[Wapt] Erreur "Database is locked"
Bastien HERMITTE
bhermitte at b2pweb.com
Mon Mar 25 17:45:09 CET 2019
Merci, je vais lire ça tranquillement et je ferai la mise à jour demain.
Cordialement,
Bastien
Le 25/03/2019 à 17:38, Hubert TOUVET a écrit :
>
> Changelog
> =========
>
> WAPT-1.7.3.11 (2019-03-25)
> -------------------------
>
> (hash 2f2f40b24e)
>
> * [FIX] waptconsole / hosts for packages : F5 does a local refresh
>
> * [FIX] Improve update performance with repositories with a lot of
> packages.
>
> * [FIX] improves wapttray reporting
>
> fix faulty inverted logic for notify_user parameter
>
> * [FIX] waptconsole : bad filtering of hosts for package (Enterprise)
>
> * [FIX] waptexit : fix waptexit closes even if Running task if no
> pending task / pending updates
>
> * [FIX] waptexit : fix potential case where waptexit remains running
> with high cpu load
>
> * [FIX] waptconsole: Fix HostsForPackage grid not filtered properly
> (was unproperly using Search expr from first page)
>
> * [FIX] waptservice : None has no check_install_is_running error at
> waptservice startup
>
> * [FIX] core : set persistent_dir and persistent_source_dir attribute
> on setup module for install_wapt
>
> * [FIX] core : fix bug in guessed persistent_dir for dev mode
>
> * [FIX] core : fix error resetting status of stucked processes in
> local db (check_install_running)
>
> * [FIX] waptservice : Trap error setting runstatus in db in tasks
> manager loop
>
> Don't send runstatus to server each time it is set
>
> * [UPD] core : define explicitely the private_dir of Wapt object
>
> * [UPD] server : Don't refuse to provide authtoken if fqdn has changed
> (this does not introduce sepcific risk as request is signed against UUID)
>
> * [UPD] core : if package_uuid attribute is not set in package's
> control (old wapt), it is set to a reproductible hash when package is
> appended to local waptdb so we can use it to lookup packages faster (dict)
>
> * [NEW] waptconsole : Add audit scheduling setup in waptagent dialog
> (Enterprise)
>
> add set_waptaudit_task_period in innosetup installers
>
> * [IMP] setuphelpers: add win32_displays to default wmi keys for report
>
> * [IMP] server setup : create X509 certificate / RSA key for hosts ssl
> certificate signing and authentication during setup of server
>
> * [IMP] waptexit: add sizeable border and icons
>
> show progress of long tasks
>
> * [IMP] waptservice : Process update of packages as a task instead of
> waiting for its completion when upgrading (to avoid timeout when
> running upgrade waptservice task)
>
> add `update_packages` optional (default True) parameter for upgrade
> waptservice action
>
> * [NEW] Add audit scheduling setup in waptagent compilation dialog
> (Enterprise)
>
> * [NEW] setuphelpers : Add get_local_profiles setuphelpers
>
> * [IMP] waptserver : Don't refuse to provide authtoken for websockets
> auth if fqdn has changed
>
> * [IMP] flush stdout before sending status to waptserver
>
> * [IMP] waptcrypto handle alternative object names in csr build
>
> * [IMP] wapt-get : --force option on wapt-get.exe service mode
>
> * [NEW] use client side auth for waptwua too
>
> * [CHANGE] server setup : nginx windows config : relocate logs and pid
>
> add conditional client side ssl auth in nginx config
>
> * [CHANGE] waptconsole : refactor wget, wgets WaptRemoteRepo
> WaptServer to use requests.Session object to handle specific ssl
> client auth and proxies
>
> Be sure to set privateKey password dialog callback to decrypt client
> side ssl auth key
>
> * [IMP] waptcrypto : add waptcrypto.is_pem_key_encrypted
>
> * [IMP] waptconsole : Make sure waptagent window is fully visible.
>
> * [IMP] waptconsole : Make sure Right click select row on all grids
>
>
> WAPT-1.7.3.10 (2019-03-06)
> -------------------------
>
> (hash ec8aa25ef)
>
> Security
> ++++++++
>
> * upgraded OpenSSL dlls to 1.0.2r for
> https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/ (moderate risk))
>
> New
> +++
>
> * Much reworked wizard pages embedded in waptserversetup.exe windows
> server installer. Install of waptserver on Windows is easy again.
>
> register server as a client of waptserver
>
> create new key / cert pair
>
> build waptagent.exe and waptupgrade package
>
> configure package prefix
>
> * If client certificate signing is enabled on waptserver
> (waptserver.ini config), the server sign a CSR for the client when the
> client is registered. See
> https://www.wapt.fr/fr/doc/waptserver-install/security/security-configuration-certificate-authentication.html
>
> * wapt-get: added new command `create-keycert` to create a pair of RSA
> key / x509 certificate in batch mode. self signed or signed with a CA
> key/cert
>
> (options are case sensitive...)
>
> /CommonName : CN to embed in certificate
>
> /Email /Country /Locality /Organization /OrgUnit : additional
> attributes to embed in certificate
>
> /PrivateKeyPassword : specify the password for private key in
> clear text form
>
> /PrivateKeyPassword64 : specify the password for private key in
> base64 encoding form
>
> /NoPrivateKeyPassword : Ask to create or use an unencrypted RSA
> private key
>
> /CA=1 (or 0)): create a certification authority certificate if 1
> (default to 1)
>
> /CodeSigning=1 (or 0) ): create a code signing certificate if 1
> (default to 1)
>
> /ClientAuth=1 (or 0) : create a certificate for authenticating a
> client on a https server with ssl auth. (default to 1)
>
> /CAKeyFilename : path to CA private key to use for signing the new
> certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini
> [global] default_ca_key_path setting)
>
> /CACertFilename : path to CA certificate to use for signing the
> new certificate (default to %LOCALAPPDATA%\waptconsole\waptconsole.ini
> [global] default_ca_cert_path setting)
>
> /CAKeyPassword : specify the password for CA private key in clear
> text form to use for signing the new certificate (no default)
>
> /CAKeyPassword64 : specify the password for CA private key in
> base64 encoding form to use for signing the new certificate (no default)
>
> /NoCAKeyPassword : specify that the CA private to use for signing
> the new certificate is unencrypted
>
> /EnrollNewCert : copy the newly created certificate in <wapt>\ssl
> to be taken in account as an authorized packages signer certificate.
>
> /SetAsDefaultPersonalCert : set personal_certificate_path in
> configuration inifile [global] section (default
> %LOCALAPPDATA%\waptconsole\waptconsole.ini)
>
> * [NEW] wapt-get: added new commands `build-waptagent` to compile a
> customized waptagent in batch mode.
>
> Copy waptagent.exe and pre-waptupgrade locally (if not
> /DeployWaptAgentLocally, upload to server with https)
>
> /DeployWaptAgentLocally : Copy the newly built waptagent.exe and
> prefix-waptupgrade_xxx.wapt to local server repository directory (
> <wapt>\waptserver\repository\wapt\ )
>
> * [NEW] `wapt-get register` : Add options for easy configuration of
> wapt when registering
>
> `--pin-server-cert` : When registering, pin the server certificate.
> (check that CN of certificate matches hostname of server and repo)
>
> `--wapt-server-url` : When registering, set wapt-get.ini wapt_server
> setting.
>
> `--wapt-repo-url` : When registering, set wapt-get.ini repo_url
> setting. (if not provided, and there is not repo_url set in
> wapt-get.ini, extrapolate repo_url from wapt_server url)
>
> * [NEW] wapt-get Add check-valid-codesigning-cert /
> CheckPersonalCertificateIsCodeSigning action
>
> Improvements and fixes
> ++++++++++++++++++++++
>
> * python libraries updates
>
> upgrade cryptography from 2.3.1 to 2.5.0
>
> upgrade pyOpenSSL from 18.0.0 from 19.0.0
>
> * [FIX] don't reset host.server_uuid in server db when host disconnect
> from websocket
>
> set host.server_uuid in server db when host get a token
>
> * [FIX] Modify isAdminLoggedIn to try to fix cases when we are admin
> but function return false
>
> * [FIX]Ensure valid package name in package wizard (issue959)
>
> * [FIX] regression Use python cryptography 2.4.2 openssl bindings for
> windows XP agent (openssl bindings of the python cryptopgraphy default
> WHL >= 2.5 does not work on windows XP)
>
> * [FIX] trap exception when creating db tables from scratch fails,
> allowing upgrade of structure.
>
> * [FIX] Reduce the risk of "database is locked" error
>
> * [FIX] fix deprecation warning for verifier and signer when checking
> crl signature
>
> * [FIX] persistent_dir calculation in package's call_setup_hook when
> package_uuid is None in local wapt DB (for clients migrated from pre
> 1.7 wapt, error None has no len() in audit log)
>
> * [FIX] regression Don't try to use host_certificate / key for client
> side ssl auth if they are not accessible
>
> * [IMP] Define proxies for crl download in wapt-get scan-packages
>
> * [IMP] Fix bad normalization action icon
>
> * [IMP] paste from clipboard action available in most packages editing
> grid
>
> * [IMP] Propose to define package root dev path, package prefix,
> waptagent or new private key/ cert when launching waptconsole
>
> * [IMP] Remove the need to define waptdev directory when editing
> groups / profiles / wua packages / self-service packages
>
> * [IMP] Grid Columns translations in french
>
> * [IMP] waptexit responsiveness improvements
>
> Separate events check thread and tasks check thread.
>
> * [NEW] Add ClientAuth checkbox when building certificate in waptconsole
>
> * [NEW] Add --quiet -q option to postconf.py
>
> * [MISC] add an example of client side cert auth
>
> * Add clientAuth extended usage to x509 certificates (default True)
> for https client auth using personal certificate
>
> * Makes use of ssl client cert and key in waptconsole for server auth
>
> * fix ssl client certificate auth not taken in account for server api
> and host repo
>
> * add is_client_auth property for certificates
>
> default None for is_client_auth cert / csr build
>
> don't fallback to host's client certificate auth if it is not
> clientAuth capable (if so, http error 400)
>
> * [MISC] waptcrypto : Add SSLPKCS12 to encapsulate pcks#12 key/cert store
>
> * [MISC] Add splitter for log memo in Packages for hosts panel
>
> * Store fixes
>
> * Be tolerant when no persistent_dir in wsus packages
>
> Min wapt version 1.7.3 for self service packages and waptwua packages
>
> * fix WsusUpdates has no attribute 'downloaded'
>
> WAPT-1.7.3.7 (2019-02-19)
> -------------------------
>
> (hash 373f7d92)
>
> Bug fixes
> ++++++++++
>
> * fix softs normalization dialog closed when typing F key (Enterprise)
>
> * include waptwua in nginx wapt server windows locations (Enterprise)
>
> * fix force option from service or websockets not being taken in
> account in install_msi_if_needed or install_exe_if_needed
>
> * improved win updates reporting (uninstall behaviour) (Enterprise)
>
> * add uninstall action for winupdates in waptconsole (Enterprise)
>
> * fix reporting from dmi "size type" fields with non int content
> (Enterprise)
>
> Improvements
> ++++++++++++
>
> * waptexit: Allow minimize button
>
> * waptexit: Layout changes
>
> * AD Auth : less restrictive on user name sanitity check (Enterprise)
>
> * handle updates of data for winupdates with additional download urls
> (Enterprise)
>
> * Add some additional info fields to WsusUpdates table (Enterprise)
>
> * add filename to Packages table for reporting and store usage
> (Enterprise)
>
> * Add uninstall win updates to waptconsole (Enterprise)
>
> * Add windows updates uninstall task capabilities (Enterprise)
>
> * add filename to Packages table
>
> * increased default clockskew tolerance for client socket io
>
>
>
> Le 25/03/2019 à 15:23, Bastien HERMITTE a écrit :
>> Merci Simon, je vais tester ça.
>> Aurais-tu le changelog de cette version ?
>> Merci.
>>
>> Cordialement,
>> Bastien
>>
>> Le 23/03/2019 à 12:31, Simon Fonteneau a écrit :
>>> On a fait pas mal de Modification dans la dernière version. waptexit
>>> et également pour le problème du "Database is locked"
>>> https://wapt.tranquil.it/wapt/nightly/wapt-1.7.3.11-5972-7ee22ace/
>>>
>>> La version n'est pas une release car elle n'a pas encore été
>>> complément testé chez nous (manque de temps)
>>> Mais elle est en prod chez nous et chez quelques clients.
>>> Vous pouvez l'installer si voulez.
>>>
>>> Simon
>>>
>>>
>>> Le 22/03/2019 à 13:39, Bastien HERMITTE a écrit :
>>>> Bonjour,
>>>>
>>>> J'ai également ce problème depuis le passage en 1.7.
>>>> Cela pose problème notamment pour le waptexit, qui n'effectue pas
>>>> les mises à jour, et du coup se relance à chaque fois.
>>>>
>>>> Cordialement,
>>>> Bastien
>>>>
>>>>
>>>> Le 18/03/2019 à 16:05, Floflobel Bellencontre a écrit :
>>>>>
>>>>> Bonjour,
>>>>>
>>>>> Nous avons le même problème de notre côté et nous ne pouvons plus
>>>>> effectuer de mise à jours ou il faut vraiment essayer plusieurs fois.
>>>>>
>>>>> Avez-vous une solution de contournement en attendant la release de
>>>>> la version 1.7.3.10 ?
>>>>>
>>>>> Savez-vous dans combien de temps cette version sera release sur le
>>>>> dépôt debian ?
>>>>>
>>>>> Cordialement,
>>>>>
>>>>> On 3/15/19 9:39 AM, Jean-Charles GRANGER wrote:
>>>>>> Bonjour Hubert,
>>>>>>
>>>>>> Merci pour l'information et la confirmation, je suis rassuré, ça
>>>>>> n'est pas une erreur de conf de notre coté.
>>>>>>
>>>>>> Pour la mise à jour 1.7.3.10, elle sera publiée sur le dépôt
>>>>>> officiel ou bien il faut l'installer manuellement ?
>>>>>>
>>>>>> Cordialement,
>>>>>>
>>>>>> JCG
>>>>>>
>>>>>> --
>>>>>> Jean-Charles GRANGER
>>>>>>
>>>>>> Unité Informatique du Campus
>>>>>> Antenne du Coeur d'Ecole
>>>>>> Montpellier SupAgro / INRA Montpellier
>>>>>>
>>>>>> Le 14/03/2019 à 17:48, Hubert TOUVET a écrit :
>>>>>>> Je confirme que cette erreur est plus fréquent en 1.7.3.5.
>>>>>>> Le problème est lié à la base locale qui ne peut être en
>>>>>>> écriture que pour un process / thread à la fois.
>>>>>>> Il faut donc que les transactions en écriture soient les plus
>>>>>>> brèves possibles.
>>>>>>> A priori, la version 1.7.3.10 corrige cela. (d'après les tests
>>>>>>> faits par nous en charge)
>>>>>>>
>>>>>>> Hubert
>>>>>>>
>>>>>>> Le 14/03/2019 à 16:05, Jean-Charles GRANGER a écrit :
>>>>>>>> Bonjour à tous,
>>>>>>>>
>>>>>>>> Depuis le passage à la version 1.7 (je suis en 1.7.3.5), j'ai
>>>>>>>> une erreur très fréquente sur de nombreux postes lorsque je
>>>>>>>> fais un update ou un upgrade :
>>>>>>>>
>>>>>>>> FATAL ERROR : OperationalError: database is locked
>>>>>>>>
>>>>>>>> Elle empêche la remontée d'informations vers le serveur, et du
>>>>>>>> coup, je ne sais plus quelles machines sont à jour ou non. Et
>>>>>>>> les machines elles-mêmes ne le savent pas : comme elles n'ont
>>>>>>>> pas acquitté la réussite des installations au serveur, elles
>>>>>>>> pensent avoir échoué et relancent les installations à l'arrêt
>>>>>>>> suivant.
>>>>>>>>
>>>>>>>> Parfois en insistant un peu en ligne de commande, les mises à
>>>>>>>> jour finissent par remonter correctement (j'ai pu vérifier
>>>>>>>> qu'elles s'installent sans problème, c'est juste la remontée
>>>>>>>> d'info qui ne se fait pas bien).
>>>>>>>>
>>>>>>>> Je n'ai pas de tâches planifiées qui lancent Wapt en tâche de
>>>>>>>> fond pour faire certaines opérations.
>>>>>>>>
>>>>>>>> Quelqu'un a déjà eu ce problème ?
>>>>>>>>
>>>>>>>> Cordialement,
>>>>>>>>
>>>>>>>> JCG
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> WAPT mailing list
>>>>>>> WAPT at lists.tranquil.it
>>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>>>
>>>>>> _______________________________________________
>>>>>> WAPT mailing list
>>>>>> WAPT at lists.tranquil.it
>>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>>
>>>>> _______________________________________________
>>>>> WAPT mailing list
>>>>> WAPT at lists.tranquil.it
>>>>> http://lists.tranquil.it/listinfo/wapt
>>>>
>>>>
>>>> _______________________________________________
>>>> WAPT mailing list
>>>> WAPT at lists.tranquil.it
>>>> http://lists.tranquil.it/listinfo/wapt
>>>
>>> _______________________________________________
>>> WAPT mailing list
>>> WAPT at lists.tranquil.it
>>> http://lists.tranquil.it/listinfo/wapt
>>
>>
>> _______________________________________________
>> WAPT mailing list
>> WAPT at lists.tranquil.it
>> http://lists.tranquil.it/listinfo/wapt
>
>
> _______________________________________________
> WAPT mailing list
> WAPT at lists.tranquil.it
> http://lists.tranquil.it/listinfo/wapt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20190325/3f7847c2/attachment.html>
More information about the WAPT
mailing list