Migration error while upgrading to latest yunohost version / Migration 0018_xtable_to_nftable did not complete

:uk:

Hello to everyone,
first i want to thank all of you for yunohost!!! I’m lovin’ it :heart:

My YunoHost server

Hardware: VPS bought online
YunoHost version: 4.1.7.1
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: I have moved the standard ssh port to another port number

Description of my issue

I have decided today to upgrade my yunohost server and almost everything went well but the migration of iptables to nftable failed with an error.
This is the log i get:

ended_at: 2021-02-05 17:29:45.096062
error: "Migration 0018_xtable_to_nftable did not complete, aborting. Error: Failed\
  \ to migrate legacy iptables rules to nftables: Failed to run command 'iptables-legacy-save\
  \ | iptables-restore'.\nreturncode: 4\nstdout:\n\nstderr:\niptables-restore v1.8.2\
  \ (nf_tables): \nline 3: CHAIN_UPDATE failed (No such file or directory): chain\
  \ INPUT\nline 4: CHAIN_UPDATE failed (No such file or directory): chain FORWARD\n\
  line 5: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT\n\n"
interface: cli
operation: tools_migrations_migrate_forward
parent: null
started_at: 2021-02-05 17:29:44.807294
success: false
yunohost_version: 4.1.7.1

============

2021-02-05 18:29:44,826: INFO - Running migration 0018_xtable_to_nftable...
2021-02-05 18:29:44,972: DEBUG - Running command: iptables-legacy-save | iptables-restore
2021-02-05 18:29:45,050: DEBUG - Running command: iptables-legacy-restore < /home/yunohost.backup/premigration/xtable_to_nftable/legacy_rules_ipv4
2021-02-05 18:29:45,073: DEBUG - Running command: iptables-legacy-restore < /home/yunohost.backup/premigration/xtable_to_nftable/legacy_rules_ipv6
2021-02-05 18:29:45,094: ERROR - Migration 0018_xtable_to_nftable did not complete, aborting. Error: Failed to migrate legacy iptables rules to nftables: Failed to run command 'iptables-legacy-save | iptables-restore'.
returncode: 4
stdout:

stderr:
iptables-restore v1.8.2 (nf_tables): 
line 3: CHAIN_UPDATE failed (No such file or directory): chain INPUT
line 4: CHAIN_UPDATE failed (No such file or directory): chain FORWARD
line 5: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT

Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/tools.py", line 897, in tools_migrations_migrate
    migration.run()
  File "/usr/lib/moulinette/yunohost/data_migrations/0018_xtable_to_nftable.py", line 55, in run
    raise YunohostError("migration_0018_failed_to_migrate_iptables_rules", error=e)
YunohostError: Failed to migrate legacy iptables rules to nftables: Failed to run command 'iptables-legacy-save | iptables-restore'.
returncode: 4
stdout:

stderr:
iptables-restore v1.8.2 (nf_tables): 
line 3: CHAIN_UPDATE failed (No such file or directory): chain INPUT
line 4: CHAIN_UPDATE failed (No such file or directory): chain FORWARD
line 5: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT

Maybe someone could help me out with this error?

Thank you in advance

Zblerg I’m not sure how to fix this, could be related to the technology used for your VPS …

Anyway I think you can legitimately skip that migration (using the skip button). But make sure that the firewall is correctly reloaded / restarted … e.g. if you go in Services > ynh-firewall, restart it and see if it looks happy

Hi Aleks,

i’ve restarted the firewall and here is the log:

Feb 08 11:02:47 systemd[1]: Stopping YunoHost Firewall...
Feb 08 11:04:17 systemd[1]: yunohost-firewall.service: Stopping timed out. Terminating.
Feb 08 11:04:17 systemd[1]: yunohost-firewall.service: Control process exited, code=killed, status=15/TERM
Feb 08 11:04:17 systemd[1]: yunohost-firewall.service: Failed with result 'timeout'.
Feb 08 11:04:17 systemd[1]: Stopped YunoHost Firewall.
Feb 08 11:04:17 systemd[1]: Starting YunoHost Firewall...
Feb 08 11:04:21 yunohost[32385]: Firewall reloaded
Feb 08 11:04:21 yunohost[32385]: opened_ports:
Feb 08 11:04:21 yunohost[32385]:   - 53
Feb 08 11:04:21 yunohost[32385]:   - 80
Feb 08 11:04:21 yunohost[32385]:   - 443
Feb 08 11:04:21 yunohost[32385]:   - 993
Feb 08 11:04:21 yunohost[32385]:   - 5222
Feb 08 11:04:21 yunohost[32385]:   - 5269
Feb 08 11:04:21 yunohost[32385]:   - 5353
Feb 08 11:04:21 yunohost[32385]:   - 52812
Feb 08 11:04:21 systemd[1]: Started YunoHost Firewall.

It looks “happy” except the timeout while stopping the firewall…

Hmmmyeah it should be okay. The status in Services > ynh-vpnclient should be green and that’s pretty much it !

I’ve checked just now, if there is a ynh-vpnclient at the location “Services > ynh-vpnclient” that you mentioned. But there is no such entry “ynh-vpnclient”.

The “Services > ynh-firewall” is green (maybe you had this in mind?)

Ugh yes sorry i did not drink my coffee yet :sweat_smile:

don’t worry…i had today almost too much coffee :grin:

I really appreciate your help!! thank you very much!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.