IRC logs of #tryton for Sunday, 2010-08-29 #tryton log beginning Sun Aug 29 00:00:02 CEST 2010
-!- pepeu(~manuel@ has joined #tryton01:45
-!- zodman(~zodman@foresight/developer/zodman) has joined #tryton02:10
-!- digitalsatori(~tony@ has joined #tryton02:24
-!- yangoon( has joined #tryton05:19
-!- cedk(~ced@gentoo/developer/cedk) has joined #tryton08:51
-!- hihat( has joined #tryton09:16
hihatgood morning, somebody willing to help me check why I do get "could not connect to server" on a imho properly done (remote) installation of tryton-server 1.6.1?09:20
cedkhihat: why not09:23
cedkhihat: is the server running?09:23
-!- udono( has joined #tryton09:25
hihatthanks, yes it is.09:27
hihatroot@***:~# netstat -antp | grep python09:27
hihattcp        0      0*               LISTEN      25154/python09:27
hihattcp        0      0*               LISTEN      25154/python09:27
cedkhihat: is firewalls open for these ports?09:27
hihatI made a portscan last night where :8070 was found open, and on client side, I could connect to your demo server, I quickly check again09:29
hihatbtw, I was using debian sid packages09:30
cedkhihat: have you activate the webdav ?09:31
hihati need it09:31
hihatone reason for tryton over openerp (which was running on the same system before)09:32
cedkhihat: ok, it was to be sure that the python processes are Tryton and not OE :-)09:34
cedkhihat: have you any output from trytond ?09:34
hihat:-) there is no more openerp on that box...09:35
hihatroot@***:/etc/init.d# ps axu | grep tryton09:36
hihattryton   29507  5.5  1.9  44696 19416 ?        Sl   09:31   0:01 /usr/bin/python /usr/bin/trytond --config=/etc/trytond.conf --logfile=/var/log/trytond.log09:36
hihatroot     29527  0.0  0.0   3272   724 pts/0    S+   09:31   0:00 grep tryton09:36
-!- enlightx( has joined #tryton09:37
hihatroot@***:/etc/init.d# tail -f /var/log/trytond.log09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:account_invoice_history:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:stock_supply:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:analytic_sale:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:analytic_purchase:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:stock_supply_day:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:purchase_invoice_line_standalone:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:modules:sale_price_list:registering classes09:37
hihat[Sun Aug 29 09:35:14 2010] INFO:server:starting NetRPC protocol, port 807009:37
hihat[Sun Aug 29 09:35:14 2010] INFO:server:starting WebDAV protocol, port 808009:37
hihat[Sun Aug 29 09:35:14 2010] INFO:server:waiting for connections...09:37
cedkhihat: ok (next time use pastbin or others)09:40
hihatok, sorry, I will09:41
cedkhihat: so it seems that there is an issue to reach the server09:41
cedkhihat: could you do a tcpdump to see if packets commes09:42
hihatI just did another adjustment in the trytond.conf09:43
hihatI replaced interface = localhost with interface =
cedkhihat: but your netstat output show that it already listen on all interfaces09:44
hihatyes it should not make a difference but when I made that adjustment I could connect, then I changed the secure_-settings, which led to a failure in starting tryton-server, changed it back (leaving interface = ) and now I am where I was, could not connect09:48
hihatthe ports 8070 and 8080 are open (port scanner diagnosis), I will do a tcpdump09:48
cedkhihat: you enabled ssl?09:49
hihatI tried to09:49
hihat(using pkey and certificate I use for apache2)09:49
hihatok, thank you, for now I am trying without ssl, not to complicate the problem and not to steal you too much time09:53
cedkhihat: as soon as you don't have sensitive data, it is ok09:56
hihattcpdump was empty, then restarting the client and I can connect (now in a secure config without webdav without ssl)!09:56
-!- daniel( has joined #tryton09:56
hihatthanks a lot for assistance, now I am gonna figuring out what was wrong with my ssl configuration, erp data always are sensitive I think (accounting stuff surely is, isn't it). Another reason to switch to tryton from openerp.09:57
hihatbtw, in the comparison chart, it was stated that tryton encrypts the password. Looking at trytond.conf, the trytonAdminPassword (admin_passwd) and the db_password are there in plaintext. How to store it encrypted?09:58
cedkhihat: this one is not encrypted but in production server it should be set to empty10:00
cedkhihat: others are stored in res_user table and encrypted with sha110:00
cedkhihat: the password is also "salted" to prevent rainbow table10:01
danielCan't seem to get a connection available for the server up and running on Ubuntu 9.1010:07
danielusing 1.6.110:08
danielinstalled via synaptic10:08
danielI've read the debian docs and can't seem to make it work for me10:08
hihatok, thank you for information. As I observe, when I comment (#) the db_password line in trytond.conf I need to comment all db_-fields so that default configuration is assumed - otherwise I cannot connect to server.10:08
hihatHi daniel, have you done a portscan to ensure 8070 is open?10:09
danielI have not!10:09
cedkhihat: db_password is for database connection10:09
hihatand just as a sidenote, I have heard that the debian packages of tryton would work with ubuntu too10:09
danielthank you for responding!10:09
cedkhihat: have outputs of trytond ?10:10
cedkdaniel: oops, have outputs of trytond ?10:11
hihatcedk: yes, I know, but if I leave empty the db_password as you suggested, but let the other db_-configfields active, I cannot connect, if I comment al db_-fields, I can.10:11
hihatdb_host = localhost10:12
hihatdb_port = 543210:12
hihatdb_user = tryton10:12
hihat#db_password = False10:12
hihat--> I cannot connect10:12
hihatok, let's help daniel for now...10:12
danielI don't.  I've tried launching from the commandline and from the client gui10:12
danielIt waits indefinitely for open connections on the commandline, so your suggestion makes sense10:13
hihatdaniel: try "tail -f /var/log/trytond.log"10:13
danielI simply type "trytond"10:13
hihatdaniel: do you try to connect from remote or client and server on same machine?10:13
hihatdaniel: from remote? from a windows or a linux client?10:14
danielLinux Ubuntu 9.1010:14
hihatdaniel: what is your output on "netstat -antp | grep python"?10:16
danielnothing, should I be redirecting it to a file?10:17
hihatdaniel: I don't know about the Ubuntu package, but even with the debian sid package it's necessary to do some manual postgresql-configuration in the pg_hba.conf10:17
danielI can't seem to get to the file!!!10:18
danielAt least I know that i'm trying the right things10:18
hihatdaniel: if the server was running and listening an the network interface, some related entry should appear when asking with "netstat -antp"10:18
danielpg_hba.conf is shown as a binary that I can't edit10:18
danielI see10:18
danielinteresting, I've only just started learning how to use netstat10:19
hihatdaniel: I did understand you right did I? you try to connect from a remote machine / client to the server on a different ubuntu-machine...10:19
danielNo, I'm trying to setup the server as a process on my laptop and then connect from the same laptop10:20
danielI haven't even gotten the software up and running yet at all10:20
danielin any way10:20
danielSpent several hours struggling with setting up Postgres10:21
danielLearning experience though, good stuff.10:21
hihatdaniel: I can understand you well, I didn't acquaint myself with postgresql until 2 months ago...10:22
danielThe documentation is excellent but I'm still quite awkward at the commandline10:23
danielso even doing basic tasks like setting up a db, or changing a port# is epic10:23
hihatdaniel: did you install a package or did you do the manual install?10:24
danielfirst though I tried through setup tools10:25
danieli think, it was even later than this when I intsalled the first time.  i think I may try to uninstall and reinstall tomorrow, maybe the pghba.conf will be editable then. And I can check my ports properly10:26
danielWould you suggest building from source? Or a package?  Or as a pypi module?10:26
hihatdaniel: first of all, I am not a developer, just a wanna-be-enduser with some linux experience that happens to be on that IRC right now because cedk assited me with another problem10:28
hihatdaniel: pg_hba.conf is a text-file, it should be editable, maybe your ftp client doesn't display it correctly, you might try to edit it with vim on the commandline10:28
danielwell thanks for the help that you've given thus far10:28
cedkdaniel: if you plane to make dev, follow
hihatdaniel: although maybe ubuntu already did adjust it during the package installation, I don't know about that package, I installed debian sid package10:29
danielyeah, its not on a separate machine, so I should be able to get it open10:29
danieldon't know why its not working10:30
cedkhihat: I think the ubuntu package if just a copy of the debian one10:30
cedkdaniel: the server is running?10:30
danielI'm afraid not10:30
cedkdaniel: did you run it from command line?10:31
danielno luck calling it with no arguements frm the commandline10:31
cedkdaniel: what was the output?10:31
daniel[Sun Aug 29 03:31:21 2010] INFO:server:using default configuration10:31
daniel[Sun Aug 29 03:31:21 2010] INFO:server:initialising distributed objects services10:31
daniel[Sun Aug 29 03:31:21 2010] DEBUG:psycopg2:installed. Logging using Python logging module10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:modules:ir:registering classes10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:modules:res:registering classes10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:modules:webdav:registering classes10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:modules:test:registering classes10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:modules:workflow:registering classes10:31
daniel[Sun Aug 29 03:31:22 2010] INFO:server:starting NetRPC protocol, port 807010:31
daniel[Sun Aug 29 03:31:22 2010] INFO:server:waiting for connections...10:31
hihatdaniel: so it seems to be running10:32
danieland then it never finds a connection or timesout, it just hangs10:32
danielit does10:32
cedkdaniel: it is a server so it is listening10:33
cedkdaniel: it works10:33
hihatdaniel: if you want to connect from remote, check once with a port scan, you can do by www without commandline here:
cedkdaniel: now run the client10:33
danielthe port IS closed.10:36
hihatdaniel: I had to adjust trytond.conf in order to get the port open. This is good because of security when you don't want to run it over the network. I suggest you to try to adjust the interface - line (on top of the file /etc/trytond.conf) like this "interface =" - stop server and start it again and check again whether the port is open (it probably would be open when netstat -antp reports it's listening on 8070)10:38
danieltrying now10:39
danielsearched my filesystem and conuldn't find the trytond.conf file10:44
danielnot in /etc/10:44
danielthere's a in the highest level directory of trytond, and it looks somewhat similar to Django's settings.py10:45
-!- hihat( has joined #tryton10:46
hihatdaniel, in that case it's not the same as the debian package .-)10:46
hihatwhen you start trytond from the commandline it should inform you in the first line which configurationfile it's using10:47
danieli think what happened is that I installed it via setup tools and just didn't pay attention to what was necessary, tomorrow morning after a solid nights sleep I'll uninstall/reinstall via debians package10:47
danielwell I'll try that right now10:48
danieljust says default configuration10:48
danielso probably the file10:49
danieljust guessing10:49
danielDo you know how I would open port 8070?10:49
hihatcedk: when I start tryton from the commandline as user trytond I get the following error-line:10:49
hihatcedk: tryton@***:/root$ trytond10:50
hihatERROR: couldn't create the logfile directory:[Errno 13] Permission denied: '/var/log/tryond.log'[Sun Aug 29 10:48:19 2010] INFO:server:using /etc/trytond.conf a10:50
hihats configuration file10:50
hihatcedk: and I see a tryond.log file generated, but shouldn't that be tryton.log (with a t instead, which file already exists of course)?10:50
hihatdaniel: imho the default configuration file is /etc/trytond.conf. the port would probably be opened automatically if you had everything configured so that the server nows that it has to listen to calls from over the network10:51
danielthats what i thought10:52
hihatcedk: can you help me out with a few ideas why my tryton-server fails to start when I enable ssl, I followed the instructions ( and have everything installed what's needed, further I used this key and certificate not only with apache2 successfully but also with openerp10:54
danielinteresting, it gives me a socket.error when i try to run as root10:54
danielthank you very much for the help10:54
danielbed time for me, try again tomorrow10:54
hihatdaniel: I am glad if I could help as I am sometimes in need of help too, good night and good luck10:55
hihatcedk: that's what I get when starting ssl-enabled trytond (as user tryton) from the command line:
udonohihat: make sure, that user 'tryton' can write to /var/log/tryond.log10:57
hihatudono: thanks for participation, yes I saw that problem, but why is there a log-file called tryond.log beside the one I have specified in /etc/trytond.conf called trytond.log?10:58
udonohihat: don't know, just remove it10:58
hihatudono: isn't that I typo somewhere in the code (tryond.log instead of trytond.log)?10:58
udonohihat: no, I don't think. Maybe it's a typo you did while testing?10:59
hihatudono: shame on me, it is!11:00
hihatudono/cedk: that was really stupid from me. however, the ssl connection problem is not affected by that (now corrected).11:01
udonohihat: what is the problem with ssl11:01
udonohihat: sorry, just reading your paste11:02
udonohihat: your user tryton needed to have read access for the keyfiles11:03
hihatudono: yes, I checked that, there is read access for all users11:04
udonohihat: maybe to much read access...11:04
udonoACTION is unsure about this11:05
hihathihat: for security reason, maybe, but it's not in an exposed path and it needs to be because of virtual hosts, apache and other apps working with it11:06
hihatudono: sorry, confused your name :-) so stupid like me config-typo before.11:07
hihatudono: anyway, this is my configuration file:  - as soon as I disable the ssl options, tryton-server starts properly11:07
hihatudono: don't worry, I will try copying key and certificate to another location once11:09
udonohihat: or just try to create temporary keys like described in the wiki.11:10
udonohihat: maybe the /*.crt won't work?11:11
udono... with tryton11:11
hihatudono: with openerp they did...11:13
cedkhihat: I think there is some permission check in OpenSSL before using a key11:16
udonohihat: then they should work with tryton, too11:16
hihatcedk: permission not bound to the file system?11:18
cedkhihat: no fs permission11:18
hihatcedk: because I tried and copy the key and crt directly to /etc/ with no success11:19
hihatcedk: what kind of permission do I have to check?11:19
udonohihat: maybe something like this: sudo usermod -a -G ssl-cert tryton11:24
udono* on debian11:25
hihatok I try integrating this cert and key by openssl only for tryton again11:26
hihathowever if I managed to use them with l11:32
hihatwith openerp I should with tryton too...11:32
cedkhihat: the error message from OpenSSL is clear that it can not open the certificate file12:06
hihatcedk: yes, I see - I installed key / certificate again with user tryton and it's working now! thanks for your assistance, the helpfulness of tryton-developers is a great plus!12:26
-!- digitalsatori(~tony@ has joined #tryton13:35
-!- sharoon( has joined #tryton14:01
-!- tony_(~tony@ has joined #tryton14:08
-!- tony__(~tony@ has joined #tryton14:46
-!- pheller( has joined #tryton14:49
-!- FWiesing( has joined #tryton16:38
-!- David( has joined #tryton17:12
-!- gremly(~gremly@ has joined #tryton17:33
-!- hihat( has joined #tryton17:34
-!- David( has joined #tryton18:03
-!- sharoon( has joined #tryton18:23
-!- enlightx( has joined #tryton18:26
-!- zodman(~zodman@foresight/developer/zodman) has joined #tryton18:57
-!- Guest62327( has joined #tryton18:57
-!- hihat( has joined #tryton19:17
-!- zodman(~zodman@foresight/developer/zodman) has joined #tryton19:27
-!- David( has joined #tryton19:31
-!- plantian( has joined #tryton19:47
-!- eLBati(~elbati@ has joined #tryton20:07
-!- gremly(~gremly@ has joined #tryton20:58
-!- gremly(~gremly@ has joined #tryton22:09
-!- pheller( has joined #tryton22:57
-!- pepeu(~manuel@ has joined #tryton23:27

Generated by 2.11.0 by Marius Gedminas - find it at!