Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Daniel Joven

Pages: 1 [2] 3
16
Hi Deslack,

It seems that you upgraded the Zentyal 6.2 server using an old version of zentyal-core package (6.2.9 is the latest version).

The error that you are getting is caused because the default certificate key size was 1024 in Ubuntu 18.04 and it is too small in the current version. Below you have the link of the script that upgrades the Zentyal 6.2 to 7.0, in the line '243' you have the commands that you need to run to fix your issue.

* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L243

Also, I recommend you to check if you need to run the rest of the command within the function 'postUpgradeProcedure'.

Best regards, Daniel Joven.

17
Hi grolon,

The error is:

Code: [Select]
ln: failed to create symbolic link '/etc/apparmor.d/disable/usr.sbin.dhcpd': File exists

Try to unlink/move/remove that file.

Then, fix the broken packages with the following command:

Code: [Select]
sudo dpkg --configure -a

NOTE: Sometimes, the above command must be executed a few times.

Best regards, Daniel Joven.

18
Hi Gabriel and thank you for your feedback,

I could reproduce the error and it seems to be related to DNSSEC. Please, add the following parameter below the option 'auth-nxdomain' in the stub '/usr/share/zentyal/stubs/dns/named.conf.options.mas':

Code: [Select]
dnssec-validation yes;

Then, restart the DNS module:

[code}
sudo zs dns restart
[/code]

Finally, check the DNS resolution.

Best regards, Daniel Joven.

19
Installation and Upgrades / Re: error proxy upgrade 6.2 to 7
« on: March 29, 2021, 12:42:33 pm »
Hi,

The command which thrown the error (is more a warning that an error) is almost at the end of the script. So, the critical functions of the upgrade were executed. Did you check the stability of the Zentyal server after the upgrade?

Also, could you please run the following commands and send me the output? I would like to see why you got the error.

Code: [Select]
sudo echo ${HOSTNAME}
sudo samba-tool group listmembers DnsAdmins 2> /dev/null | grep -i "dns-${HOSTNAME}"

Best regards, Daniel Joven.

20
Hi,

Thanks for the information.  Just to be clear, I run the specified commands from the upgrade script on my main system, do a backup, then also run the scripts on the disaster recovery machine, then do the restore?  I'll give this a try over the weekend.

Yes, you have to run those commands in the Zentyal server 7.0 which was upgraded from 6.2 in order to be able to restore a configuration backup.

21
Hi,

This issue is answered in the following post (reply 1 and 4):

* https://forum.zentyal.org/index.php/topic,35173.0.html

Best regards, Daniel Joven.

22
Hi,

Hi,
I have two machines with zentyal 6.2 and I have the offer on the web gui to upgrade to zentyal 7.0, however the process gets stuck on preparing. On both machines I have zentyal core 6.2.3, on web gui there is 6.2.8 suggestion (it redirects to doc page), but I cannot update it even via command line.
Any idea?
Thank you

You have to upgrade to 6.2.8 before attempting to upgrade to 7.0. Make sure you have a backup or snapshot before attempting an upgrade.

The latest version is 6.2.9.

After the upgrade dovecot IMAP service stopped working
In the mail.log file there are these warnings:
Code: [Select]
  dovecot: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
  config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
I tried to regenerate the "dh.pem" file with these methods:
Code: [Select]
  dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > dh.pem
  openssl dhparam -out dh.pem 4096
  openssl dhparam -out dh.pem 8192
  openssl genpkey -genparam -algorithm DH -out dh.pem -pkeyopt dh_paramgen_prime_len:4096
and modified ssl_dh option in  files /etc/dovecot/conf.d/10-ssl.conf and /usr/share/dovecot/conf.d/10-ssl.conf from /usr/share/dovecot/dh.pem to /etc/dovecot/dh.pem and his group from root to dovecot without success

I always got the error when mail client connect:
Code: [Select]
  dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=...

Please, try to generate the key using the following command:

Code: [Select]
sudo openssl dhparam -out /etc/dovecot/dh.pem 4096

Then, set the correct permissions:

Code: [Select]
sudo chown root:root /etc/dovecot/dh.pem
sudo chmod 0644 /etc/dovecot/dh.pem

After that, add the following parameter to the stub '/usr/share/zentyal/stubs/mail/dovecot.conf.mas':

Code: [Select]
ssl_dh = </etc/dovecot/dh.pem

Finally, restart the Mail module:

Code: [Select]
sudo zs mail restart

Best regards, Daniel Joven.

23
Hi Daniel,

Yes, this was an upgrade from 6.2.

Hi,

The issue that you are getting is caused by the new change of the DNS directory in Samba. Below you have a link to the upgrade script from Zentyal 6.2 where the issue and the workaround are reported and the commands to run (lines 279-286).

* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L274

24
Hi,

Did you upgrade your Zentyal 7.0 server from Zentyal 6.2?

As soon as I can, I will try to reproduce this behaviour.

25
Hi,

Do you get any error in the log files '/var/log/zentyal/zentyal.log' and '/var/log/syslog'?

When you lose the resolution, is the configuration file '/etc/resolv.conf' empty? If it is, did you try to restart the Network module? When the network module is restarted, it generate the content of the configuration file.

Also, I sent you a PM, please, as soon as you can read it.

Best regards, Daniel Joven.

26
Hi ggowins,

Are you using the latest version (7.0.1) of the Domain Controller module? This issue was fixed in that version, below you have the link to the commit:

27
Hi nickpiggott,

Can you please tell me which modules did you have installed when you did the upgrade? Did you get an error when the upgrade finished? Do you remember if you had any broken package after the upgrade?The script contains the symbolic link that you had to set.

Best regards, Daniel Joven.

28
Hi,

Quick Update:
  • The link does not solve the problem in my installation
  • Updating a second system ended in the same situation


Update to 7.0.3 also did not change anything.

The link that nickpiggott provided is correct, however, note that you need to run the next piece of code too, (the conditional of the line 265).

Also, do you remember if after the upgrade you had any broken package in your system? Which modules do you have installed? It seems that the script wasn't run the function 'postUpgradeProcedure' for some reason (probably broken packages).

29
Installation and Upgrades / Re: upgrade 6.2 to 7.0 - CA problem
« on: March 17, 2021, 12:26:32 pm »
Hi,

Just to inform you that the issue is fixed in the package's version 'zentyal-ca 7.0.1'.

Best regards, Daniel Joven.

30
Ugdate:

I did have to roll back the upgrade. Lots of stuff did not update and the upgrade had a key error. I have seen this before with other 18.x to 20 upgrades.

Could you please provide us more details about the issues that you got after the upgrade? Do you remember the status of the packages (system and zentyal)? Which modules are you using? Are you using the CA module with a service certificate for Zentyal Webadmin service?

Also, I recommend to run the script itself to upgrade the system if the system adminitrator has knowledge enough to use the commandline, the reason is the details that you get when it is upgrading the server. Below two examples:

1. Basic execution:

sudo /usr/share/zentyal/release-upgrade

2. Execution with verbosity:

sudo bash -x /usr/share/zentyal/release-upgrade

Pages: 1 [2] 3