starred/the-bastion

Fork 0

mirror of https://github.com/ovh/the-bastion.git synced 2026-05-09 08:25:27 +02:00

[GH-ISSUE #346] Error create first account #88

New issue

Open

opened 2026-05-07 00:18:39 +02:00 by BreizhHardware · 6 comments

BreizhHardware commented

2026-05-07 00:18:39 +02:00

Owner

Originally created by @Gskill75 on GitHub (Oct 26, 2022).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/346

Hello,

when I would like create my first account I have this message.
Do you have an idea to debug this problem ?
For information I realized my installation with the puppet module.
Thank you in advance for your answer.

/opt/bastion/bin/admin/setup-first-admin-account.sh toto auto
╭──.prod.bast-01──────────────────────────────────────the-bastion-3.09.00───
│ ▶ create a new bastion account
├───────────────────────────────────────────────────────────────────────────────
│ Please paste the SSH key you want to add. This bastion supports the following algorithms:
│ ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one
│ ECDSA  : strongness[####.] speed[#####], use `ssh-keygen -t ecdsa -b 521' to generate one
│ RSA    : strongness[###..] speed[#....], use `ssh-keygen -t rsa -b 4096' to generate one
│
│ In any case, don't save it without a passphrase (your paste won't be echoed).
ssh-ed25519 XXXX
│ Creating group toto with GID 99998...
│ Creating user toto with UID 99998...
│ Creating tty group of account...

│
│ ⛔ Error while adding toto to group bastion-users (Command exited with status 6)
╰────────────────────────────────────────────────────────────</accountCreate>───
[root@xx ~]#

os facts:
NAME="AlmaLinux"
VERSION="8.6 (Sky Tiger)"
ID="almalinux"
ID_LIKE="rhel centos fedora"

Originally created by @Gskill75 on GitHub (Oct 26, 2022). Original GitHub issue: https://github.com/ovh/the-bastion/issues/346 Hello, when I would like create my first account I have this message. Do you have an idea to debug this problem ? For information I realized my installation with the puppet module. Thank you in advance for your answer. ``` /opt/bastion/bin/admin/setup-first-admin-account.sh toto auto ╭──.prod.bast-01──────────────────────────────────────the-bastion-3.09.00─── │ ▶ create a new bastion account ├─────────────────────────────────────────────────────────────────────────────── │ Please paste the SSH key you want to add. This bastion supports the following algorithms: │ ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one │ ECDSA : strongness[####.] speed[#####], use `ssh-keygen -t ecdsa -b 521' to generate one │ RSA : strongness[###..] speed[#....], use `ssh-keygen -t rsa -b 4096' to generate one │ │ In any case, don't save it without a passphrase (your paste won't be echoed). ssh-ed25519 XXXX │ Creating group toto with GID 99998... │ Creating user toto with UID 99998... │ Creating tty group of account... │ │ ⛔ Error while adding toto to group bastion-users (Command exited with status 6) ╰────────────────────────────────────────────────────────────</accountCreate>─── [root@xx ~]# ``` os facts: NAME="AlmaLinux" VERSION="8.6 (Sky Tiger)" ID="almalinux" ID_LIKE="rhel centos fedora"

BreizhHardware commented

2026-05-07 00:18:40 +02:00

Author

Owner

@speed47 commented on GitHub (Oct 27, 2022):

Hello,

AlmaLinux is not officially supported, so minor alterations from CentOS (on which it seems to be based on) might get in the way.

Just tried on in a docker sandbox, a tiny change needs to be done on the script responsible for installing the prerequisites (system packages), as AlmaLinux doesn't name its repositories exactly the same. Namely, the "powertools" repo was not auto-enabled properly. You didn't seem to have encountered this issue, which might be because you already enabled it before. I'll still add a patch for this case (even if AlmaLinux is unsupported, the patch is minimal, so it's OK).

However I couldn't reproduce your problem. The Puppet module is known to work correctly under Debian, which has a lot of differences from RedHat/CentOS-derivatives, so it might also be part of the problem.

Can you enable debug mode and try again? This should give more details:
sed -i -re 's/"debug": .+/"debug": true,/' /etc/bastion/bastion.conf

The failing command is usermod, underneath, more precisely usermod -a -G bastion-users toto, can you try to run that manually and see if your system outputs an error?

@speed47 commented on GitHub (Oct 27, 2022): Hello, AlmaLinux is not officially supported, so minor alterations from CentOS (on which it seems to be based on) might get in the way. Just tried on in a docker sandbox, a tiny change needs to be done on the script responsible for installing the prerequisites (system packages), as AlmaLinux doesn't name its repositories exactly the same. Namely, the "powertools" repo was not auto-enabled properly. You didn't seem to have encountered this issue, which might be because you already enabled it before. I'll still add a patch for this case (even if AlmaLinux is unsupported, the patch is minimal, so it's OK). However I couldn't reproduce your problem. The Puppet module is known to work correctly under Debian, which has a lot of differences from RedHat/CentOS-derivatives, so it might also be part of the problem. Can you enable debug mode and try again? This should give more details: `sed -i -re 's/"debug": .+/"debug": true,/' /etc/bastion/bastion.conf` The failing command is `usermod`, underneath, more precisely `usermod -a -G bastion-users toto`, can you try to run that manually and see if your system outputs an error?

BreizhHardware commented

2026-05-07 00:18:40 +02:00

Author

Owner

@Gskill75 commented on GitHub (Oct 27, 2022):

Hello,
when I use the manual command I have this message :
usermod: group 'bastion-users' does not exist

@Gskill75 commented on GitHub (Oct 27, 2022): Hello, when I use the manual command I have this message : `usermod: group 'bastion-users' does not exist `

BreizhHardware commented

2026-05-07 00:18:41 +02:00

Author

Owner

@Gskill75 commented on GitHub (Oct 27, 2022):

for more details on my installation :
class { 'thebastion': install_packages => true, bastion_name => 'xx.prod.bast-01', allowed_networks => ['10.0.0.0/24', '10.0.10.0/24'], default_login => 'xx', admin_accounts => ['xx_a', 'xx_a'], password_allowed => false, super_owner_accounts => ['xxx-bast'], http_proxy_enabled => true, }

@Gskill75 commented on GitHub (Oct 27, 2022): for more details on my installation : `class { 'thebastion': install_packages => true, bastion_name => 'xx.prod.bast-01', allowed_networks => ['10.0.0.0/24', '10.0.10.0/24'], default_login => 'xx', admin_accounts => ['xx_a', 'xx_a'], password_allowed => false, super_owner_accounts => ['xxx-bast'], http_proxy_enabled => true, }`

BreizhHardware commented

2026-05-07 00:18:41 +02:00

Author

Owner

@speed47 commented on GitHub (Oct 28, 2022):

OK, so something went wrong with the install script when it tried to create the bastion-users group.
Can you run this command:
/opt/bastion/bin/admin/install --managed-upgrade, it'll attempt to create it again if it doesn't exist, and you might have an error message there that should give us a hint as to why it failed, should it fail again

@speed47 commented on GitHub (Oct 28, 2022): OK, so something went wrong with the install script when it tried to create the `bastion-users` group. Can you run this command: `/opt/bastion/bin/admin/install --managed-upgrade`, it'll attempt to create it again if it doesn't exist, and you might have an error message there that should give us a hint as to why it failed, should it fail again

BreizhHardware commented

2026-05-07 00:18:41 +02:00

Author

Owner

@Gskill75 commented on GitHub (Oct 28, 2022):

Hello,
log-bastion-install.log

You will find attached the output in the order indicated.
I think indeed that there was a problem.
Thanks again for your time

@Gskill75 commented on GitHub (Oct 28, 2022): Hello, [log-bastion-install.log](https://github.com/ovh/the-bastion/files/9886586/log-bastion-install.log) You will find attached the output in the order indicated. I think indeed that there was a problem. Thanks again for your time

BreizhHardware commented

2026-05-07 00:18:42 +02:00

Author

Owner

@speed47 commented on GitHub (Oct 28, 2022):

The installation worked properly this time, so it seems that the script had not been launched previously, which is odd.
For good measure, can you also run this: /opt/bastion/bin/admin/install-ttyrec.sh -a, this'll install ovh-ttyrec as it appears to be missing also.

I'll have to try to reproduce your problem with Puppet and your distro.

@speed47 commented on GitHub (Oct 28, 2022): The installation worked properly this time, so it seems that the script had not been launched previously, which is odd. For good measure, can you also run this: `/opt/bastion/bin/admin/install-ttyrec.sh -a`, this'll install `ovh-ttyrec` as it appears to be missing also. I'll have to try to reproduce your problem with Puppet and your distro.