Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MeshCentral fails to start with openid-client v6.0.0 #6459

Open
justsomemate opened this issue Oct 17, 2024 · 6 comments
Open

MeshCentral fails to start with openid-client v6.0.0 #6459

justsomemate opened this issue Oct 17, 2024 · 6 comments
Assignees
@si458
Labels
bug

Comments

@justsomemate
Copy link

justsomemate commented Oct 17, 2024
edited
Loading

Describe the bug
openid-client released version 6.0.0 two days ago as an ESM module, which causes MeshCentral to fail to start (if openid authentication is enabled)

Error [ERR_REQUIRE_ESM]: require() of ES Module /opt/meshcentral/meshcentral/node_modules/openid-client/build/index.js from /opt/meshcentral/meshcentral/webserver.js not supported.
Instead change the require of index.js in /opt/meshcentral/meshcentral/webserver.js to a dynamic import() which is available in all CommonJS modules.

See
https://github.com/TypeStrong/ts-node#err_require_esm
https://github.com/panva/openid-client/releases/tag/v6.0.0

To Reproduce
Steps to reproduce the behavior:

  1. Have or add oidc and related configuration under "domains": "authStrategies"
  2. Restart MeshCentral
  3. See error

Expected behavior
MeshCentral starts and has the OIDC login button.

Screenshots
N/A

Server Software (please complete the following information):

  • OS: Docker host is OpenSuse Leap 15.5
  • Virtualization: Yes, Docker
  • Network: LAN/WAN
  • Version: 1.1.32
  • Node: 20.15.1

Client Device (please complete the following information):
N/A

Remote Device (please complete the following information):
N/A

Additional context

Error: Command failed: /usr/bin/node /opt/meshcentral/meshcentral/meshcentral --configfile config.json --launch 6
/opt/meshcentral/meshcentral/webserver.js:7445
let strategy = migrateOldConfigs(Object.assign({ 'client': {}, 'issuer': {}, 'options': {}, 'custom': {}, 'obj': { 'openidClient': require('openid-client') } }, initStrategy))
^

Error [ERR_REQUIRE_ESM]: require() of ES Module /opt/meshcentral/meshcentral/node_modules/openid-client/build/index.js from /opt/meshcentral/meshcentral/webserver.js not supported.
Instead change the require of index.js in /opt/meshcentral/meshcentral/webserver.js to a dynamic import() which is available in all CommonJS modules.
at setupDomainAuthStrategy (/opt/meshcentral/meshcentral/webserver.js:7445:144)
at setupAllDomainAuthStrategies (/opt/meshcentral/meshcentral/webserver.js:6568:88)
at serverStart (/opt/meshcentral/meshcentral/webserver.js:6555:13)
at /opt/meshcentral/meshcentral/webserver.js:309:17
at /opt/meshcentral/meshcentral/db.js:2652:115
at /opt/meshcentral/meshcentral/node_modules/mongodb/lib/utils.js:349:28 {
code: 'ERR_REQUIRE_ESM'
}

Your config.json file

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "settings": {
    "plugins":{"enabled": false},
    "mongoDb": "**redacted**",
    "cert": "**redacted**",
    "_WANonly": true,
    "_LANonly": true,
    "sessionKey": "**redacted**",
    "port": 443,
    "_aliasPort": 443,
    "redirPort": 80,
    "_redirAliasPort": 80,
    "AgentPong": 300,
    "TLSOffload": false,
    "SelfUpdate": false,
    "AllowFraming": false,
    "WebRTC": false
  },
  "domains": {
    "": {
      "_title": "MyServer",
      "_title2": "Servername",
      "minify": false,
      "NewAccounts": false,
      "localSessionRecording": false,
      "_userNameIsEmail": true,
      "_certUrl": "my.reverse.proxy",
      "userAllowedIP": "10.0.0.0/8,192.168.254.0/24",
      "authStrategies": {
        "oidc": {
          "issuer": {
            "issuer": "https://**redacted**/application/o/meshcentral/",
            "authorization_endpoint": "https://**redacted**/application/o/authorize/",
            "token_endpoint": "https://**redacted**/application/o/token/",
            "endsession_endpoint": "https://**redacted**/application/o/meshcentral/end-session/",
            "jwks_uri": "https://**redacted**/application/o/meshcentral/jwks/"
          },
          "client": {
            "client_id": "**redacted**",
            "client_secret": "**redacted**",
            "redirect_uri": "https://**redacted**/auth-oidc-callback"
          },
          "custom": {
            "scope": ["openid", "profile", "email", "groups"]
          },
          "groups": {
            "recursive": true,
            "required": ["MeshCentral Admin", "MeshCentral Agent"],
            "siteadmin": ["MeshCentral Admin"],
            "revokeAdmin": false,
            "sync": {
              "filter": ["MeshCentral Admin", "MeshCentral Agent"]
            }
          },
          "newAccounts": true
        }
      }
    }
  },
  "letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
    "email": "**redacted**",
    "names": "**redacted**",
    "rsaKeySize": 3072,
    "production": true
  }
}
@si458
Copy link
Collaborator

si458 commented Oct 17, 2024
edited
Loading

i was literally just about to post this issue!
i was setting up my test environment for docker!
in process of pinning the version for the moment

@si458 si458 self-assigned this Oct 17, 2024
@si458
Copy link
Collaborator

si458 commented Oct 17, 2024

1e2d736

@si458
Copy link
Collaborator

si458 commented Oct 17, 2024

fix for the moment is here

  1. stop meshcentral,
  2. cd /folder/to/meshcentral (eg cd /opt/meshcentral)
  3. npm install [email protected]
  4. start meshcentral

@Pshemas
Copy link

Pshemas commented Oct 20, 2024
edited
Loading

the same on my end. I have MC installed in podman container and currently with oidc it fails to start:

ERROR: Unable to install required modules. MeshCentral may not have access to npm, or npm may not have suffisent rights to load the new module. To manualy install this module try:

   cd "/opt/meshcentral/meshcentral"
   npm install --no-audit --no-optional --omit=optional openid-client
   node node_modules/meshcentral
Installing modules [ 'openid-client' ]

I've worked around it for the time being by mapping the node-moudules folder so I could access it outside the container and installed the missing packages there using the hosts npm.

@si458
Copy link
Collaborator

si458 commented Oct 20, 2024

@Pshemas, yes, it has already been pinned/fixed in the master docker image.

We just need to do a new release next month to have it fully included.

Or do the steps above
keep it running, then enter terminal of the container and run commands manually, then restart container (DONT COMPOSE DOWN/DELETE THE CONTAINER!)

@Pshemas
Copy link

Pshemas commented Oct 20, 2024
edited
Loading

After a careful reading it seems my error is different. On my end npm was not able to install those extra packages (apart from openid it was also passport and one more package) inside containers. The first thing I've tried was getting into the container (interactive bash session) and launching the commands manually. It failed too. Checked the connection - it was fine (I could access npm repo site from container).

So in the end I've mapped the folder where the dependencies are kept and installed those using npm on the host system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@si458 si458

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@si458 @Pshemas @justsomemate