Join the community today
Register Now

CSF broken on new installs

Discussion in 'Bug Reports' started by jcat, May 3, 2018.

  1. jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    3:05 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 7 64bit ?
    • Centmin Mod Version Installed: i.e. 123.09beta01
    Just did 2 fresh installs to be sure, both looks like CSF failed to install:

    Code:
    [root@wpo centminlogs]# centmin
    /usr/local/src/centminmod ~/centminlogs
    
    sed: can't read /etc/csf/csf.conf: No such file or directory
    find: '/home/nginx/domains/*/public': No such file or directory
    grep: /etc/csf/csf.conf: No such file or directory
    sed: can't read /etc/csf/csf.conf: No such file or directory
    sed: can't read /etc/csf/csf.conf: No such file or directory
    cp: cannot create regular file '/etc/csf/load.sh': No such file or directory
    sed: can't read /etc/csf/csf.conf: No such file or directory
    sed: can't read /etc/csf/csf.conf: No such file or directory

    I saw a bunch of commits for "fix MYSQLSERVICE_DISABLED='y' routine for CentOS 6 & 7 systems on 123…" that reference csf so possibly from that?

    centminmod_123.09beta01.b019_*_install.log

    this never mentions it installing, only being downloaded.

     
    Last edited: May 3, 2018
  2. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    5:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wasn't just CSF looks like Nginx didn't install too
    Code (Text):
    find: '/home/nginx/domains/*/public': No such file or directory
    


    OpenVZ, Xen, KVM or dedicated server ?

    what's output for these commands
    Code (Text):
    date
    

    Code (Text):
    cminfo versions
    

    Code (Text):
    cminfo listlogs
    


    For posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)

    To troubleshoot initial installation, you need to check the initial install log at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the initial install log. You can see full details at How to troubleshoot Centmin Mod initial install issues

    Example list /root/centminlogs files in date ascending order and grep for install.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep install.log
    

    example output returns install log at /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    Code (Text):
    ls -lahrt /root/centminlogs | grep install.log
    -rw-r--r--  1 root root 2.2M Oct 11 01:40 centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    

    in SSH use cat to ouput contents of /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log. Clear your SSH client window/buffer so only output is the contents of the file
    Code (Text):
    cat /root/centminlogs/centminmod_1.2.3-eva2000.09.001_111016-112321_install.log
    

    Then copy and paste into Pastebin.com or Gists entry. If your SSH window scroll buffer isn't that large to get the whole contents of the install log, you can download file manually and copy and paste contents. But makes sure it's sanitised version of the contents of the initial install log as outlined at How to troubleshoot Centmin Mod initial install issues
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    5:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    So far not able to reproduce your issue though, tested fresh installs of 123.09beta01 on
    • CentOS 6.9 OpenVZ
    • CentOS 7.4 OpenVZ
    • CentOS 7.4 KVM
    checking one of the install logs outputted from command i.e. /root/centminlogs/centminmod_123.09beta01.b020_030518-082941_install.log
    Code (Text):
    cminfo listlogs
    

    Code (Text):
    cminfo listlogs
    
    List all /root/centminlogs in data ascending order
    total 7.1M
    -rw-r--r-- 1 root root  11K May  3 08:30 centminmod_123.09beta01.b020_030518-082941_yuminstall_centos7.log
    -rw-r--r-- 1 root root  11K May  3 08:30 centminmod_yumtimes_030518-082941.log
    -rw-r--r-- 1 root root   37 May  3 08:30 centminmod_profiletimes_030518-082941.log
    -rw-r--r-- 1 root root 2.2K May  3 08:30 cmm-login-git-checks_030518-083017.log
    -rw-r--r-- 1 root root  78K May  3 08:30 centminmod_downloadtimes_030518-082941.log
    -rw-r--r-- 1 root root 1.3K May  3 08:30 securedtmp.log
    -rw-r--r-- 1 root root  584 May  3 08:30 patch_opensslpatches_030518-082941.log
    -rw-r--r-- 1 root root   45 May  3 08:32 centminmod_opensslinstalltime_030518-082941.log
    -rw-r--r-- 1 root root    8 May  3 08:32 patch_patchnginx_030518-082941.log
    -rw-r--r-- 1 root root 2.1K May  3 08:33 gcc_native.log
    -rw-r--r-- 1 root root 1.5K May  3 08:33 nginx-configure-030518-082941.log
    -rw-r--r-- 1 root root 2.7M May  3 08:35 centminmod_ngxinstalltime_030518-082941.log
    -rw-r--r-- 1 root root 9.5K May  3 08:37 setio_innodbstatus-before-030518-083705.log
    -rw-r--r-- 1 root root  784 May  3 08:37 centminmod_setio_030518-083705.log
    -rw-r--r-- 1 root root 9.5K May  3 08:37 setio_innodbstatus-after-030518-083705.log
    -rw-r--r-- 1 root root 2.3K May  3 08:37 gcc_php_native.log
    -rw-r--r-- 1 root root   58 May  3 08:41 centminmod_phpinstalltime_030518-082941.log
    -rw-r--r-- 1 root root  467 May  3 08:41 zendopcache_passfile.txt
    -rw-r--r-- 1 root root  29K May  3 08:44 centminmod_123.09beta01.b020_030518-082941_yum-log.log
    -rw-r--r-- 1 root root  125 May  3 08:44 install.utc.time.log
    -rw-r--r-- 1 root root 4.2M May  3 08:44 centminmod_123.09beta01.b020_030518-082941_install.log
    -rw-r--r-- 1 root root   19 May  3 08:44 getcmtime_installtime_030518-082521.log
    -rw-r--r-- 1 root root   56 May  3 08:44 firstyum_installtime_030518-082521.log
    -rw-r--r-- 1 root root  794 May  3 08:44 install_time_stats_030518-082521.log
    -rw-r--r-- 1 root root 4.8K May  3 08:44 sar-u-installstats.log
    -rw-r--r-- 1 root root 4.4K May  3 08:44 sar-q-installstats.log
    -rw-r--r-- 1 root root 6.7K May  3 08:44 sar-r-installstats.log
    -rw-r--r-- 1 root root 6.1K May  3 08:44 sar-d-installstats.log
    -rw-r--r-- 1 root root 3.8K May  3 08:44 sar-b-installstats.log
    ---------- 1 root root    0 May  3 08:44 sedttaoPW
    ---------- 1 root root    0 May  3 08:44 sedJm4mBW
    ---------- 1 root root    0 May  3 08:44 sedRYpNCW
    ---------- 1 root root    0 May  3 08:44 sed7PzmrW
    ---------- 1 root root    0 May  3 08:44 sedZXoXvW
    -rw-r--r-- 1 root root 2.2K May  3 08:44 yum-timedhosts.txt
    

    grep for start of CSF firewall install and output next 50 lines after the match
    Code (Text):
    grep -A50 -n 'Installing CSF firewall' /root/centminlogs/centminmod_123.09beta01.b020_030518-082941_install.log
    

    Code (Text):
    grep -A50 -n 'Installing CSF firewall' /root/centminlogs/centminmod_123.09beta01.b020_030518-082941_install.log 
    20662:* Installing CSF firewall... 
    20663-*************************************************
    20664-Installing...
    20665-
    20666-Selecting installer...
    20667-
    20668-Running csf generic installer
    20669-
    20670-Installing generic csf and lfd
    20671-
    20672-Check we're running as root
    20673-
    20674-Checking Perl modules...
    20675-Using configuration defaults
    20676-...Perl modules OK
    20677-
    20678-mkdir: created directory ‘/etc/csf’
    20679-mkdir: created directory ‘/var/lib/csf’
    20680-mkdir: created directory ‘/var/lib/csf/backup’
    20681-mkdir: created directory ‘/var/lib/csf/Geo’
    20682-mkdir: created directory ‘/var/lib/csf/ui’
    20683-mkdir: created directory ‘/var/lib/csf/stats’
    20684-mkdir: created directory ‘/var/lib/csf/lock’
    20685-mkdir: created directory ‘/var/lib/csf/webmin’
    20686-mkdir: created directory ‘/var/lib/csf/zone’
    20687-mkdir: created directory ‘/usr/local/csf’
    20688-mkdir: created directory ‘/usr/local/csf/bin’
    20689-mkdir: created directory ‘/usr/local/csf/lib’
    20690-mkdir: created directory ‘/usr/local/csf/tpl’
    20691-‘csf.generic.conf’ -> ‘/etc/csf/csf.conf’
    20692-‘csf.generic.allow’ -> ‘/etc/csf/csf.allow’
    20693-‘csf.deny’ -> ‘/etc/csf/./csf.deny’
    20694-‘csf.redirect’ -> ‘/etc/csf/./csf.redirect’
    20695-‘csf.resellers’ -> ‘/etc/csf/./csf.resellers’
    20696-‘csf.dirwatch’ -> ‘/etc/csf/./csf.dirwatch’
    20697-‘csf.syslogs’ -> ‘/etc/csf/./csf.syslogs’
    20698-‘csf.logfiles’ -> ‘/etc/csf/./csf.logfiles’
    20699-‘csf.logignore’ -> ‘/etc/csf/./csf.logignore’
    20700-‘csf.blocklists’ -> ‘/etc/csf/./csf.blocklists’
    20701-‘csf.generic.ignore’ -> ‘/etc/csf/csf.ignore’
    20702-‘csf.generic.pignore’ -> ‘/etc/csf/csf.pignore’
    20703-‘csf.rignore’ -> ‘/etc/csf/./csf.rignore’
    20704-‘csf.fignore’ -> ‘/etc/csf/./csf.fignore’
    20705-‘csf.signore’ -> ‘/etc/csf/./csf.signore’
    20706-‘csf.suignore’ -> ‘/etc/csf/./csf.suignore’
    20707-‘csf.uidignore’ -> ‘/etc/csf/./csf.uidignore’
    20708-‘csf.mignore’ -> ‘/etc/csf/./csf.mignore’
    20709-‘csf.sips’ -> ‘/etc/csf/./csf.sips’
    20710-‘csf.dyndns’ -> ‘/etc/csf/./csf.dyndns’
    20711-‘csf.syslogusers’ -> ‘/etc/csf/./csf.syslogusers’
    20712-‘csf.smtpauth’ -> ‘/etc/csf/./csf.smtpauth’
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    5:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @jcat what region/city is your VPS servers from ? Interesting I tested 4 combinations and only CentOS 6.9 on KVM in Upcloud Chicago had issues with EPEL YUM repo's mirror list
    • CentOS 6.9 OpenVZ OK - Hostus.us Los Angeles
    • CentOS 7.4 OpenVZ OK - Hostus.us Los Angeles
    • CentOS 7.4 KVM OK - Upcloud Chicago
    • CentOS 6.9 KVM Upcloud Chicago - failed
    It failed due to cascading yum repo issues starting with failure of EPEL YUM repo mirror list - this prevented crucial yum packages to be NOT installed i.e. gcc compiler, devtoolset for gcc via centos-release-scl package etc. This caused axel multi-threaded download tool to not install which in turn caused ccache compiler cache, csf and nginx etc to not install as unable to download the source tarballs.

    So could be outage or issue with EPEL Yum repo mirrors in certain locations with CentOS 6 ? Had no problems with CentOS 7 EPEL Yum repo mirror
    Code (Text):
    yum list centos-release-scl
    Loaded plugins: fastestmirror, security
    Loading mirror speeds from cached hostfile
    epel/metalink                                                                                                                                                                                                                      |  439 B     00:00   
    Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
    No repomd file
    Error: File /var/cache/yum/x86_64/6/epel/metalink.xml does not exist
    

    install log then shows axel failed to download
    Code (Text):
    Download axel-2.6.tar.gz ...
    Axel 2.6 Archive found, skipping download...
    axel-2.6.tar.gz valid file.
    
    checking for a BSD-compatible install... /usr/bin/install -c
    checking whether build environment is sane... yes
    checking for a thread-safe mkdir -p... /bin/mkdir -p
    checking for gawk... gawk
    checking whether make sets $(MAKE)... yes
    checking whether make supports nested variables... yes
    checking for gcc... /opt/rh/devtoolset-4/root/usr/bin/gcc
    checking whether the C compiler works... no
    configure: error: in `/svr-setup/axel-2.6':
    configure: error: C compiler cannot create executables
    See `config.log' for more details
    make: *** No targets specified and no makefile found.  Stop.
    make: *** No rule to make target `install'.  Stop.
    which: no axel in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
    

    and since gcc yum package fails to download due to EPEL yum errors, thus ccache cache failed to install
    Code (Text):
    Download ccache-3.4.1.tar.gz ...
    ccache 3.4.1 Archive found, skipping download...
    ccache-3.4.1.tar.gz valid file.
    
    install ccache 3.4.1
    make: *** No rule to make target `clean'.  Stop.
    configure: error: in `/svr-setup/ccache-3.4.1':
    configure: error: C compiler cannot create executables
    See `config.log' for more details
    make: *** No targets specified and no makefile found.  Stop.
    make: *** No rule to make target `install'.  Stop.
    
    ccache 3.4.1 update failed
    

    and so on etc.

    On CentOS 6.9 KVM Upcloud Chicago the EPEL YUM repo mirror hits their proxy06.fedoraproject.org or proxy09.fedoraproject.org app servers
    Code (Text):
    curl -I 'https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64'
    HTTP/1.1 200 OK
    Date: Thu, 03 May 2018 10:58:28 GMT
    Server: Apache/2.4.29 (Fedora) mod_wsgi/4.5.15 Python/2.7
    X-Frame-Options: SAMEORIGIN
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Referrer-Policy: same-origin
    Content-Length: 439
    Vary: Accept-Encoding
    Content-Type: application/metalink+xml
    AppTime: D=22919
    AppServer: proxy06.fedoraproject.org
    

    Code (Text):
    curl -I 'https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64'
    HTTP/1.1 200 OK
    Date: Thu, 03 May 2018 10:58:27 GMT
    Server: Apache/2.4.29 (Fedora) mod_wsgi/4.5.15 Python/2.7
    X-Frame-Options: SAMEORIGIN
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Referrer-Policy: same-origin
    Content-Length: 439
    Vary: Accept-Encoding
    Content-Type: application/metalink+xml
    AppTime: D=6662
    AppServer: proxy09.fedoraproject.org
    

    Code (Text):
    dig +short proxy06.fedoraproject.org
    140.211.169.196
    
    dig +short proxy09.fedoraproject.org
    140.211.169.206
    
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    5:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looks like EPEL YUM repo issue has spread to CentOS 7.4 OpenVZ HostUS Los Angeles VPS too. This below is after a successful Centmin Mod 123.09beta01 install yum list command run.
    Code (Text):
    yum list centos-release-scl
    Loaded plugins: fastestmirror, priorities, versionlock
    base                                                                                                                                                                                                                               | 3.6 kB  00:00:00    
    centos-sclo-rh                                                                                                                                                                                                                     | 3.0 kB  00:00:00    
    centos-sclo-sclo                                                                                                                                                                                                                   | 2.9 kB  00:00:00    
    epel/x86_64/metalink                                                                                                                                                                                                               |  401 B  00:00:00    
    Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was
    No repomd file
    
    
     One of the configured repositories failed (Unknown),
     and yum doesn't have enough cached data to continue. At this point the only
     safe thing yum can do is fail. There are a few ways to work "fix" this:
    
         1. Contact the upstream for the repository and get them to fix the problem.
    
         2. Reconfigure the baseurl/etc. for the repository, to point to a working
            upstream. This is most often useful if you are using a newer
            distribution release than is supported by the repository (and the
            packages for the previous distribution release still work).
    
         3. Run the command with the repository temporarily disabled
                yum --disablerepo=<repoid> ...
    
         4. Disable the repository permanently, so yum won't use it by default. Yum
            will then just ignore the repository until you permanently enable it
            again or use --enablerepo for temporary usage:
    
                yum-config-manager --disable <repoid>
            or
                subscription-manager repos --disable=<repoid>
    
         5. Configure the failing repository to be skipped, if it is unavailable.
            Note that yum will try to contact the repo. when it runs most commands,
            so will have to try and fail each time (and thus. yum will be be much
            slower). If it is a very temporary problem though, this is often a nice
            compromise:
    
                yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
    
    File /var/cache/yum/x86_64/7/epel/metalink.xml does not exist
    

    nothing in EPEL mirror status shows issues though Fedora Infrastructure - Status

    But some reports by others of EPEL yum issues on fedora domains
    Wonder if it's due to Fedora 28 OS being released ?
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,278
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    5:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looks like mirrorlist is broken, if i manual switch from mirrorlist in EPEL yum repo to baseurl and change it to local Chicago EPEL mirror listed at Mirrors - MirrorManager it works

    /etc/yum.repos.d/epel.repo
    Code (Text):
    [epel]
    name=Extra Packages for Enterprise Linux 6 - $basearch
    #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
    baseurl=http://mirror.grid.uchicago.edu/pub/linux/epel/6/$basearch
    #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
    failovermethod=priority
    enabled=1
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
    
    [epel-debuginfo]
    name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
    #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
    mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
    gpgcheck=1
    
    [epel-source]
    name=Extra Packages for Enterprise Linux 6 - $basearch - Source
    #baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
    mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
    gpgcheck=1
    

    so change from
    Code (Text):
    [epel]
    name=Extra Packages for Enterprise Linux 6 - $basearch
    #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
    mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
    

    to
    Code (Text):
    [epel]
    name=Extra Packages for Enterprise Linux 6 - $basearch
    #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
    baseurl=http://mirror.grid.uchicago.edu/pub/linux/epel/6/$basearch
    #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
    

    doesn't block other yum installs like centos-release-scl as it should be
    Code (Text):
    yum list centos-release-scl  
    Loaded plugins: fastestmirror, security
    Loading mirror speeds from cached hostfile
     * base: mirror.riverfrontnetworks.com
     * extras: mirror.riverfrontnetworks.com
     * rpmforge: mirror.team-cymru.org
     * updates: mirror.riverfrontnetworks.com
    Available Packages
    centos-release-scl.noarch                                                                                                     10:7-3.el6.centos                                                                                                     extras
    

    Code (Text):
    yum list pigz
    Loaded plugins: fastestmirror, security
    Loading mirror speeds from cached hostfile
     * base: mirror.riverfrontnetworks.com
     * extras: mirror.riverfrontnetworks.com
     * rpmforge: mirror.team-cymru.org
     * updates: mirror.riverfrontnetworks.com
    Available Packages
    pigz.x86_64                                                                                                                2.3.4-1.el6                                                                                                                epel
    

    Guess need to wait for EPEL yum mirrrorlist on Fedora servers to sort themselves out