[BlueOnyx:25208] Re: BlueOnyx 5210R: CentOS 8 to AlmaLinux 8 conversion — my experience

[Michael Stauber]

Hi Meaulnes,

> well me too, I tried the conversion on a server without too many fussy
> users — with success (except for a small glitch at the end). I take the
> liberty of sharing this:

Many thanks for sharing this. Indeed, during the conversion pretty much
all OS RPMs get reinstalled. This can rock the boat a little as far as
some services are concerned.

But that's easily fixed afterwards by toggling these services off in the
GUI, save and then turn them back on. Which is probably a mandatory for
the AV-SPAM related services just to make sure that all configs are
correct and that the services are restarted in the right order.

I just updated the conversion guide with that info.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25207] Re: Easy Migrate 5210R from 5208R

[Michael Stauber]

Hi Darren,

>  I took your advice, and I'm going forward with installing a new 5210R
> system with the intention of migrating my 5208R, instead oof waiting for
> 5211R. The very first section is "Server Preparation", and I'm trying to do
> the "ssh-copy-id" step so the new system can log into the old one. I just
> get errors, everytime.
> 
> Typing the command as suggested - "ssh-copy-id root@10.x.x.y" where 10.x.x.y
> is the address of the source, just gets me "/usr/bin/ssh-copy-id: ERROR: No
> identities found"
> 
> Ok, I'll run ssh-keygen first, then try it again...
> 
> /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
> prompted now it is to install the new keys
> root@10.x.x.y's password: (I put in the correct password and hit enter)
> Permission denied, please try again.

Please check on the source server that you indeed have an ID for root:

[root@XYZ ~]# ls -la /root/.ssh/
drwx--  2 root root 4096  3. Jul 2020  .
dr-xr-x---. 8 root root 4096  3. Okt 17:09 ..
-rw-r--r--  1 root root 9292  1. Feb 2021  authorized_keys
-rw---  1 root root 6367  7. Nov 2018  id_rsa
-rw-r--r--  1 root root 1424  7. Nov 2018  id_rsa.pub
-rw-r--r--  1 root root 1356  3. Jul 2020  known_hosts
-rw---  1 root root 6367  7. Nov 2018  root.pem
-rw-r--r--  1 root root 1424  7. Nov 2018  root.pem.pub

There should be an "id_rsa" and "id_rsa.pub" present.

On the target server make sure that SSH is configured to allow "SSH Root
Login" and also has "Public Key Authentication" enabled.

You can easily check that and configure it in the 5210R GUI under
"Network Services" / "Shell & FTP".

Let me know if that helps or if you need further assistance.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25206] Easy Migrate 5210R from 5208R

[Darren Shea]

Michael,
 I took your advice, and I'm going forward with installing a new 5210R
system with the intention of migrating my 5208R, instead oof waiting for
5211R. The very first section is "Server Preparation", and I'm trying to do
the "ssh-copy-id" step so the new system can log into the old one. I just
get errors, everytime.

Typing the command as suggested - "ssh-copy-id root@10.x.x.y" where 10.x.x.y
is the address of the source, just gets me "/usr/bin/ssh-copy-id: ERROR: No
identities found"

Ok, I'll run ssh-keygen first, then try it again...

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
root@10.x.x.y's password: (I put in the correct password and hit enter)
Permission denied, please try again.

Am I missing something important? Are there steps I missed? They don't seem
to be listed on the https://www.blueonyx.it/easy-migrate page...

-Original Message-
Message: 4
Date: Fri, 5 Nov 2021 11:34:28 -0500
From: Michael Stauber 
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:25195] Re: RedHat 9 Beta released - BlueOnyx 5211R
Message-ID: <13e84b03-3cdf-6ef7-50d7-9ba47f269...@blueonyx.it>
Content-Type: text/plain; charset=utf-8

Hi Darren,

>  Will there be migration guides available for 5208R to 5211R at
launch?
> This seems like a way to resolve my Let'sEncrypt issues and help 
> future proof our outdated system...

When 5211R comes out, Easy-Migrate will allow you to import from supported
BlueOnyx platforms to it. That means 5209R and 5210R.

I'll make no guarantees that you can still use it to migrate from 5208R
directly to 5211R, although it probably will work.

5207R/5208R is so long out of support that it makes little sense for me to
still take it into consideration in anything new I do.

And 5211R is still long in the tooth. We don't know when RedHat Enterprise
Linux 9 will be out. And we don't know when an AlmaLinux 9 or RockyLinux 9
based on that RHEL9 will be out.

My guess? RHEL9 release is perhaps in February/March 2022 and the
AlmaLinux/RockyLinux 9 are released 1-3 months later. As soon as that
happens, I'll start officially releasing the first builds of BlueOnyx 5211R
and ISO images for it.

And like any time a brand new BlueOnyx comes out, the first couple of weeks
we'll see various hickups and rushed "last minute fixes" to tackle stuff
that didn't crop up during testing wile it was still in development.

So best case scenario is that 5211R is out and usable in April/May 2022.

If you still have a 5208R running, then please DO NOT WAIT THAT LONG.
Really.

I'd highly recommend to use Easy-Migrate to migrate off the 5208R straight
to a new box running 5210R on AlmaLinux. It doesn't get any easier than that
and the instructions for it are available here:

https://www.blueonyx.it/easy-migrate

If you need any help with the migration, then I'd be glad to lend a hand.

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25205] Re: BlueOnyx 5210R: CentOS 8 to AlmaLinux 8 conversion — my experience

[Meaulnes Legler @ MailList]

well me too, I tried the conversion on a server without too many fussy users — 
with success (except for a small glitch at the end). I take the liberty of 
sharing this:

# yum clean all
# yum update
# cat /etc/build
build 20210202 for a 5210R in en_US
# cat /etc/redhat-release
CentOS Linux release 8.4.2105

# /usr/sausalito/sbin/almalinux-deploy.sh | tee ~/almalinux-deploy_output.txt
...
/ very verbose for ~10min /
...
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful 
transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction test error:
  file /usr/share/pixmaps/poweredby.png from install of 
almalinux-logos-httpd-84.4-1.1.el8.noarch conflicts with file from package 
blueonyx-logos-httpd-80.5-3.el8.noarch

Run dnf distro-sync -y. Exit code: 1  ERROR
# dnf distro-sync -y
...

• Michael Stauber said:
# rpm -e --nodeps --justdb blueonyx-logos-httpd
• and ran the script again (I did this *before* he mailed this, it's now 
probably unnecessary)

# /usr/sausalito/sbin/almalinux-deploy.sh | tee ~/almalinux-deploy_output2.txt

# reboot

• After that, AV-Spam services and the SSHd server didn't run, thus no ssh 
login possible
• restarted SSHd over GUI and could then login

# cat /etc/redhat-release
AlmaLinux release 8.4 (Electric Cheetah)
# cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.4 (Electric Cheetah)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.4 (Electric Cheetah)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:almalinux:almalinux:8.4:GA"
HOME_URL="https://almalinux.org/;
DOCUMENTATION_URL="https://wiki.almalinux.org/;
BUG_REPORT_URL="https://bugs.almalinux.org/;
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.4"

• Now Active Monitor still reported stalled AV-Spam services

#  systemctl restart avspam
Job for avspam.service canceled.

• So I turned it off and on in GUI at Network Services > AV-SPAM, then Active 
Monitor reported all ok.

Best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660


• But strange enough, the service still reports:

# systemctl status avspam
● avspam.service - AV-SPAM
   Loaded: loaded (/usr/lib/systemd/system/avspam.service; disabled; vendor 
preset: disabled)
   Active: active (exited) since Tue 2021-11-09 18:08:30 CET; 4min 21s ago
  Process: 46064 ExecStart=/usr/sausalito/sbin/avspam_init.pl -start 
(code=exited, status=0/SUCCESS)
 Main PID: 46064 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 104857)
   Memory: 0B
   CGroup: /system.slice/avspam.service

Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: 
==
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | Postfix|   1  
 |  0 | 0|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | Greylist   |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | GeoIP  |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | Spamassassin   |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | Spamass-Milter |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | ClamAV |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: | ClamAV-Milter  |   1  
 |  1 | 1|
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: 
==
Nov 09 18:08:30 blue2.waveweb.ch avspam_init.pl[46064]: AV-SPAM Email service 
are in failed state.



On 09.11.21 17:52, Michael Stauber wrote:

Hi Dirk, Hi Michael,


After the command " rpm -e --nodeps --justdb blueonyx-logos-httpd" the upgrade 
to alma linux 8 was successful and all services are running.


Very well.

I just published an updated base-swupdate for 5210R that contains a
slightly modified conversion script. That now automatically handles the
replacement of "blueonyx-logos-httpd" and "blueonyx-logos-ipa" with the
respective AlmaLinux RPMs.

That fixes the issue.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25204] Re: BlueOnyx 5210R: CentOS 8 to AlmaLinux 8 conversion

[Michael Stauber]

Hi Dirk, Hi Michael,

> After the command " rpm -e --nodeps --justdb blueonyx-logos-httpd" the 
> upgrade to alma linux 8 was successful and all services are running.

Very well.

I just published an updated base-swupdate for 5210R that contains a
slightly modified conversion script. That now automatically handles the
replacement of "blueonyx-logos-httpd" and "blueonyx-logos-ipa" with the
respective AlmaLinux RPMs.

That fixes the issue.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25203] Re: High Load Average

[Fungal Style]

I was thinking about the issue again, a couple of other things to check and if 
it is not something obvious it may at least get you started on the right track.

A couple of other “common” issues would be:

  *   An exploited plugin
  *   An exploited site
With the exploited sites and plugins it is usually to send spam, now checking 
your maillog may show large amounts of sending and/or bounces, also checking 
webalizer to see the traffic statistics and often if there is an exploitd site 
or plugin it will show up as having a large number of hits/visits from often 
the same IP address(es).

Well that is where I would start looking…

Summary:
from TOP command, you can probably workout the site that is causing grief, then 
check maillog and http logs (although webalizer will be easier to see as it 
will show in a report format after the cpu load goes back down, so more 
post-mortem), the http logs are good to tail (using the -f switch) as you can 
often see a pattern with the ip address of the path of the site being accessed 
if the cpu utilisation is high.

Regards
Brian

From: Fungal Style 
Date: Tuesday, 9 November 2021 at 4:52 pm
To: Blueonyx mailing list 
Subject: Re: [BlueOnyx:25196] High Load Average

Try disabling XMLRPC in wordpress sites, it is the script kiddie spammers 
trying to post to the comments via a proxy.

Check the PHP-CGI and php-fpm users, that will usually tell you the site they 
are hitting.

Also some unscrupulous SEO people will use that to try and bring up unique hits 
to make it look like they are doing a good job and the web owner needs to 
convert them or words to that effect… sad, I see it too many times.

Regards
Brian.

From: Blueonyx  on behalf of Richard Sidlin 

Reply to: Blueonyx mailing list 
Date: Tuesday, 9 November 2021 at 1:30 am
To: Blueonyx mailing list 
Subject: [BlueOnyx:25196] High Load Average

5210R

Just recently the load average is going crazy and of course the server slows 
right down. I have about 10 low to medium usage websites, no emails. Mainly 
Wordpress sites.

In Top, there is a lot of either php-fpm or php-cgi depending on the php 
settings that constantly use loads of CPU. This is happening across most sites, 
not just one causing an issue.

Can anyone point me in the right direction on how to trace where the problem is?

Thanks


Richard
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25201] Re: BlueOnyx 5210R: CentOS 8 to AlmaLinux 8 conversion

[Michael Stauber]

Hi Michael,

Try this for now:

rpm -e --nodeps --justdb blueonyx-logos-httpd

Then run the conversion-script again.

I'll check if I need to adapt the converter to deal with this when I get back 
to the office.

Am 9. November 2021 00:16:26 GMT-05:00 schrieb Michael Aronoff 
:
>I ran this and got the following error on each server.
>
>Error: Transaction test error:
>   file /usr/share/pixmaps/poweredby.png from install of 
>almalinux-logos-httpd-84.4-1.1.el8.noarch conflicts with file from 
>package blueonyx-logos-httpd-80.5-3.el8.noarch
>
>Run dnf distro-sync -y. Exit code: 1
>
>What should I do?
>
>Thanks,
>
>M Aronoff Out – maron...@gmail.com
>
>I'm a great believer in luck, and I find
>the harder I work the more I have of it.
>   - Thomas Jeffersonyx 
>
>
>___
>Blueonyx mailing list
>Blueonyx@mail.blueonyx.it
>http://mail.blueonyx.it/mailman/listinfo/blueonyx

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx