Klik hier voor informatie over de wijziging in de levering van diensten en ondersteuning.

Upgrade OMV versie 4

OpenMediaVault (OMV) kan eenvoudig geupgrade worden van versie 5 naar 6 met omv-update (update: commando is vervangen door omv-upgrade) en vervolgens omv-release-upgrade.

Voor versie 4 (naar 5) is het commando omv-release-upgrade niet beschikbaar. Gelukkig is er wel een script beschikbaar. Dit script - en de procedure - wordt beschreven in de volgende post: https://forum.openmediavault.org/index.php?thread/27909-omv-5-0-finally-out/&postID=219830#post219830.

Ik heb het volgende commando uitgevoerd als root user op mijn OMV4 installatie: wget -O - https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/upgrade4to5 | sudo bash

Nadat het complete proces was doorlopen, werd de volgende melding weergegeven. 

Reboot now.

Then run:
  apt-get purge openmediavault-omvextrasorg resolvconf
  wget -O - https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/install | bash
  apt-get update
  apt-get dist-upgrade

  omv-salt deploy run nginx
  omv-salt deploy run phpfpm

https://forum.openmediavault.org/index.php?thread/27909-omv-5-0-finally-out/&postID=219830#post219830

Het bovenstaande komt bijna overeen met de beschrijving in de blog post (die bovenaan wordt aangehaald). Wat ontbreekt is de volgende regel: omv-confdbadm migrate conf 5.0.0

Met het commando reboot heb ik de reboot uitgevoerd. Na een paar minuten kon ik weer inloggen.

Vervolgens heb ik de commando's uitgevoerd, zoals in de post beschreven - inclusief het omv-confdbadm commando.

Het viel mij op dat er wijzigingen doorgevoerd moesten worden. Dit werd kenbaar gemaakt door een melding over Pending Changes in de web interface.

Na wat zoekwerk vond ik de volgende post over usrmerge: https://forum.openmediavault.org/index.php?thread/42608-can-t-apply-pending-configuration-changes/.

Na installatie van usrmerge bleef de melding over het opslaan van configuratiewijzigingen weg - maar dat was helaas van korte duur.

Ik heb opnieuw de wijzigingen doorgevoerd en ik kreeg dit keer een foutmelding:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run --no-color proftpd 2>&1' with exit code '1': mini-09.nova.inet: ---------- ID: configure_proftpd_mod_core Function: file.managed Name: /etc/proftpd/proftpd.conf Result: True Comment: File /etc/proftpd/proftpd.conf updated Started: 20:20:32.452429 Duration: 639.737 ms Changes: ---------- diff: --- +++ @@ -34,55 +34,3 @@ HideFiles (welcome.msg) </Directory> -<IfModule mod_auth.c> - DefaultRoot ~ - MaxClients 64 - MaxLoginAttempts 3 - RequireValidShell on - # This option is useless because this is handled via the PAM - # pam_listfile.so module, so set it to 'off' by default. - UseFtpUsers off -</IfModule> -<IfModule mod_auth_pam.c> - AuthPAM on - AuthPAMConfig proftpd -</IfModule> -<IfModule mod_ban.c> - BanEngine off - BanControlsACLs all allow user root - BanLog /var/log/proftpd/ban.log - BanMessage Host %a has been banned - BanTable /run/proftpd/ban.tab -</IfModule> -<IfModule mod_ctrls.c> - ControlsEngine on - ControlsMaxClients 2 - ControlsLog /var/log/proftpd/controls.log - ControlsInterval 5 - ControlsSocket /run/proftpd/proftpd.sock -</IfModule> -<IfModule mod_ctrls_admin.c> - AdminControlsEngine off -</IfModule> -<IfModule mod_delay.c> - DelayEngine on -</IfModule> -<IfModule mod_facl.c> - FACLEngine on -</IfModule> -<IfModule mod_quotatab.c> - QuotaEngine off -</IfModule> -<IfModule mod_ratio.c> - Ratios off -</IfModule> -LoadModule mod_vroot.c -<IfModule mod_vroot.c> - VRootEngine on - VRootLog /var/log/proftpd/vroot.log -</IfModule> -<IfModule mod_wrap.c> - TCPAccessFiles /etc/hosts.allow /etc/hosts.deny - TCPAccessSyslogLevels info warn - TCPServiceName ftpd -</IfModule> ---------- ID: configure_proftpd_mod_core_default_login_msg Function: file.managed Name: /srv/ftp/welcome.msg Result: True Comment: File /srv/ftp/welcome.msg is in the correct state Started: 20:20:33.093169 Duration: 13.708 ms Changes: ---------- ID: prereq_proftpd_mod_tls_certificates Function: salt.state Result: True Comment: States ran successfully. Updating mini-09.nova.inet. Started: 20:20:33.114226 Duration: 6081.081 ms Changes: mini-09.nova.inet: ---------- ID: remove_ssl_certificates_crt Function: module.run Result: True Comment: file.find: [] Started: 20:20:34.758300 Duration: 61.819 ms Changes: ---------- file.find: ---------- ID: remove_ssl_certificates_key Function: module.run Result: True Comment: file.find: [] Started: 20:20:34.820913 Duration: 8.643 ms Changes: ---------- file.find: ---------- ID: update_ssl_certificates Function: cmd.run Name: update-ca-certificates --fresh Result: True Comment: Command "update-ca-certificates --fresh" run Started: 20:20:34.833889 Duration: 4337.42 ms Changes: ---------- pid: 25174 retcode: 0 stderr: stdout: Clearing symlinks in /etc/ssl/certs... done. Updating certificates in /etc/ssl/certs... 126 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. ---------- ID: remove_ssh_certificates Function: module.run Result: True Comment: file.find: [] Started: 20:20:39.172428 Duration: 11.421 ms Changes: ---------- file.find: Summary for mini-09.nova.inet ------------ Succeeded: 4 (changed=4) Failed: 0 ------------ Total states run: 4 Total run time: 4.419 s ---------- ID: configure_proftpd_mod_tls Function: file.managed Name: /etc/proftpd/tls.conf Result: True Comment: File /etc/proftpd/tls.conf is in the correct state Started: 20:20:39.196368 Duration: 752.228 ms Changes: ---------- ID: configure_proftpd_mod_auth Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 9 lines Started: 20:20:39.949958 Duration: 91.672 ms Changes: ---------- diff: --- +++ @@ -34,3 +34,12 @@ HideFiles (welcome.msg) </Directory> +<IfModule mod_auth.c> + DefaultRoot ~ + MaxClients 64 + MaxLoginAttempts 3 + RequireValidShell on + # This option is useless because this is handled via the PAM + # pam_listfile.so module, so set it to 'off' by default. + UseFtpUsers off +</IfModule> ---------- ID: proftpd_ftpusers_deny_root Function: file.uncomment Name: /etc/ftpusers Result: True Comment: Pattern already uncommented Started: 20:20:40.042559 Duration: 12.938 ms Changes: ---------- ID: configure_proftpd_mod_auth_pam Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 4 lines Started: 20:20:40.056395 Duration: 16.822 ms Changes: ---------- diff: --- +++ @@ -43,3 +43,7 @@ # pam_listfile.so module, so set it to 'off' by default. UseFtpUsers off </IfModule> +<IfModule mod_auth_pam.c> + AuthPAM on + AuthPAMConfig proftpd +</IfModule> ---------- ID: configure_proftpd_mod_ban Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 7 lines Started: 20:20:40.074053 Duration: 78.129 ms Changes: ---------- diff: --- +++ @@ -47,3 +47,10 @@ AuthPAM on AuthPAMConfig proftpd </IfModule> +<IfModule mod_ban.c> + BanEngine off + BanControlsACLs all allow user root + BanLog /var/log/proftpd/ban.log + BanMessage Host %a has been banned + BanTable /run/proftpd/ban.tab +</IfModule> ---------- ID: configure_proftpd_mod_ctrls Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 7 lines Started: 20:20:40.153071 Duration: 21.636 ms Changes: ---------- diff: --- +++ @@ -54,3 +54,10 @@ BanMessage Host %a has been banned BanTable /run/proftpd/ban.tab </IfModule> +<IfModule mod_ctrls.c> + ControlsEngine on + ControlsMaxClients 2 + ControlsLog /var/log/proftpd/controls.log + ControlsInterval 5 + ControlsSocket /run/proftpd/proftpd.sock +</IfModule> ---------- ID: configure_proftpd_mod_ctrls_admin Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 3 lines Started: 20:20:40.175536 Duration: 15.56 ms Changes: ---------- diff: --- +++ @@ -61,3 +61,6 @@ ControlsInterval 5 ControlsSocket /run/proftpd/proftpd.sock </IfModule> +<IfModule mod_ctrls_admin.c> + AdminControlsEngine off +</IfModule> ---------- ID: configure_proftpd_mod_delay Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 3 lines Started: 20:20:40.191921 Duration: 15.243 ms Changes: ---------- diff: --- +++ @@ -64,3 +64,6 @@ <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> +<IfModule mod_delay.c> + DelayEngine on +</IfModule> ---------- ID: configure_proftpd_mod_facl Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 3 lines Started: 20:20:40.207993 Duration: 15.305 ms Changes: ---------- diff: --- +++ @@ -67,3 +67,6 @@ <IfModule mod_delay.c> DelayEngine on </IfModule> +<IfModule mod_facl.c> + FACLEngine on +</IfModule> ---------- ID: configure_proftpd_mod_quotatab Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 3 lines Started: 20:20:40.224126 Duration: 15.475 ms Changes: ---------- diff: --- +++ @@ -70,3 +70,6 @@ <IfModule mod_facl.c> FACLEngine on </IfModule> +<IfModule mod_quotatab.c> + QuotaEngine off +</IfModule> ---------- ID: configure_proftpd_mod_ratio Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 3 lines Started: 20:20:40.240427 Duration: 15.267 ms Changes: ---------- diff: --- +++ @@ -73,3 +73,6 @@ <IfModule mod_quotatab.c> QuotaEngine off </IfModule> +<IfModule mod_ratio.c> + Ratios off +</IfModule> ---------- ID: configure_proftpd_mod_vroot Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 5 lines Started: 20:20:40.256519 Duration: 70.411 ms Changes: ---------- diff: --- +++ @@ -76,3 +76,8 @@ <IfModule mod_ratio.c> Ratios off </IfModule> +LoadModule mod_vroot.c +<IfModule mod_vroot.c> + VRootEngine on + VRootLog /var/log/proftpd/vroot.log +</IfModule> ---------- ID: configure_proftpd_mod_wrap Function: file.append Name: /etc/proftpd/proftpd.conf Result: True Comment: Appended 5 lines Started: 20:20:40.327763 Duration: 19.719 ms Changes: ---------- diff: --- +++ @@ -81,3 +81,8 @@ VRootEngine on VRootLog /var/log/proftpd/vroot.log </IfModule> +<IfModule mod_wrap.c> + TCPAccessFiles /etc/hosts.allow /etc/hosts.deny + TCPAccessSyslogLevels info warn + TCPServiceName ftpd +</IfModule> ---------- ID: create_proftpd_hosts_file_-etc-hosts.allow Function: file.managed Name: /etc/hosts.allow Result: True Comment: File /etc/hosts.allow exists with proper permissions. No changes made. Started: 20:20:40.348312 Duration: 11.224 ms Changes: ---------- ID: create_proftpd_hosts_file_-etc-hosts.deny Function: file.managed Name: /etc/hosts.deny Result: True Comment: File /etc/hosts.deny exists with proper permissions. No changes made. Started: 20:20:40.360363 Duration: 12.073 ms Changes: ---------- ID: test_proftpd_service_config Function: cmd.run Name: proftpd --configtest Result: True Comment: Command "proftpd --configtest" run Started: 20:20:40.377177 Duration: 254.341 ms Changes: ---------- pid: 26548 retcode: 0 stderr: stdout: Checking syntax of configuration file ---------- ID: start_proftpd_service Function: service.running Name: proftpd Result: False Comment: Job for proftpd.service failed because the control process exited with error code. See "systemctl status proftpd.service" and "journalctl -xe" for details. Started: 20:20:41.149777 Duration: 422.374 ms Changes: ---------- ID: monitor_proftpd_service Function: module.run Result: False Comment: One or more requisite failed: omv.deploy.proftpd.default.start_proftpd_service Started: 20:20:41.592583 Duration: 0.047 ms Changes: Summary for mini-09.nova.inet ------------- Succeeded: 19 (changed=14) Failed: 2 ------------- Total states run: 21 Total run time: 8.575 s

Vervolgens heb ik het volgende commando uitgevoerd om te bekijken wat daar dan uitkomt: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run --no-color proftpd

De uitkomst is dat er twee taken falen...

Summary for mini-09.nova.inet
-------------
Succeeded: 19 (changed=14)``
Failed:     2
-------------
Total states run:     21
Total run time:    7.935 s

Ik dacht dat het probleem bij de configuratie van proftpd zou kunnen liggen. Om te bekijken wat er dan mis gaat, kan ik journalctl -xe uitvoeren.

Daar komt helaas niks uit over proftpd - maar wel over clamav. Dat is de virusscanner.

Maar systemctl status proftpd.service geeft wel een aanknopingspunt...

# systemctl status proftpd.service" and "journalctl -xe
systemctl: invalid option -- 'x'
root@mini-09:/# systemctl status proftpd.service
● proftpd.service - LSB: Starts ProFTPD daemon
   Loaded: loaded (/etc/init.d/proftpd; generated)
   Active: failed (Result: exit-code) since Sat 2023-03-11 20:25:35 CET; 4min 23s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 30433 ExecStart=/etc/init.d/proftpd start (code=exited, status=1/FAILURE)
    Tasks: 1 (limit: 2326)
   Memory: 6.6M
   CGroup: /system.slice/proftpd.service
           └─867 proftpd: (accepting connections)

...het proces proftpd is actief. Dat kan dan eigenlijk niet het probleem zijn.

Kortom: er moet iets anders aan de hand zijn. Mogelijk is er iets aan de hand met het proces waarmee wijzigingen in de configuratie worden doorgevoerd?

De config staat in een xml file (config.xml). De wijzigingen staan in /var/lib/openmediavault/dirtymodules.json. Ik zie daar het volgende in staan:

[
    "monit",
    "nginx",
    "cronapt",
    "proftpd",
    "cron",
    "rsync",
    "avahi",
    "samba",
    "initramfs",
    "iptables",
    "postfix",
    "apt",
    "hostname",
    "hosts",
    "ssh",
    "nfs",
    "clamav"
]

Dat zal allemaal wel. Ik heb er voor gekozen om de regels weg te halen. Ik kan dat met een tekst editor doen - maar alles overschrijven met een echo commando kan ook: echo "[]" > /var/lib/openmediavault/dirtymodules.json.

De melding komt nu niet meer terug en wanneer ik de gebruikte diensten bekijk - zoals Shared Folders - dan blijkt dat allemaal prima te werken. Ook worden alle geactiveerde services groen weergegeven.

Kortom: upgrade geslaagd - maar erg fijn is zo'n situatie niet. Nu is het afwachten of er zich toch nog problemen de kop op steken. Gelukkig zijn alle services bekend (dirtymodules.json), zodat ik alle instellingen van die services na kan lopen - en de werking kan controleren.