Error create first account

[Gskill75]

Hello,

when I would like create my first account I have this message.
Do you have an idea to debug this problem ?
For information I realized my installation with the puppet module.
Thank you in advance for your answer.

/opt/bastion/bin/admin/setup-first-admin-account.sh toto auto
╭──.prod.bast-01──────────────────────────────────────the-bastion-3.09.00───
│ ▶ create a new bastion account
├───────────────────────────────────────────────────────────────────────────────
│ Please paste the SSH key you want to add. This bastion supports the following algorithms:
│ ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one
│ ECDSA  : strongness[####.] speed[#####], use `ssh-keygen -t ecdsa -b 521' to generate one
│ RSA    : strongness[###..] speed[#....], use `ssh-keygen -t rsa -b 4096' to generate one
│
│ In any case, don't save it without a passphrase (your paste won't be echoed).
ssh-ed25519 XXXX
│ Creating group toto with GID 99998...
│ Creating user toto with UID 99998...
│ Creating tty group of account...

│
│ ⛔ Error while adding toto to group bastion-users (Command exited with status 6)
╰────────────────────────────────────────────────────────────</accountCreate>───
[root@xx ~]#

os facts:
NAME="AlmaLinux"
VERSION="8.6 (Sky Tiger)"
ID="almalinux"
ID_LIKE="rhel centos fedora"

[speed47]

Hello,

AlmaLinux is not officially supported, so minor alterations from CentOS (on which it seems to be based on) might get in the way.

Just tried on in a docker sandbox, a tiny change needs to be done on the script responsible for installing the prerequisites (system packages), as AlmaLinux doesn't name its repositories exactly the same. Namely, the "powertools" repo was not auto-enabled properly. You didn't seem to have encountered this issue, which might be because you already enabled it before. I'll still add a patch for this case (even if AlmaLinux is unsupported, the patch is minimal, so it's OK).

However I couldn't reproduce your problem. The Puppet module is known to work correctly under Debian, which has a lot of differences from RedHat/CentOS-derivatives, so it might also be part of the problem.

Can you enable debug mode and try again? This should give more details:
sed -i -re 's/"debug": .+/"debug": true,/' /etc/bastion/bastion.conf

The failing command is usermod, underneath, more precisely usermod -a -G bastion-users toto, can you try to run that manually and see if your system outputs an error?

[Gskill75]

Hello,
when I use the manual command I have this message :
usermod: group 'bastion-users' does not exist

[Gskill75]

for more details on my installation :
class { 'thebastion': install_packages => true, bastion_name => 'xx.prod.bast-01', allowed_networks => ['10.0.0.0/24', '10.0.10.0/24'], default_login => 'xx', admin_accounts => ['xx_a', 'xx_a'], password_allowed => false, super_owner_accounts => ['xxx-bast'], http_proxy_enabled => true, }

[speed47]

OK, so something went wrong with the install script when it tried to create the bastion-users group.
Can you run this command:
/opt/bastion/bin/admin/install --managed-upgrade, it'll attempt to create it again if it doesn't exist, and you might have an error message there that should give us a hint as to why it failed, should it fail again

[Gskill75]

Hello,
log-bastion-install.log

You will find attached the output in the order indicated.
I think indeed that there was a problem.
Thanks again for your time

[speed47]

The installation worked properly this time, so it seems that the script had not been launched previously, which is odd.
For good measure, can you also run this: /opt/bastion/bin/admin/install-ttyrec.sh -a, this'll install ovh-ttyrec as it appears to be missing also.

I'll have to try to reproduce your problem with Puppet and your distro.