context: null
      ipaapi_ldap_cache: true
      name:
      - HTTP/[email protected]
      netbiosname: null
      ok_as_delegate: null
      ok_to_auth_as_delegate: null
      pac_type: null
      principal:
      - HTTP/[email protected]
      requires_pre_auth: null
      services: null
      skip_host_check: null
      smb: null
      state: present
  item:
    aliases:
    - HTTP/[email protected]
    group: 48
    mode: '0400'
    owner: 48
    path: /etc/httpd/conf/httpd.keytab
    principal: HTTP/[email protected]
  msg: cannot import name 'kinit_password' from 'ipapython.ipautil' (/home/username/.python-env/ipa-python-venv/lib/python3.9/site-packages/ipapython/ipautil.py)

I cannot understand why I have this error.

cannot import name 'kinit_password' from 'ipapython.ipautil'

I have this error with the following versions:

  • freeipa.ansible_freeipa 1.11.1
  • freeipa.ansible_freeipa 1.12.1 ( latest)

Any advice/help/idea ?
@Tas-sos
Copy link
Author

Tas-sos commented Mar 6, 2024

In my attempt to solve this, I have also installed the following python 3 modules.

pip freeze 
ipa==4.10.2
ipaclient==4.10.2
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2
python-freeipa==1.0.8

ansible-core==2.15.9
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
cryptography==42.0.5
decorator==5.1.1
dnspython==2.6.1
gssapi==1.8.3
idna==3.6
importlib-resources==5.0.7
Jinja2==3.1.3
MarkupSafe==2.1.5
netaddr==1.2.1
packaging==23.2
pkg_resources==0.0.0
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
pypng==0.20220715.0
PyYAML==6.0.1
qrcode==7.4.2
requests==2.31.0
resolvelib==1.0.1
six==1.16.0
typing_extensions==4.10.0
urllib3==2.2.1

@Tas-sos
Copy link
Author

Tas-sos commented Mar 6, 2024
edited
Loading

  • Red Hat Enterprise Linux release 9.1 (Plow)
  • Python 3.9.18
System python related packages 
dnf install python3 python3-devel krb5-workstation krb5-libs krb5-devel gcc -y
dnf list installed | grep python

libcap-ng-python3.x86_64                      0.8.2-7.el9        
policycoreutils-python-utils.noarch           3.5-2.el9          
python-unversioned-command.noarch             3.9.18-1.el9_3.1   
python3.x86_64                                3.9.18-1.el9_3.1   
python3-attrs.noarch                          20.3.0-7.el9       
python3-audit.x86_64                          3.0.7-103.el9      
python3-babel.noarch                          2.9.1-2.el9        
python3-chardet.noarch                        4.0.0-5.el9        
python3-cloud-what.x86_64                     1.29.30-1.el9      
python3-configobj.noarch                      5.0.6-25.el9       
python3-dasbus.noarch                         1.4-5.el9          
python3-dateutil.noarch                       1:2.8.1-6.el9      
python3-dbus.x86_64                           1.2.18-2.el9       
python3-decorator.noarch                      4.4.2-6.el9        
python3-devel.x86_64                          3.9.18-1.el9_3.1   
python3-distro.noarch                         1.5.0-7.el9        
python3-dnf.noarch                            4.12.0-4.el9       
python3-dnf-plugin-versionlock.noarch         4.3.0-11.el9_3     
python3-dnf-plugins-core.noarch               4.3.0-11.el9_3     
python3-ethtool.x86_64                        0.15-2.el9         
python3-file-magic.noarch                     5.39-10.el9        
python3-firewall.noarch                       1.2.1-1.el9        
python3-gobject-base.x86_64                   3.40.1-6.el9       
python3-gobject-base-noarch.noarch            3.40.1-6.el9       
python3-gpg.x86_64                            1.15.1-6.el9       
python3-hawkey.x86_64                         0.67.0-3.el9       
python3-idna.noarch                           2.10-7.el9         
python3-iniparse.noarch                       0.4-45.el9         
python3-inotify.noarch                        0.9.6-25.el9       
python3-jinja2.noarch                         2.11.3-4.el9       
python3-jsonpatch.noarch                      1.21-16.el9        
python3-jsonpointer.noarch                    2.0-4.el9          
python3-jsonschema.noarch                     3.2.0-13.el9       
python3-ldap.x86_64                           3.4.3-2.el9        
python3-libcomps.x86_64                       0.1.18-1.el9       
python3-libdnf.x86_64                         0.67.0-3.el9       
python3-librepo.x86_64                        1.14.2-3.el9       
python3-libs.x86_64                           3.9.18-1.el9_3.1   
python3-libselinux.x86_64                     3.5-1.el9          
python3-libsemanage.x86_64                    3.5-2.el9          
python3-libxml2.x86_64                        2.9.13-2.el9       
python3-linux-procfs.noarch                   0.7.0-1.el9        
python3-markupsafe.x86_64                     1.1.1-12.el9       
python3-netifaces.x86_64                      0.10.6-15.el9      
python3-nftables.x86_64                       1:1.0.4-11.el9_3   
python3-oauthlib.noarch                       3.1.1-2.el9        
python3-perf.x86_64                           5.14.0-139.kpq0.el9
python3-pexpect.noarch                        4.8.0-7.el9        
python3-pip.noarch                            21.2.3-7.el9_3.1   
python3-pip-wheel.noarch                      21.2.3-6.el9       
python3-policycoreutils.noarch                3.5-2.el9          
python3-prettytable.noarch                    0.7.2-27.el9       
python3-psycopg2.x86_64                       2.8.6-6.el9        
python3-ptyprocess.noarch                     0.6.0-12.el9       
python3-pyasn1.noarch                         0.4.8-6.el9        
python3-pyasn1-modules.noarch                 0.4.8-6.el9        
python3-pyrsistent.x86_64                     0.17.3-8.el9       
python3-pyserial.noarch                       3.4-12.el9         
python3-pysocks.noarch                        1.7.1-12.el9       
python3-pytz.noarch                           2021.1-4.el9       
python3-pyudev.noarch                         0.22.0-6.el9       
python3-pyyaml.x86_64                         5.4.1-6.el9        
python3-requests.noarch                       2.25.1-6.el9       
python3-rpm.x86_64                            4.16.1.3-18.el9_1  
python3-setools.x86_64                        4.4.0-5.el9        
python3-setuptools.noarch                     53.0.0-10.el9      
python3-setuptools-wheel.noarch               53.0.0-10.el9      
python3-six.noarch                            1.15.0-9.el9       
python3-subscription-manager-rhsm.x86_64      1.29.30-1.el9      
python3-systemd.x86_64                        234-18.el9         
python3-urllib3.noarch                        1.26.5-3.el9
pip freeze
  • requirements.txt
ansible-core==2.15.9

# Collections Requirements
# freeipa.ansible_freeipa.ipaservice
netaddr==1.2.1
gssapi==1.8.3
ipalib==4.10.2
ansible-core==2.15.9
cffi==1.16.0
cryptography==42.0.5
decorator==5.1.1
dnspython==2.6.1
gssapi==1.8.3
importlib-resources==5.0.7
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2
Jinja2==3.1.3
MarkupSafe==2.1.5
netaddr==1.2.1
packaging==23.2
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
PyYAML==6.0.1
resolvelib==1.0.1
six==1.16.0

But again exactly the same:

msg: cannot import name 'kinit_password' from 'ipapython.ipautil'
pip install ipaclient 
pip freeze | grep ipa
ipaclient==4.10.2
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2

But, nothing changed.

@t-woerner
Copy link
Member

ansible-freeipa modules are supporting management nodes that are part of an IPA domain as a client or server. If the node is part of an IPA domain, all the needed packages and bindings are installed and the management modules are able to be used.
ansible-core and ansible-freeipa is only needed on the controller, it is not needed on the management nodes.

@t-woerner
Copy link
Member

The management node needs to deployed as a server/replica or client in an IPA domain.
Installing ipaclient with pip is not able to do this.

For information how to deploy a client, please have a look at https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaclient/README.md

@Tas-sos
Copy link
Author

Tas-sos commented Mar 6, 2024

So, the task below cannot be run on my laptop - which is not an IPA server/client ( at least client ) ?

---
- name: Create service
  delegate_to: localhost
  freeipa.ansible_freeipa.ipaservice:
    name: "{{ item.principal }}"
    principal: "{{ item.aliases | default(omit) }}"
    state: "present"
    ipaadmin_principal: "{{ ipa_host_enrollment_principal }}"
    ipaadmin_password: "{{ ipa_host_enrollment_password }}"
  loop: "{{ custom_keytabs }}"

As you mentioned above from the Ansible controller side you only need ansible-core & ansible-freeipa.
So I cannot run the above from my localhost, if my localhost/controller is not already deployed as a server/replica or client in an IPA domain.

Excuse me, I'm confused because I ran it locally and the error message doesn't help me enough.
Could we change the error message to give more information about what is going wrong?
For example, with some kind of condition checking whether "Ω" has already been done or not, print "χ message", otherwise "ψ message".

Thank you very much for your prompt reply above and for the really useful reference which is really helpful! 🙏

@t-woerner
Copy link
Member

Good point, please open a ticket to work on the error messages for missing IPA bindings.

@rjeffman
Copy link
Member

@Tas-sos no, you can't delegate the task to your localhost if it is not a server or a client in a FreeIPA deployment.

The controller does not need to be part of FreeIPA, but any target node needs to be.

We should make this clearer in the documentation, but IMO, working this on the error messages provided will open a lot of unknown issues, and this might be too much work for too small improvement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@t-woerner @Tas-sos @rjeffman