[Wapt] Erreur "Database is locked"

Mon Mar 25 17:45:09 CET 2019

Merci, je vais lire ça tranquillement et je ferai la mise à jour demain.

Cordialement,
Bastien

Le 25/03/2019 à 17:38, Hubert TOUVET a écrit :
>
> Changelog
> =========
>
> WAPT-1.7.3.11 (2019-03-25)
> -------------------------
>
> (hash 2f2f40b24e)
>
> * [FIX] waptconsole / hosts for packages : F5 does a local refresh
>
> * [FIX] Improve update performance with repositories with a lot of 
> packages.
>
> * [FIX] improves wapttray reporting
>
>   fix faulty inverted logic for notify_user parameter
>
> * [FIX] waptconsole : bad filtering of hosts for package (Enterprise)
>
> * [FIX] waptexit : fix waptexit closes even if Running task if no 
> pending task / pending updates
>
> * [FIX] waptexit : fix potential case where waptexit remains running 
> with high cpu load
>
> * [FIX] waptconsole:  Fix HostsForPackage grid not filtered properly 
> (was unproperly using Search expr from first page)
>
> * [FIX] waptservice : None has no check_install_is_running error at 
> waptservice startup
>
> * [FIX] core : set persistent_dir and persistent_source_dir attribute 
> on setup module for install_wapt
>
> * [FIX] core : fix bug in guessed persistent_dir for dev mode
>
> * [FIX] core : fix error resetting status of stucked processes in 
> local db (check_install_running)
>
> * [FIX] waptservice : Trap error setting runstatus in db in tasks 
> manager loop
>
>   Don't send runstatus to server each time it is set
>
> * [UPD] core : define explicitely the private_dir of Wapt object
>
> * [UPD] server : Don't refuse to provide authtoken if fqdn has changed 
> (this does not introduce sepcific risk as request is signed against UUID)
>
> * [UPD] core : if package_uuid attribute is not set in package's 
> control (old wapt), it is set  to a reproductible hash when package is 
> appended to local waptdb so we can use it to lookup packages faster (dict)
>
> * [NEW] waptconsole : Add audit scheduling setup in waptagent dialog 
> (Enterprise)
>
>   add set_waptaudit_task_period in innosetup installers
>
> * [IMP] setuphelpers: add win32_displays  to default wmi keys for report
>
> * [IMP] server setup : create X509 certificate / RSA key for hosts ssl 
> certificate signing and authentication during setup of server
>
> * [IMP] waptexit: add sizeable border and icons
>
>   show progress of long tasks
>
> * [IMP] waptservice : Process update of packages as a task instead of 
> waiting for its completion when upgrading (to avoid timeout when 
> running upgrade waptservice task)
>
>   add `update_packages` optional (default True) parameter for upgrade 
> waptservice action
>
> * [NEW] Add audit scheduling setup in waptagent compilation dialog 
> (Enterprise)
>
> * [NEW] setuphelpers : Add get_local_profiles setuphelpers
>
> * [IMP] waptserver : Don't refuse to provide authtoken for websockets 
> auth if fqdn has changed
>
> * [IMP] flush stdout before sending status to waptserver
>
> * [IMP] waptcrypto handle alternative object names in csr build
>
> * [IMP] wapt-get : --force option on wapt-get.exe service mode
>
> * [NEW] use client side auth for waptwua too
>
> * [CHANGE] server setup : nginx windows config : relocate logs and pid
>
>   add conditional client side ssl auth in nginx config
>
> * [CHANGE] waptconsole : refactor wget, wgets WaptRemoteRepo 
> WaptServer to use requests.Session object to handle specific ssl 
> client auth and proxies
>
>   Be sure to set privateKey password dialog callback to decrypt client 
> side ssl auth key
>
> * [IMP] waptcrypto : add waptcrypto.is_pem_key_encrypted
>
> * [IMP] waptconsole : Make sure waptagent window is fully visible.
>
> * [IMP] waptconsole : Make sure Right click select row on all grids
>
>
> WAPT-1.7.3.10 (2019-03-06)
> -------------------------
>
> (hash ec8aa25ef)
>
> Security
> ++++++++
>
> * upgraded OpenSSL dlls to 1.0.2r for 
> https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/ (moderate risk))
>
> New
> +++
>
> * Much reworked wizard pages embedded in waptserversetup.exe windows 
> server installer. Install of waptserver on Windows is easy again.
>
>    register server as a client of waptserver
>
>    create new key / cert pair
>
>    build waptagent.exe and waptupgrade package
>
>    configure package prefix
>
> * If client certificate signing is enabled on waptserver 
> (waptserver.ini config), the server sign a CSR for the client when the 
> client is registered. See 
> https://www.wapt.fr/fr/doc/waptserver-install/security/security-configuration-certificate-authentication.html
>
> * wapt-get: added new command `create-keycert` to create a pair of RSA 
> key / x509 certificate in batch mode. self signed or signed with a CA 
> key/cert
>
>     (options are case sensitive...)
>
>     /CommonName : CN to embed in certificate
>
>     /Email /Country /Locality /Organization /OrgUnit : additional 
> attributes to embed in certificate
>
>     /PrivateKeyPassword : specify the password for private key in 
> clear text form
>
>     /PrivateKeyPassword64 : specify the password for private key in 
> base64 encoding form
>
>     /NoPrivateKeyPassword : Ask to create or use an unencrypted RSA 
> private key
>
>     /CA=1 (or 0)): create a certification authority certificate if 1 
> (default to 1)
>
>     /CodeSigning=1 (or 0) ): create a code signing certificate if 1 
> (default to 1)
>
>     /ClientAuth=1 (or 0) : create a certificate for authenticating a 
> client on a https server with ssl auth. (default to 1)
>
>     /CAKeyFilename : path to CA private key to use for signing the new 
> certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini 
> [global] default_ca_key_path setting)
>
>     /CACertFilename : path to CA certificate to use for signing the 
> new certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini 
> [global] default_ca_cert_path setting)
>
>     /CAKeyPassword : specify the password for CA private key in clear 
> text form to use for signing the new certificate (no default)
>
>     /CAKeyPassword64 : specify the password for CA private key in 
> base64 encoding form to use for signing the new certificate (no default)
>
>     /NoCAKeyPassword : specify that the CA private to use for signing 
> the new certificate is unencrypted
>
>     /EnrollNewCert : copy the newly created certificate in <wapt>\ssl 
> to be taken in account as an authorized packages signer certificate.
>
>     /SetAsDefaultPersonalCert : set personal_certificate_path in 
> configuration inifile [global] section (default 
> %LOCALAPPDATA%\waptconsole\waptconsole.ini)
>
> * [NEW] wapt-get: added new commands `build-waptagent` to compile a 
> customized waptagent in batch mode.
>
>     Copy waptagent.exe and pre-waptupgrade locally (if not 
> /DeployWaptAgentLocally, upload to server with https)
>
>     /DeployWaptAgentLocally : Copy the newly built waptagent.exe and 
> prefix-waptupgrade_xxx.wapt to  local server repository directory ( 
> <wapt>\waptserver\repository\wapt\ )
>
> * [NEW] `wapt-get register` : Add options for easy configuration of 
> wapt when registering
>
>   `--pin-server-cert` : When registering, pin the server certificate. 
> (check that CN of certificate matches hostname of server and repo)
>
>   `--wapt-server-url` : When registering, set wapt-get.ini wapt_server 
> setting.
>
>   `--wapt-repo-url` : When registering, set wapt-get.ini repo_url 
> setting. (if not provided, and there is not repo_url set in 
> wapt-get.ini, extrapolate repo_url from wapt_server url)
>
> * [NEW] wapt-get Add check-valid-codesigning-cert / 
> CheckPersonalCertificateIsCodeSigning action
>
> Improvements and fixes
> ++++++++++++++++++++++
>
> * python libraries updates
>
>   upgrade cryptography from 2.3.1 to 2.5.0
>
>   upgrade pyOpenSSL from 18.0.0 from 19.0.0
>
> * [FIX] don't reset host.server_uuid in server db when host disconnect 
> from websocket
>
>   set host.server_uuid in server db when host get a token
>
> * [FIX] Modify isAdminLoggedIn to try to fix cases when we are admin 
> but function return false
>
> * [FIX]Ensure valid package name in package wizard (issue959)
>
> * [FIX] regression Use python cryptography 2.4.2 openssl bindings for 
> windows XP agent (openssl bindings of the python cryptopgraphy default 
> WHL >= 2.5 does not work on windows XP)
>
> * [FIX] trap exception when creating db tables from scratch fails, 
> allowing upgrade of structure.
>
> * [FIX] Reduce the risk of "database is locked" error
>
> * [FIX] fix deprecation warning for verifier and signer when checking 
> crl signature
>
> * [FIX] persistent_dir calculation in package's call_setup_hook when 
> package_uuid is None in local wapt DB (for clients migrated from pre 
> 1.7 wapt, error None has no len() in audit log)
>
> * [FIX] regression Don't try to use host_certificate / key for client 
> side ssl auth if they are not accessible
>
> * [IMP] Define proxies for crl download in wapt-get scan-packages
>
> * [IMP] Fix bad normalization action icon
>
> * [IMP] paste from clipboard action available in most packages editing 
> grid
>
> * [IMP] Propose to define package root dev path, package prefix, 
> waptagent or new private key/ cert when launching waptconsole
>
> * [IMP] Remove the need to define waptdev directory when editing 
> groups / profiles / wua packages / self-service packages
>
> * [IMP] Grid Columns translations in french
>
> * [IMP] waptexit responsiveness improvements
>
>   Separate events check thread and tasks check thread.
>
> * [NEW] Add ClientAuth checkbox when building certificate in waptconsole
>
> * [NEW] Add --quiet -q option to postconf.py
>
> * [MISC] add an example of client side cert auth
>
> * Add clientAuth extended usage to x509 certificates (default True) 
> for https client auth using personal certificate
>
> * Makes use of ssl client cert and key in waptconsole for server auth
>
> * fix ssl client certificate auth not taken in account for server api 
> and host repo
>
> * add is_client_auth property for certificates
>
>   default None for is_client_auth cert / csr build
>
>   don't fallback to host's client certificate auth if it is not 
> clientAuth capable (if so, http error 400)
>
> * [MISC] waptcrypto : Add SSLPKCS12 to encapsulate pcks#12 key/cert store
>
> * [MISC] Add splitter for log memo in Packages for hosts panel
>
> * Store fixes
>
> * Be tolerant when no persistent_dir in wsus packages
>
>   Min wapt version 1.7.3 for self service packages and waptwua packages
>
> * fix WsusUpdates has no attribute 'downloaded'
>
> WAPT-1.7.3.7 (2019-02-19)
> -------------------------
>
> (hash 373f7d92)
>
> Bug fixes
> ++++++++++
>
> * fix softs normalization dialog closed when typing F key (Enterprise)
>
> * include waptwua in nginx wapt server windows locations (Enterprise)
>
> * fix force option from service or websockets not being taken in 
> account in install_msi_if_needed or install_exe_if_needed
>
> * improved win updates reporting (uninstall behaviour) (Enterprise)
>
> * add uninstall action for winupdates in waptconsole  (Enterprise)
>
> * fix reporting from dmi "size type" fields with non int content 
> (Enterprise)
>
> Improvements
> ++++++++++++
>
> * waptexit: Allow minimize button
>
> * waptexit: Layout changes
>
> * AD Auth : less restrictive on user name sanitity check (Enterprise)
>
> * handle updates of data for winupdates with additional download urls  
> (Enterprise)
>
> * Add some additional info fields to WsusUpdates table (Enterprise)
>
> * add filename to Packages table for reporting and store usage 
> (Enterprise)
>
> * Add uninstall win updates to waptconsole (Enterprise)
>
> * Add windows updates uninstall task capabilities (Enterprise)
>
> * add filename to Packages table
>
> * increased default clockskew tolerance for client socket io
>
>
>
> Le 25/03/2019 à 15:23, Bastien HERMITTE a écrit :
>> Merci Simon, je vais tester ça.
>> Aurais-tu le changelog de cette version ?
>> Merci.
>>
>> Cordialement,
>> Bastien
>>
>> Le 23/03/2019 à 12:31, Simon Fonteneau a écrit :
>>> On a fait pas mal de Modification dans la dernière version. waptexit 
>>> et également pour le problème du "Database is locked"
>>> https://wapt.tranquil.it/wapt/nightly/wapt-1.7.3.11-5972-7ee22ace/
>>>
>>> La version n'est pas une release car elle n'a pas encore été 
>>> complément testé chez nous (manque de temps)
>>> Mais elle est en prod chez nous et chez quelques clients.
>>> Vous pouvez l'installer si voulez.
>>>
>>> Simon
>>>
>>>
>>> Le 22/03/2019 à 13:39, Bastien HERMITTE a écrit :
>>>> Bonjour,
>>>>
>>>> J'ai également ce problème depuis le passage en 1.7.
>>>> Cela pose problème notamment pour le waptexit, qui n'effectue pas 
>>>> les mises à jour, et du coup se relance à chaque fois.
>>>>
>>>> Cordialement,
>>>> Bastien
>>>>
>>>>
>>>> Le 18/03/2019 à 16:05, Floflobel Bellencontre a écrit :
>>>>>
>>>>> Bonjour,
>>>>>
>>>>> Nous avons le même problème de notre côté et nous ne pouvons plus 
>>>>> effectuer de mise à jours ou il faut vraiment essayer plusieurs fois.
>>>>>
>>>>> Avez-vous une solution de contournement en attendant la release de 
>>>>> la version 1.7.3.10 ?
>>>>>
>>>>> Savez-vous dans combien de temps cette version sera release sur le 
>>>>> dépôt debian ?
>>>>>
>>>>> Cordialement,
>>>>>
>>>>> On 3/15/19 9:39 AM, Jean-Charles GRANGER wrote:
>>>>>> Bonjour Hubert,
>>>>>>
>>>>>> Merci pour l'information et la confirmation, je suis rassuré, ça 
>>>>>> n'est pas une erreur de conf de notre coté.
>>>>>>
>>>>>> Pour la mise à jour 1.7.3.10, elle sera publiée sur le dépôt 
>>>>>> officiel ou bien il faut l'installer manuellement ?
>>>>>>
>>>>>> Cordialement,
>>>>>>
>>>>>> JCG
>>>>>>
>>>>>> -- 
>>>>>> Jean-Charles GRANGER
>>>>>>
>>>>>> Unité Informatique du Campus
>>>>>> Antenne du Coeur d'Ecole
>>>>>> Montpellier SupAgro / INRA Montpellier
>>>>>>
>>>>>> Le 14/03/2019 à 17:48, Hubert TOUVET a écrit :
>>>>>>> Je confirme que cette erreur est plus fréquent en 1.7.3.5.
>>>>>>> Le problème est lié à la base locale qui ne peut être en 
>>>>>>> écriture que pour un process / thread à la fois.
>>>>>>> Il faut donc que les transactions en écriture soient les plus 
>>>>>>> brèves possibles.
>>>>>>> A priori, la version 1.7.3.10 corrige cela. (d'après les tests 
>>>>>>> faits par nous en charge)
>>>>>>>
>>>>>>> Hubert
>>>>>>>
>>>>>>> Le 14/03/2019 à 16:05, Jean-Charles GRANGER a écrit :
>>>>>>>> Bonjour à tous,
>>>>>>>>
>>>>>>>> Depuis le passage à la version 1.7 (je suis en 1.7.3.5), j'ai 
>>>>>>>> une erreur très fréquente sur de nombreux postes lorsque je 
>>>>>>>> fais un update ou un upgrade :
>>>>>>>>
>>>>>>>>     FATAL ERROR : OperationalError: database is locked
>>>>>>>>
>>>>>>>> Elle empêche la remontée d'informations vers le serveur, et du 
>>>>>>>> coup, je ne sais plus quelles machines sont à jour ou non. Et 
>>>>>>>> les machines elles-mêmes ne le savent pas : comme elles n'ont 
>>>>>>>> pas acquitté la réussite des installations au serveur, elles 
>>>>>>>> pensent avoir échoué et relancent les installations à l'arrêt 
>>>>>>>> suivant.
>>>>>>>>
>>>>>>>> Parfois en insistant un peu en ligne de commande, les mises à 
>>>>>>>> jour finissent par remonter correctement (j'ai pu vérifier 
>>>>>>>> qu'elles s'installent sans problème, c'est juste la remontée 
>>>>>>>> d'info qui ne se fait pas bien).
>>>>>>>>
>>>>>>>> Je n'ai pas de tâches planifiées qui lancent Wapt en tâche de 
>>>>>>>> fond pour faire certaines opérations.
>>>>>>>>
>>>>>>>> Quelqu'un a déjà eu ce problème ?
>>>>>>>>
>>>>>>>> Cordialement,
>>>>>>>>
>>>>>>>> JCG
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> WAPT mailing list
>>>>>>> WAPT at lists.tranquil.it
>>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>>>
>>>>>> _______________________________________________
>>>>>> WAPT mailing list
>>>>>> WAPT at lists.tranquil.it
>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>>
>>>>> _______________________________________________
>>>>> WAPT mailing list
>>>>> WAPT at lists.tranquil.it
>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>
>>>>
>>>> _______________________________________________
>>>> WAPT mailing list
>>>> WAPT at lists.tranquil.it
>>>> http://lists.tranquil.it/listinfo/wapt
>>>
>>> _______________________________________________
>>> WAPT mailing list
>>> WAPT at lists.tranquil.it
>>> http://lists.tranquil.it/listinfo/wapt
>>
>>
>> _______________________________________________
>> WAPT mailing list
>> WAPT at lists.tranquil.it
>> http://lists.tranquil.it/listinfo/wapt
>
>
> _______________________________________________
> WAPT mailing list
> WAPT at lists.tranquil.it
> http://lists.tranquil.it/listinfo/wapt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20190325/3f7847c2/attachment.html>