[Wapt] Erreur "Database is locked"
Hubert TOUVET
htouvet at tranquil.it
Mon Mar 25 17:38:23 CET 2019
Changelog
=========
WAPT-1.7.3.11 (2019-03-25)
-------------------------
(hash 2f2f40b24e)
* [FIX] waptconsole / hosts for packages : F5 does a local refresh
* [FIX] Improve update performance with repositories with a lot of packages.
* [FIX] improves wapttray reporting
fix faulty inverted logic for notify_user parameter
* [FIX] waptconsole : bad filtering of hosts for package (Enterprise)
* [FIX] waptexit : fix waptexit closes even if Running task if no
pending task / pending updates
* [FIX] waptexit : fix potential case where waptexit remains running
with high cpu load
* [FIX] waptconsole: Fix HostsForPackage grid not filtered properly
(was unproperly using Search expr from first page)
* [FIX] waptservice : None has no check_install_is_running error at
waptservice startup
* [FIX] core : set persistent_dir and persistent_source_dir attribute on
setup module for install_wapt
* [FIX] core : fix bug in guessed persistent_dir for dev mode
* [FIX] core : fix error resetting status of stucked processes in local
db (check_install_running)
* [FIX] waptservice : Trap error setting runstatus in db in tasks
manager loop
Don't send runstatus to server each time it is set
* [UPD] core : define explicitely the private_dir of Wapt object
* [UPD] server : Don't refuse to provide authtoken if fqdn has changed
(this does not introduce sepcific risk as request is signed against UUID)
* [UPD] core : if package_uuid attribute is not set in package's control
(old wapt), it is set to a reproductible hash when package is appended
to local waptdb so we can use it to lookup packages faster (dict)
* [NEW] waptconsole : Add audit scheduling setup in waptagent dialog
(Enterprise)
add set_waptaudit_task_period in innosetup installers
* [IMP] setuphelpers: add win32_displays to default wmi keys for report
* [IMP] server setup : create X509 certificate / RSA key for hosts ssl
certificate signing and authentication during setup of server
* [IMP] waptexit: add sizeable border and icons
show progress of long tasks
* [IMP] waptservice : Process update of packages as a task instead of
waiting for its completion when upgrading (to avoid timeout when running
upgrade waptservice task)
add `update_packages` optional (default True) parameter for upgrade
waptservice action
* [NEW] Add audit scheduling setup in waptagent compilation dialog
(Enterprise)
* [NEW] setuphelpers : Add get_local_profiles setuphelpers
* [IMP] waptserver : Don't refuse to provide authtoken for websockets
auth if fqdn has changed
* [IMP] flush stdout before sending status to waptserver
* [IMP] waptcrypto handle alternative object names in csr build
* [IMP] wapt-get : --force option on wapt-get.exe service mode
* [NEW] use client side auth for waptwua too
* [CHANGE] server setup : nginx windows config : relocate logs and pid
add conditional client side ssl auth in nginx config
* [CHANGE] waptconsole : refactor wget, wgets WaptRemoteRepo WaptServer
to use requests.Session object to handle specific ssl client auth and
proxies
Be sure to set privateKey password dialog callback to decrypt client
side ssl auth key
* [IMP] waptcrypto : add waptcrypto.is_pem_key_encrypted
* [IMP] waptconsole : Make sure waptagent window is fully visible.
* [IMP] waptconsole : Make sure Right click select row on all grids
WAPT-1.7.3.10 (2019-03-06)
-------------------------
(hash ec8aa25ef)
Security
++++++++
* upgraded OpenSSL dlls to 1.0.2r for
https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/ (moderate risk))
New
+++
* Much reworked wizard pages embedded in waptserversetup.exe windows
server installer. Install of waptserver on Windows is easy again.
register server as a client of waptserver
create new key / cert pair
build waptagent.exe and waptupgrade package
configure package prefix
* If client certificate signing is enabled on waptserver (waptserver.ini
config), the server sign a CSR for the client when the client is
registered. See
https://www.wapt.fr/fr/doc/waptserver-install/security/security-configuration-certificate-authentication.html
* wapt-get: added new command `create-keycert` to create a pair of RSA
key / x509 certificate in batch mode. self signed or signed with a CA
key/cert
(options are case sensitive...)
/CommonName : CN to embed in certificate
/Email /Country /Locality /Organization /OrgUnit : additional
attributes to embed in certificate
/PrivateKeyPassword : specify the password for private key in clear
text form
/PrivateKeyPassword64 : specify the password for private key in
base64 encoding form
/NoPrivateKeyPassword : Ask to create or use an unencrypted RSA
private key
/CA=1 (or 0)): create a certification authority certificate if 1
(default to 1)
/CodeSigning=1 (or 0) ): create a code signing certificate if 1
(default to 1)
/ClientAuth=1 (or 0) : create a certificate for authenticating a
client on a https server with ssl auth. (default to 1)
/CAKeyFilename : path to CA private key to use for signing the new
certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini
[global] default_ca_key_path setting)
/CACertFilename : path to CA certificate to use for signing the new
certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini
[global] default_ca_cert_path setting)
/CAKeyPassword : specify the password for CA private key in clear
text form to use for signing the new certificate (no default)
/CAKeyPassword64 : specify the password for CA private key in
base64 encoding form to use for signing the new certificate (no default)
/NoCAKeyPassword : specify that the CA private to use for signing
the new certificate is unencrypted
/EnrollNewCert : copy the newly created certificate in <wapt>\ssl
to be taken in account as an authorized packages signer certificate.
/SetAsDefaultPersonalCert : set personal_certificate_path in
configuration inifile [global] section (default
%LOCALAPPDATA%\waptconsole\waptconsole.ini)
* [NEW] wapt-get: added new commands `build-waptagent` to compile a
customized waptagent in batch mode.
Copy waptagent.exe and pre-waptupgrade locally (if not
/DeployWaptAgentLocally, upload to server with https)
/DeployWaptAgentLocally : Copy the newly built waptagent.exe and
prefix-waptupgrade_xxx.wapt to local server repository directory (
<wapt>\waptserver\repository\wapt\ )
* [NEW] `wapt-get register` : Add options for easy configuration of wapt
when registering
`--pin-server-cert` : When registering, pin the server certificate.
(check that CN of certificate matches hostname of server and repo)
`--wapt-server-url` : When registering, set wapt-get.ini wapt_server
setting.
`--wapt-repo-url` : When registering, set wapt-get.ini repo_url
setting. (if not provided, and there is not repo_url set in
wapt-get.ini, extrapolate repo_url from wapt_server url)
* [NEW] wapt-get Add check-valid-codesigning-cert /
CheckPersonalCertificateIsCodeSigning action
Improvements and fixes
++++++++++++++++++++++
* python libraries updates
upgrade cryptography from 2.3.1 to 2.5.0
upgrade pyOpenSSL from 18.0.0 from 19.0.0
* [FIX] don't reset host.server_uuid in server db when host disconnect
from websocket
set host.server_uuid in server db when host get a token
* [FIX] Modify isAdminLoggedIn to try to fix cases when we are admin but
function return false
* [FIX]Ensure valid package name in package wizard (issue959)
* [FIX] regression Use python cryptography 2.4.2 openssl bindings for
windows XP agent (openssl bindings of the python cryptopgraphy default
WHL >= 2.5 does not work on windows XP)
* [FIX] trap exception when creating db tables from scratch fails,
allowing upgrade of structure.
* [FIX] Reduce the risk of "database is locked" error
* [FIX] fix deprecation warning for verifier and signer when checking
crl signature
* [FIX] persistent_dir calculation in package's call_setup_hook when
package_uuid is None in local wapt DB (for clients migrated from pre 1.7
wapt, error None has no len() in audit log)
* [FIX] regression Don't try to use host_certificate / key for client
side ssl auth if they are not accessible
* [IMP] Define proxies for crl download in wapt-get scan-packages
* [IMP] Fix bad normalization action icon
* [IMP] paste from clipboard action available in most packages editing grid
* [IMP] Propose to define package root dev path, package prefix,
waptagent or new private key/ cert when launching waptconsole
* [IMP] Remove the need to define waptdev directory when editing groups
/ profiles / wua packages / self-service packages
* [IMP] Grid Columns translations in french
* [IMP] waptexit responsiveness improvements
Separate events check thread and tasks check thread.
* [NEW] Add ClientAuth checkbox when building certificate in waptconsole
* [NEW] Add --quiet -q option to postconf.py
* [MISC] add an example of client side cert auth
* Add clientAuth extended usage to x509 certificates (default True) for
https client auth using personal certificate
* Makes use of ssl client cert and key in waptconsole for server auth
* fix ssl client certificate auth not taken in account for server api
and host repo
* add is_client_auth property for certificates
default None for is_client_auth cert / csr build
don't fallback to host's client certificate auth if it is not
clientAuth capable (if so, http error 400)
* [MISC] waptcrypto : Add SSLPKCS12 to encapsulate pcks#12 key/cert store
* [MISC] Add splitter for log memo in Packages for hosts panel
* Store fixes
* Be tolerant when no persistent_dir in wsus packages
Min wapt version 1.7.3 for self service packages and waptwua packages
* fix WsusUpdates has no attribute 'downloaded'
WAPT-1.7.3.7 (2019-02-19)
-------------------------
(hash 373f7d92)
Bug fixes
++++++++++
* fix softs normalization dialog closed when typing F key (Enterprise)
* include waptwua in nginx wapt server windows locations (Enterprise)
* fix force option from service or websockets not being taken in account
in install_msi_if_needed or install_exe_if_needed
* improved win updates reporting (uninstall behaviour) (Enterprise)
* add uninstall action for winupdates in waptconsole (Enterprise)
* fix reporting from dmi "size type" fields with non int content
(Enterprise)
Improvements
++++++++++++
* waptexit: Allow minimize button
* waptexit: Layout changes
* AD Auth : less restrictive on user name sanitity check (Enterprise)
* handle updates of data for winupdates with additional download urls
(Enterprise)
* Add some additional info fields to WsusUpdates table (Enterprise)
* add filename to Packages table for reporting and store usage (Enterprise)
* Add uninstall win updates to waptconsole (Enterprise)
* Add windows updates uninstall task capabilities (Enterprise)
* add filename to Packages table
* increased default clockskew tolerance for client socket io
Le 25/03/2019 à 15:23, Bastien HERMITTE a écrit :
> Merci Simon, je vais tester ça.
> Aurais-tu le changelog de cette version ?
> Merci.
>
> Cordialement,
> Bastien
>
> Le 23/03/2019 à 12:31, Simon Fonteneau a écrit :
>> On a fait pas mal de Modification dans la dernière version. waptexit
>> et également pour le problème du "Database is locked"
>> https://wapt.tranquil.it/wapt/nightly/wapt-1.7.3.11-5972-7ee22ace/
>>
>> La version n'est pas une release car elle n'a pas encore été
>> complément testé chez nous (manque de temps)
>> Mais elle est en prod chez nous et chez quelques clients.
>> Vous pouvez l'installer si voulez.
>>
>> Simon
>>
>>
>> Le 22/03/2019 à 13:39, Bastien HERMITTE a écrit :
>>> Bonjour,
>>>
>>> J'ai également ce problème depuis le passage en 1.7.
>>> Cela pose problème notamment pour le waptexit, qui n'effectue pas
>>> les mises à jour, et du coup se relance à chaque fois.
>>>
>>> Cordialement,
>>> Bastien
>>>
>>>
>>> Le 18/03/2019 à 16:05, Floflobel Bellencontre a écrit :
>>>>
>>>> Bonjour,
>>>>
>>>> Nous avons le même problème de notre côté et nous ne pouvons plus
>>>> effectuer de mise à jours ou il faut vraiment essayer plusieurs fois.
>>>>
>>>> Avez-vous une solution de contournement en attendant la release de
>>>> la version 1.7.3.10 ?
>>>>
>>>> Savez-vous dans combien de temps cette version sera release sur le
>>>> dépôt debian ?
>>>>
>>>> Cordialement,
>>>>
>>>> On 3/15/19 9:39 AM, Jean-Charles GRANGER wrote:
>>>>> Bonjour Hubert,
>>>>>
>>>>> Merci pour l'information et la confirmation, je suis rassuré, ça
>>>>> n'est pas une erreur de conf de notre coté.
>>>>>
>>>>> Pour la mise à jour 1.7.3.10, elle sera publiée sur le dépôt
>>>>> officiel ou bien il faut l'installer manuellement ?
>>>>>
>>>>> Cordialement,
>>>>>
>>>>> JCG
>>>>>
>>>>> --
>>>>> Jean-Charles GRANGER
>>>>>
>>>>> Unité Informatique du Campus
>>>>> Antenne du Coeur d'Ecole
>>>>> Montpellier SupAgro / INRA Montpellier
>>>>>
>>>>> Le 14/03/2019 à 17:48, Hubert TOUVET a écrit :
>>>>>> Je confirme que cette erreur est plus fréquent en 1.7.3.5.
>>>>>> Le problème est lié à la base locale qui ne peut être en écriture
>>>>>> que pour un process / thread à la fois.
>>>>>> Il faut donc que les transactions en écriture soient les plus
>>>>>> brèves possibles.
>>>>>> A priori, la version 1.7.3.10 corrige cela. (d'après les tests
>>>>>> faits par nous en charge)
>>>>>>
>>>>>> Hubert
>>>>>>
>>>>>> Le 14/03/2019 à 16:05, Jean-Charles GRANGER a écrit :
>>>>>>> Bonjour à tous,
>>>>>>>
>>>>>>> Depuis le passage à la version 1.7 (je suis en 1.7.3.5), j'ai
>>>>>>> une erreur très fréquente sur de nombreux postes lorsque je fais
>>>>>>> un update ou un upgrade :
>>>>>>>
>>>>>>> FATAL ERROR : OperationalError: database is locked
>>>>>>>
>>>>>>> Elle empêche la remontée d'informations vers le serveur, et du
>>>>>>> coup, je ne sais plus quelles machines sont à jour ou non. Et
>>>>>>> les machines elles-mêmes ne le savent pas : comme elles n'ont
>>>>>>> pas acquitté la réussite des installations au serveur, elles
>>>>>>> pensent avoir échoué et relancent les installations à l'arrêt
>>>>>>> suivant.
>>>>>>>
>>>>>>> Parfois en insistant un peu en ligne de commande, les mises à
>>>>>>> jour finissent par remonter correctement (j'ai pu vérifier
>>>>>>> qu'elles s'installent sans problème, c'est juste la remontée
>>>>>>> d'info qui ne se fait pas bien).
>>>>>>>
>>>>>>> Je n'ai pas de tâches planifiées qui lancent Wapt en tâche de
>>>>>>> fond pour faire certaines opérations.
>>>>>>>
>>>>>>> Quelqu'un a déjà eu ce problème ?
>>>>>>>
>>>>>>> Cordialement,
>>>>>>>
>>>>>>> JCG
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> WAPT mailing list
>>>>>> WAPT at lists.tranquil.it
>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>>
>>>>> _______________________________________________
>>>>> WAPT mailing list
>>>>> WAPT at lists.tranquil.it
>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>
>>>> _______________________________________________
>>>> WAPT mailing list
>>>> WAPT at lists.tranquil.it
>>>> http://lists.tranquil.it/listinfo/wapt
>>>
>>>
>>> _______________________________________________
>>> WAPT mailing list
>>> WAPT at lists.tranquil.it
>>> http://lists.tranquil.it/listinfo/wapt
>>
>> _______________________________________________
>> WAPT mailing list
>> WAPT at lists.tranquil.it
>> http://lists.tranquil.it/listinfo/wapt
>
>
> _______________________________________________
> WAPT mailing list
> WAPT at lists.tranquil.it
> http://lists.tranquil.it/listinfo/wapt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20190325/b3f02f8e/attachment.html>
More information about the WAPT
mailing list