Author Topic: Webadmin unable to start after upgrading from 6,2 to 7.0  (Read 253 times)

Deslack

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Webadmin unable to start after upgrading from 6,2 to 7.0
« on: March 29, 2021, 03:42:37 pm »
Hello,

After upgrading from 6.2 to 7.0, I ran into problems not able to access the webadmin. Checking the status via
zs webadmin status with it returning stopped, then I attempt to start it via zs webadmin start. Though I got some entries in /var/log/syslog as follows:

Code: [Select]
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 4.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21964]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 5.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21977]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 6.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21979]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 7.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21981]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 8.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Start request repeated too quickly.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: Failed to start Nginx http daemon for Zentyal web admin.

Daniel Joven

  • Zentyal Staff
  • Zen Apprentice
  • *****
  • Posts: 21
  • Karma: +13/-0
    • View Profile
Re: Webadmin unable to start after upgrading from 6,2 to 7.0
« Reply #1 on: March 29, 2021, 06:23:14 pm »
Hi Deslack,

It seems that you upgraded the Zentyal 6.2 server using an old version of zentyal-core package (6.2.9 is the latest version).

The error that you are getting is caused because the default certificate key size was 1024 in Ubuntu 18.04 and it is too small in the current version. Below you have the link of the script that upgrades the Zentyal 6.2 to 7.0, in the line '243' you have the commands that you need to run to fix your issue.

* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L243

Also, I recommend you to check if you need to run the rest of the command within the function 'postUpgradeProcedure'.

Best regards, Daniel Joven.

Deslack

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: Webadmin unable to start after upgrading from 6,2 to 7.0
« Reply #2 on: March 30, 2021, 01:24:40 pm »
Quote
root@kekwa:~# ./postUpgradeProcedure.sh
 - Regenerating Nginx cert...
SSL directory /conf/ssl does not exist, we will create it
New key file generated: '/conf/ssl/ssl.key'
New certificate file generated: '/conf/ssl/ssl.cert'
New PEM file generated: '/conf/ssl/ssl.pem'
All server's certificate files in place

ln: failed to create symbolic link '/sbin/iptables': File exists
ln: failed to create symbolic link '/usr/bin/bash': File exists
 - Creating the new DNS directory for Samba DLZ...
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/ZENTYAL-DOMAIN.LOCAL.zone
/usr/sbin/samba_upgradedns:338: DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead
  logger.warn("DNS records will be automatically created")
DNS records will be automatically created
DNS partitions already exist
dns-kekwa account already exists
BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf manually.
ATTENTION: The BIND configuration and keytab has been moved to: /var/lib/samba/bind-dns Please update your BIND configuration accordingly.
Finished upgrading DNS
zentyal-ca was already set to manually installed.
zentyal-core was already set to manually installed.
zentyal-dhcp was already set to manually installed.
zentyal-dns was already set to manually installed.
zentyal-firewall was already set to manually installed.
zentyal-network was already set to manually installed.
zentyal-ntp was already set to manually installed.
zentyal-samba was already set to manually installed.
zentyal-software was already set to manually installed.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
./postUpgradeProcedure.sh: line 54: checkBrokenPackages: command not found

*** Zentyal upgrade finished! Please restart your server now.

After moving /conf/ssl/* properly to /var/lib/zentyal, everything works fine now. Maybe I upgraded to 7.0 a bit too soon. Thank you!

lucrus

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Webadmin unable to start after upgrading from 6,2 to 7.0
« Reply #3 on: April 05, 2021, 09:01:46 pm »
Only to let others know, I've just upgraded today from 6.2.9 to 7.0 and I'm facing just the same issue.

Daniel Joven

  • Zentyal Staff
  • Zen Apprentice
  • *****
  • Posts: 21
  • Karma: +13/-0
    • View Profile
Re: Webadmin unable to start after upgrading from 6,2 to 7.0
« Reply #4 on: April 08, 2021, 01:50:24 pm »
Hi,

The error that you are getting is:

Code: [Select]
./postUpgradeProcedure.sh: line 54: checkBrokenPackages: command not found

Basically, the function 'postUpgradeProcedure' doesn't recognize the other function 'checkBrokenPackages'. So, make sure that this last function is present in your script.

Best regards, Daniel Joven.

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 449
  • Karma: +17/-0
    • View Profile
Re: Webadmin unable to start after upgrading from 6,2 to 7.0
« Reply #5 on: April 10, 2021, 01:00:17 pm »
Same error here.
I have reverted my VM server to previous snapshot.I will wait until migration to 7.0 is fine.