Forcing to change password when using API

Question

Hello,
we are working on creating installer for our software on DO through:
https://github.com/seven1m/do-install-button

And it all works great up to the one point, when installing send-mail it runs into this error:

Setting up sendmail-base (8.14.4-4.1ubuntu1) …
You are required to change your password immediately (root enforced)
chfn: PAM: Authentication token is no longer valid; new one required
adduser: `/usr/bin/chfn -f Mail Transfer Agent smmta’ returned error code 1. Exiting.
dpkg: error processing package sendmail-base (–configure):
subprocess installed post-installation script returned error exit status 1

So most probably chfn triggers the need for password change, as it is the first time login (even though from API launched script).

Any ideas on how to overcome it?

Answer 1

asb November 11, 2014

How are you trying to install it? I just did a quick successful test using a cloud-config file like:

#cloud-config
packages: sendmail-base

Is your app.yml file public?

Reply Report

ar2rsawseen November 11, 2014

I was installing it in bash script, let me try it this way, thanks :)
So any package can be included this way, right?
Reply Report
asb November 11, 2014

@ar2rsawseen Right. For more info, take a look at: An Introduction to Cloud-Config Scripting

Let us know how it goes!

An Introduction to Cloud-Config Scripting
by Justin Ellingwood
The DigitalOcean metadata service includes a field called "user-data", which can be used to specify a script that will be run as your server is brought online. The CloudInit program, which runs these scripts, can process a special script type called "cloud-config". In this guide, we'll explore how to create cloud-config files and the best ways to leverage their power.
Reply Report
ar2rsawseen November 11, 2014

@asb Interesting, but getting the same error in the start, which results in erroring API install script, but the installation proceeds and in the end I get error for nodejs package install for my installation script.

It says:

node-gyp require that either HOME or USERPROFILE be set in the environment.

Additionally, I can’t login with the account information sent to my email, only after I reset the password, it allows me to login.

So it is like the default account is not set at all.

Is it the problem with my configuration?

Here is my app.yml:
https://github.com/ar2rsawseen/countly-server/blob/master/app.yml

My installation script if it helps:
https://github.com/ar2rsawseen/countly-server/blob/master/bin/countly.do.install.sh

And the console output log:
http://pastebin.com/C1f7GuPa
Reply Report
asb November 11, 2014

I played around with it a bit, and there are a few things going on here… Honestly, I’m not entirely sure of the problem with installing sendmail. I think it would normally be a non-fatal error, but the code used by the “DO Install Button” bails out after the error. The problem with the password seems to be related. If you simply comment out the installation of sendmail, the password works. I assume it has something to do with cloud-init erroring out too soon so the password is never properly set. I seemed to solve the problem by only installing git and sendmail using cloud-config and then using the original install script for everything else.

The node-gyp issue can be fixed simply by adding export HOME=/root/ to the start of the runcmd section. $HOME isn’t set since this happens as part of the boot process, not a login shell.

You’ll then run into an issue with installing iptables-persistent, you need to set DEBIAN_FRONTEND=noninteractive or it will prompt for input and error out.

It all seems to work, and I get “You have succesfully setup Countly on your server.” But the “DO Install Button” page still claims there is an error. Might want to open an issue on that....

Check out what I did here https://github.com/andrewsomething/countly-server
Reply Report
ar2rsawseen November 12, 2014

Even though there is same error in sendmail, it really works, thank you.
Will try to deal with server side error handling of API installer

Thank you again ;)
Reply Report

Answer 2

ar2rsawseen November 11, 2014

I was installing it in bash script, let me try it this way, thanks :)
So any package can be included this way, right?
Reply Report
asb November 11, 2014

@ar2rsawseen Right. For more info, take a look at: An Introduction to Cloud-Config Scripting

Let us know how it goes!

An Introduction to Cloud-Config Scripting
by Justin Ellingwood
The DigitalOcean metadata service includes a field called "user-data", which can be used to specify a script that will be run as your server is brought online. The CloudInit program, which runs these scripts, can process a special script type called "cloud-config". In this guide, we'll explore how to create cloud-config files and the best ways to leverage their power.
Reply Report
ar2rsawseen November 11, 2014

@asb Interesting, but getting the same error in the start, which results in erroring API install script, but the installation proceeds and in the end I get error for nodejs package install for my installation script.

It says:

node-gyp require that either HOME or USERPROFILE be set in the environment.

Additionally, I can’t login with the account information sent to my email, only after I reset the password, it allows me to login.

So it is like the default account is not set at all.

Is it the problem with my configuration?

Here is my app.yml:
https://github.com/ar2rsawseen/countly-server/blob/master/app.yml

My installation script if it helps:
https://github.com/ar2rsawseen/countly-server/blob/master/bin/countly.do.install.sh

And the console output log:
http://pastebin.com/C1f7GuPa
Reply Report
asb November 11, 2014

I played around with it a bit, and there are a few things going on here… Honestly, I’m not entirely sure of the problem with installing sendmail. I think it would normally be a non-fatal error, but the code used by the “DO Install Button” bails out after the error. The problem with the password seems to be related. If you simply comment out the installation of sendmail, the password works. I assume it has something to do with cloud-init erroring out too soon so the password is never properly set. I seemed to solve the problem by only installing git and sendmail using cloud-config and then using the original install script for everything else.

The node-gyp issue can be fixed simply by adding export HOME=/root/ to the start of the runcmd section. $HOME isn’t set since this happens as part of the boot process, not a login shell.

You’ll then run into an issue with installing iptables-persistent, you need to set DEBIAN_FRONTEND=noninteractive or it will prompt for input and error out.

It all seems to work, and I get “You have succesfully setup Countly on your server.” But the “DO Install Button” page still claims there is an error. Might want to open an issue on that....

Check out what I did here https://github.com/andrewsomething/countly-server
Reply Report
ar2rsawseen November 12, 2014

Even though there is same error in sendmail, it really works, thank you.
Will try to deal with server side error handling of API installer

Thank you again ;)
Reply Report

Question

Forcing to change password when using API

Leave a comment

Looking for something else?

Sign up for our newsletter

Question

Forcing to change password when using API

Leave a comment

Looking for something else?