Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating Hetzner robot admin sub-account fails (2017) #778

Closed
basvandijk opened this issue Nov 21, 2017 · 8 comments
Closed

Creating Hetzner robot admin sub-account fails (2017) #778

basvandijk opened this issue Nov 21, 2017 · 8 comments

Comments

@basvandijk
Copy link
Member

I get a hetzner.WebRobotError exception when provisioning a new Hetzner machine. This is with nixops-1.5.2 on NixOS-17.09.

When I upgrade nixops to the latest HEAD (9203440) I get the same error:

$ HETZNER_ROBOT_PASS=XXX nixops deploy -d my-net --include my-machine
my-machine...............................> 
creating an exclusive robot admin sub-account for ‘my-machine’... 
Traceback (most recent call last):
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/bin/..nixops-wrapped-wrapped", line 955, in <module>
    args.op()
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/bin/..nixops-wrapped-wrapped", line 382, in op_deploy
    repair=args.repair, dry_activate=args.dry_activate)
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/lib/python2.7/site-packages/nixops/deployment.py", line 983, in deploy
    self._deploy(**kwargs)
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/lib/python2.7/site-packages/nixops/deployment.py", line 944, in _deploy
    nixops.parallel.run_tasks(nr_workers=-1, tasks=self.active_resources.itervalues(), worker_fun=worker)
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/lib/python2.7/site-packages/nixops/parallel.py", line 41, in thread_fun
    result_queue.put((worker_fun(t), None))
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/lib/python2.7/site-packages/nixops/deployment.py", line 917, in worker
    r.create(self.definitions[r.name], check=check, allow_reboot=allow_reboot, allow_recreate=allow_recreate)
  File "/nix/store/p2a5cm95zwv67zawb3fm7jf5awqp5x64-nixops-1.6pre2276_9203440/lib/python2.7/site-packages/nixops/backends/hetzner.py", line 599, in create
    self.robot_admin_pass) = server.admin.create()
  File "/nix/store/m6wybn3vn6fwjnb5wwlr48q0wyyhxcs4-python2.7-hetzner-0.7.5/lib/python2.7/site-packages/hetzner/server.py", line 374, in admin
    self._admin_account = AdminAccount(self)
  File "/nix/store/m6wybn3vn6fwjnb5wwlr48q0wyyhxcs4-python2.7-hetzner-0.7.5/lib/python2.7/site-packages/hetzner/server.py", line 170, in __init__
    self.update_info()
  File "/nix/store/m6wybn3vn6fwjnb5wwlr48q0wyyhxcs4-python2.7-hetzner-0.7.5/lib/python2.7/site-packages/hetzner/server.py", line 176, in update_info
    self._scraper.login()
  File "/nix/store/m6wybn3vn6fwjnb5wwlr48q0wyyhxcs4-python2.7-hetzner-0.7.5/lib/python2.7/site-packages/hetzner/robot.py", line 142, in login
    " page".format(response.status))
hetzner.WebRobotError

When I upgrade the hetzner python library to the latest HEAD with the following bugfix: aszlig/hetzner#28 I get a different error:

$ HETZNER_ROBOT_PASS=XXX nixops deploy -d my-net --include my-machine
my-machine...............................> 
creating an exclusive robot admin sub-account for ‘my-machine’... 
error: Invalid status code 302 while visiting login page

@aszlig any idea what's going wrong?
@aszlig
Copy link
Member

aszlig commented Nov 21, 2017

@basvandijk: Yep, Hetzner has changed their login mechanism for the Robot, see aszlig/hetzner#26. I tried to fix it but it's a bit more involved, so maybe by the end of the week if there aren't any more surprises.

@aszlig
Copy link
Member

aszlig commented Nov 21, 2017

As a side note, we might want to make it easier to do that step manually if the scraper fails the next time this happens. Right now you need to temporarily set createSubAccount to false, create the account manually and pass it via HETZNER_ROBOT_USER/HETZNER_ROBOT_PASS to the new machine like eg.:

HETZNER_ROBOT_USER=foo HETZNER_ROBOT_PASS="$(cat)" nixops deploy --include newmachine

@basvandijk
Copy link
Member Author

@aszlig thanks for showing the workaround!

Let me know if I can help in any way with fixing the login problem. Do you have to reverse engineer the login procedure or is there any API documentation?

@aszlig
Copy link
Member

aszlig commented Nov 22, 2017

@basvandijk: I've fixed the login with aszlig/hetzner@2ed0b03, can you try whether it works now with the latest master version of the hetzner library?

@basvandijk
Copy link
Member Author

@aszlig with the latest master of the hetzner library nixops can now successfully create a sub-account. Thanks!

Now I face a new problem:

$ HETZNER_ROBOT_PASS=XXX nixops deploy -d my-net --include my-machine
my-machine...............................> installing machine...
my-machine...............................> rebooting machine ‘my-machine’ (XXX.XXX.XXX.XXX) into rescue system
my-machine...............................> sending reboot command... 
my-machine...............................> could not connect to ‘root@XXX.XXX.XXX.XXX’, retrying in 1 seconds...
my-machine...............................> could not connect to ‘root@XXX.XXX.XXX.XXX’, retrying in 2 seconds...
my-machine...............................> could not connect to ‘root@XXX.XXX.XXX.XXX’, retrying in 4 seconds...
my-machine...............................> could not connect to ‘root@XXX.XXX.XXX.XXX’, retrying in 8 seconds...
error: unable to start SSH master connection to ‘root@XXX.XXX.XXX.XXX’

@basvandijk
Copy link
Member Author

It's working now. The problem was that by default I specify:

deployment.targetPort = nonStandardSshPort

I had to temporarily switch it to 22.

@aszlig
Copy link
Member

aszlig commented Nov 22, 2017

@basvandijk: Hm, I wonder why it failed on reboot and not way before rebooting while sshing to the rescue system?

@basvandijk
Copy link
Member Author

@aszlig it did fail when trying to reboot to the rescue system.

I think it's a good idea to make a new release of your hetzner library, upgrade it in nixpkgs and cherry-pick it on release-17.09. After that we can close this issue.

aszlig added a commit to NixOS/nixpkgs that referenced this issue Dec 4, 2017
@aszlig
python/hetzner: 0.7.5 -> 0.8.0
65522ed 
New features:

 * Support for retrieving reverse PTRs.
 * Support for subnet-ranges.
 * Add logging (aszlig/hetzner#14).

Fixes:

 * Hide internal methods from the public API.
 * Fix Python 3 compatibility.
 * Fix for creating admin accounts with Hetzner's new login site.
 * Fix __repr__/__str__ issue with some exceptions (aszlig/hetzner#23).
 * Fix login for RobotWebInterface

Changes for the hetznerctl utility:

 * show: Show subnets
 * show: Show reverse PTRs
 * New 'rdns' subcommand for getting/setting/removing reverse-PTRs.
 * Use 'argparse' instead of 'optparse'.
 * Add command for managing admin accounts.
 * New '--debug' flag for printing debugging information.

This also fixes NixOS/nixops#778.

Tested building against Python 2.7 and Python 3.6.

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 6841064)
Reason: This unbreaks the NixOps Hetzner target, because the admin
        sub-account couldn't be created on initial deploy.
@basvandijk basvandijk changed the title Creating Hetzner robot admin sub-account fails Creating Hetzner robot admin sub-account fails (2017) Jan 22, 2019
@basvandijk basvandijk mentioned this issue Apr 20, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aszlig @basvandijk