No Access to the cluster admin page of NS 8 after last core update

Bug
1

NethServer Version: 8 Beta
Module: Admin Page, Webtop and Nextcloud

Hi Friends,

after the last cor update from yesterday it’s no longer possible to get access to the cluster-admin page and also webtop and nextcloud. 404 page not found That is all what i can see.

Regards

Uwe

2

Check Redis status

systemctl status redis

Try to restart Redis

 systemctl restart redis
3

Hi@davidep,

here is the output of the above commands:

root@ns8.xxx.xx's password:
Last login: Fri Sep  1 13:23:44 2023 from 192.168.154.77
[root@ns8 ~]# systemctl restart redis
[root@ns8 ~]# systemctl status redis
● redis.service - Core Redis DB
     Loaded: loaded (/etc/systemd/system/redis.service; enabled; preset: disabl>
     Active: active (running) since Fri 2023-09-01 13:26:43 CEST; 27s ago
       Docs: https://github.com/NethServer/ns8-core
    Process: 12335 ExecStartPre=/bin/rm -f /run/redis.pid /run/redis.cid (code=>
    Process: 12336 ExecStart=/usr/bin/podman run --conmon-pidfile=/run/redis.pi>
    Process: 12355 ExecStartPost=/usr/local/bin/redis-wait-ready --retries 30 ->
    Process: 12360 ExecStartPost=/usr/local/bin/acl-load (code=exited, status=0>
    Process: 12361 ExecStartPost=/usr/local/sbin/apply-vpn-routes (code=exited,>
   Main PID: 12347 (conmon)
      Tasks: 1 (limit: 48948)
     Memory: 700.0K
        CPU: 910ms
     CGroup: /system.slice/redis.service
             └─12347 /usr/bin/conmon --api-version 1 -c e3b146980f48258420b890b>

Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * Done >
Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * DB lo>
Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * Ready>
Sep 01 13:26:43 ns8.xxx.xx redis[12360]: ACLs loading skipped on the leader n>
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: wg set wg0 peer QjssDrMxxNuRAU+SIFva>
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: Address 192.168.154.108 is not route>
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: ip route replace 10.5.4.1 nexthop de>
lines 1-23...skipping...
● redis.service - Core Redis DB
     Loaded: loaded (/etc/systemd/system/redis.service; enabled; preset: disabled)
     Active: active (running) since Fri 2023-09-01 13:26:43 CEST; 27s ago
       Docs: https://github.com/NethServer/ns8-core
    Process: 12335 ExecStartPre=/bin/rm -f /run/redis.pid /run/redis.cid (code=exited, status=0/SUCCESS)
    Process: 12336 ExecStart=/usr/bin/podman run --conmon-pidfile=/run/redis.pid --cidfile=/run/redis.cid --cgroups=no-conmon --detach --log-opt=tag=redis --replace --name=redis --network=host --volume=redis-data:/data ${REDIS_IMAGE} (c>
    Process: 12355 ExecStartPost=/usr/local/bin/redis-wait-ready --retries 30 --period 1 (code=exited, status=0/SUCCESS)
    Process: 12360 ExecStartPost=/usr/local/bin/acl-load (code=exited, status=0/SUCCESS)
    Process: 12361 ExecStartPost=/usr/local/sbin/apply-vpn-routes (code=exited, status=0/SUCCESS)
   Main PID: 12347 (conmon)
      Tasks: 1 (limit: 48948)
     Memory: 700.0K
        CPU: 910ms
     CGroup: /system.slice/redis.service
             └─12347 /usr/bin/conmon --api-version 1 -c e3b146980f48258420b890b71e5335799f39f928f5158d3ab9b203623a1c25e8 -u e3b146980f48258420b890b71e5335799f39f928f5158d3ab9b203623a1c25e8 -r /usr/bin/crun -b /var/lib/containers/storage>

Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * Done loading RDB, keys loaded: 148, keys expired: 0.
Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * DB loaded from disk: 0.001 seconds
Sep 01 13:26:42 ns8.xxx.xx redis[12347]: 1:M 01 Sep 2023 11:26:42.918 * Ready to accept connections
Sep 01 13:26:43 ns8.xxx.xx redis[12360]: ACLs loading skipped on the leader node
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: wg set wg0 peer QjssDrMxxNuRAU+SIFvaY4e6co9KRdRpTO9jJeysMAk= persistent-keepalive 25 allowed-ips 192.168.154.108,10.5.4.1 endpoint 127.0.0.1:55820
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: Address 192.168.154.108 is not routed through VPN
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: ip route replace 10.5.4.1 nexthop dev wg0
Sep 01 13:26:43 ns8.xxx.xx redis[12361]: wg-quick save wg0
Sep 01 13:26:43 ns8.xxx.xx redis[12380]: [#] wg showconf wg0
Sep 01 13:26:43 ns8.xxx.xx systemd[1]: Started Core Redis DB.

Regards…

Uwe

4

I guess the last core update was for Traefik 1.1.0: could you attach the Traefik configuration?

You can find it with

 find /home/traefik*/.config/state/

For instance,

[root@cs1 ~]# find /home/traefik*/.config/state/
/home/traefik1/.config/state/
/home/traefik1/.config/state/CACHEDIR.TAG
/home/traefik1/.config/state/environment
/home/traefik1/.config/state/agent.env
/home/traefik1/.config/state/traefik.yaml
/home/traefik1/.config/state/selfsigned.key
/home/traefik1/.config/state/selfsigned.crt
/home/traefik1/.config/state/configs
/home/traefik1/.config/state/configs/_api_server.yml
/home/traefik1/.config/state/configs/_http2https.yml
/home/traefik1/.config/state/configs/_default_cert.yml
/home/traefik1/.config/state/configs/_api.yml
/home/traefik1/.config/state/custom_certificates

If you prefer, send me a PM to access your server and do the check by myself.

5

Here we have the output:

[root@ns8 ~]# find /home/traefik*/.config/state/
/home/traefik1/.config/state/
/home/traefik1/.config/state/CACHEDIR.TAG
/home/traefik1/.config/state/environment
/home/traefik1/.config/state/agent.env
/home/traefik1/.config/state/traefik.yaml
/home/traefik1/.config/state/selfsigned.key
/home/traefik1/.config/state/selfsigned.crt
/home/traefik1/.config/state/configs
/home/traefik1/.config/state/configs/mail1-rspamd-route.yml
/home/traefik1/.config/state/configs/_api_server.yml
/home/traefik1/.config/state/configs/_http2https.yml
/home/traefik1/.config/state/configs/_default_cert.yml
/home/traefik1/.config/state/configs/_api.yml
/home/traefik1/.config/state/configs/collabora1.yml
/home/traefik1/.config/state/configs/mattermost1.yml
/home/traefik1/.config/state/configs/nextcloud1.yml
/home/traefik1/.config/state/configs/webtop1.yml
/home/traefik1/.config/state/configs/mail1-rspamd.yml
/home/traefik1/.config/state/custom_certificates

6

Ok send me the contents of those files

9

Ok,

the content is hidden. Found it. Will edit it tomorrow.

10

Good news, @transocean I reproduced the issue on a clean installation.

I started with core 1.3.1, traefik 1.0.0, then I installed NextCloud, Collabora, Mail. After core upgrade (Traefik 1.1.0) I got 404 from installed apps.

I didn’t find any relevant error message in the log. BTW, the cluster-admin is still accessible /cc @giacomo

1 Like
11

This should be the manual fix:

diff -u .config/state/configs/mail1-rspamd.yml.ori .config/state/configs/mail1-rspamd.yml
--- .config/state/configs/mail1-rspamd.yml.ori	2023-09-04 11:55:38.549704045 +0000
+++ .config/state/configs/mail1-rspamd.yml	2023-09-04 11:55:51.472723883 +0000
@@ -2,7 +2,6 @@
   middlewares:
     mail1-rspamd-auth:
       forwardAuth:
-        tls: 'False'
         address: http://127.0.0.1:9311/api/module/mail1/http-basic/authorize-rspamd
     mail1-rspamd-stripprefix:
       stripPrefix:

I’m working on an automatic fix.

PR: redis2yaml: handle forwardauth middleware by gsanchietti · Pull Request #40 · NethServer/ns8-traefik · GitHub

4 Likes
12

Ok, friends of the sun…
Since the NS8 runs on a Proxmox here, the inexperienced user has of course a backup and that times quickly played back again. Now everything looks nice again. I wait then for the fix announced by @giacomo.

Regards

Uwe

13

Thank you for your time Uwe.
If you already updated, you should manually fix the mail1-rspamd.yml file.

Otherwise, if you have a working system, you need to enable the testing packages and update the core.
The traefik package with the fix is the 1.1.1-beta.2.

1 Like
14

@giacomo:

Everything looks good after the update. Thank you.

2 Likes