Alors que tout fonctionnait, mon serveur est devenu inaccessible sans raison apparente. Le redémarrage n’a rien résolu. En capturant la sortie lors de la séquence de démarrage, j’ai remarqué quelques messages d’erreur. Si quelqu’un pouvait m’aider à décrypter tout ça, il me ferait plaisir.
U-Boot SPL 2014.10+dfsg1-5 (Apr 07 2015 - 21:54:22)
DRAM: 512 MiB
CPU: 960000000Hz, AXI/AHB/APB: 3/2/2
U-Boot 2014.10+dfsg1-5 (Apr 07 2015 - 21:54:22) Allwinner Technology
CPU: Allwinner A20 (SUN7I)
I2C: ready
DRAM: 512 MiB
MMC: SUNXI SD/MMC: 0
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
SCSI: SUNXI SCSI INIT
Target spinup took 0 ms.
AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
flags: ncq stag pm led clo only pmp pio slum part ccc apst
Net: dwmac.1c50000
Hit any key to stop autoboot: 0
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0...
Found U-Boot script /boot/boot.scr
2686 bytes read in 181 ms (13.7 KiB/s)
## Executing script at 43100000
Mainline u-boot / new-style environment detected.
3710408 bytes read in 287 ms (12.3 MiB/s)
33830 bytes read in 213 ms (154.3 KiB/s)
17794943 bytes read in 1073 ms (15.8 MiB/s)
Booting Debian 4.9.0-6-armmp from mmc 0:1...
Kernel image @ 0x42000000 [ 0x000000 - 0x389dc8 ]
## Flattened Device Tree blob at 43000000
Booting using the fdt blob at 0x43000000
Loading Ramdisk to 4ef07000, end 4ffff77f ... OK
Loading Device Tree to 4eefb000, end 4ef06425 ... OK
Starting kernel ...
[ 0.000000] Linux version 4.9.0-6-armmp (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07)
[ 0.000000] Kernel command line: console=ttyS0,115200 console=ttyS1 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xe0800000 - 0xff800000 ( 496 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xe0000000 ( 512 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0xc0008000 - 0xc0800000 (8160 kB)
[ 0.000000] .init : 0xc0b00000 - 0xc0c00000 (1024 kB)
[ 0.000000] .data : 0xc0c00000 - 0xc0cfc144 (1009 kB)
[ 0.000000] .bss : 0xc0cfe000 - 0xc0d51c4c ( 336 kB)
[ 0.064176] /cpus/cpu@0 missing clock-frequency property
[ 0.064215] /cpus/cpu@1 missing clock-frequency property
[ 0.177420] VFS: Disk quotas dquot_6.6.0
[ 1.501172] audit: type=2000 audit(1.460:1): initialized
[ 1.683802] Registering SWP/SWPB emulation handler
[ 1.700829] sr_init: No PMIC hook to init smartreflex
[ 1.706062] sr_init: platform driver register failed for SR
Loading, please wait...
starting version 232
[ 1.833205] random: systemd-udevd: uninitialized urandom read (16 bytes read)
[ 1.841297] random: systemd-udevd: uninitialized urandom read (16 bytes read)
[ 1.841673] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.843353] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.843902] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.844636] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.845196] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.845702] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.846233] random: udevadm: uninitialized urandom read (16 bytes read)
[ 1.846754] random: udevadm: uninitialized urandom read (16 bytes read)
[ 2.133637] SCSI subsystem initialized
[ 2.228883] mmc0: host does not support reading read-only switch, assuming write-enable
[ 2.273456] usb_phy_generic.0.auto supply vcc not found, using dummy regulator
[ 2.355029] ahci-sunxi 1c18000.sata: forcing PORTS_IMPL to 0x1
[ 2.432832] axp20x-regulator axp20x-regulator: regulators node not found
[ 2.681374] ata1.00: supports DRM functions and may not be fully accessible
[ 2.690088] ata1.00: supports DRM functions and may not be fully accessible
[ 2.702608] scsi 0:0:0:0: Direct-Access ATA Samsung SSD 850 2B6Q PQ: 0 ANSI: 5
[ 2.757417] sunxi-mmc 1c0f000.mmc: smc 0 err, cmd 18, RD DTO !!
[ 2.763511] sunxi-mmc 1c0f000.mmc: data error, sending stop command
[ 2.769932] mmcblk0: timed out sending r/w cmd command, card status 0x900
[ 2.784561] sd 0:0:0:0: [sda] 488397168 512-byte logical blocks: (250 GB/233 GiB)
[ 2.793445] sd 0:0:0:0: [sda] Write Protect is off
[ 2.798454] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.812182] sd 0:0:0:0: [sda] Attached SCSI disk
[ 2.854207] random: fast init done
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... done.
Begin: Will now check root file system ... fsck from util-linux 2.29.2
[/sbin/fsck.ext4 (1) -- /dev/mmcblk0p1] fsck.ext4 -a -C0 /dev/mmcblk0p1
/dev/mmcblk0p1: clean, 216734/915840 files, 1570291/3927552 blocks
done.
done.
Begin: Running /scripts/local-bottom ... done.
Begin: Running /scripts/init-bottom ... done.
Welcome to Debian GNU/Linux 9 (stretch)!
[ 5.534886] systemd[1]: [/lib/systemd/system/redis-server.service:14] Unknown lvalue 'RunTimeDirectory' in section 'Service'
[ 5.592886] systemd[1]: nscd.service: Cannot add dependency job, ignoring: Unit nscd.service is masked.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Created slice System Slice.
[ OK ] Created slice system-postgresql.slice.
[ OK ] Created slice system-getty.slice.
[ OK ] Listening on Journal Audit Socket.
[ OK ] Listening on Syslog Socket.
[ OK ] Created slice User and Session Slice.
[ OK ] Reached target Slices.
[ OK ] Set up automount Arbitrary Executab…rmats File System Automount Point.
[ OK ] Reached target Remote File Systems.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Created slice system-postfix.slice.
Mounting Debug File System...
[ OK ] Listening on udev Kernel Socket.
[ OK ] Listening on fsck to fsckd communication Socket.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Created slice system-serial\x2dgetty.slice.
[ OK ] Reached target Paths.
Mounting POSIX Message Queue File System...
[ OK ] Listening on udev Control Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
Starting Nameserver information manager...
Starting Create list of required st…ce nodes for the current kernel...
Starting Journal Service...
Starting Load Kernel Modules...
Starting Remount Root and Kernel File Systems...
[ OK ] Mounted Debug File System.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Started Create list of required sta…vice nodes for the current kernel.
[ OK ] Started Load Kernel Modules.
[ OK ] Started Nameserver information manager.
Starting Apply Kernel Variables...
Starting Create Static Device Nodes in /dev...
[ OK ] Started Remount Root and Kernel File Systems.
Starting udev Coldplug all Devices...
Starting Load/Save Random Seed...
[ OK ] Started Apply Kernel Variables.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Create Static Device Nodes in /dev.
[ OK ] Started Load/Save Random Seed.
[ OK ] Reached target Local File Systems (Pre).
Starting udev Kernel Device Manager...
[ OK ] Started Flush Journal to Persistent Storage.
[ OK ] Started udev Kernel Device Manager.
[ OK ] Started udev Coldplug all Devices.
[ 7.609336] sd 0:0:0:0: Attached scsi generic sg0 type 0
[ OK ] Found device /dev/ttyS0.
[ OK ] Found device Samsung_SSD_850_EVO_250GB 1.
[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
Mounting /mnt/evo...
[ OK ] Found device /sys/subsystem/net/devices/eth0.
[ OK ] Mounted /mnt/evo.
[ OK ] Reached target Local File Systems.
Starting Create Volatile Files and Directories...
[ OK ] Started ifup for eth0.
Starting Raise network interfaces...
Activating swap /mnt/evo/swapfile...
Starting Load/Save RF Kill Switch Status...
[ OK ] Started Create Volatile Files and Directories.
[ OK ] Started Entropy daemon using the HAVEGE algorithm.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Reached target System Time Synchronized.
[ OK ] Started Load/Save RF Kill Switch Status.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ 8.841992] RX IPC Checksum Offload disabled
[ 8.846486] sun7i-dwmac 1c50000.ethernet eth0: fail to init PTP.
[ OK ] Activated swap /mnt/evo/swapfile.
[ OK ] Reached target Swap.
[ OK ] Reached target System Initialization.
[ OK ] Started Run VPN Client Checker every 5 minutes..
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Started Daily apt download activities.
[ OK ] Started Daily apt upgrade and clean activities.
[ OK ] Started Clean PHP session files every 30 mins.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on PC/SC Smart Card Daemon Activation Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started YunoHost boot prompt.
Starting Login Service...
Starting Synapse Matrix homeserver...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started Avahi mDNS/DNS-SD Stack.
Starting rng-tools.service...
[ OK ] Started Name Service Cache Daemon.
Starting PostgreSQL Cluster 9.4-main...
Starting System Logging Service...
[ 9.857697] random: crng init done
[ OK ] Started irqbalance daemon.
Starting LSB: Start/stop sysstat's sadc...
Starting Initialize hardware monitoring sensors...
[ OK ] Started rng-tools.service.
[ OK ] Started Login Service.
[ OK ] Started System Logging Service.
[ OK ] Started Initialize hardware monitoring sensors.
[ OK ] Started LSB: Start/stop sysstat's sadc.
[ OK ] Started PostgreSQL Cluster 9.4-main.
Starting PostgreSQL RDBMS...
[ OK ] Started PostgreSQL RDBMS.
[FAILED] Failed to start Raise network interfaces.
See 'systemctl status networking.service' for details.
[ OK ] Reached target Network.
[ OK ] Started YunoHost API Server.
Starting coturn...
Starting A high performance web server and a reverse proxy server...
Starting Permit User Sessions...
Starting MariaDB database server...
[ OK ] Started Unattended Upgrades Shutdown.
Starting YunoHost Firewall...
Starting The PHP 7.0 FastCGI Process Manager...
Starting Advanced key-value store...
[ OK ] Reached target Network is Online.
Starting LSB: OpenLDAP standalone s…ight Directory Access Protocol)...
Starting LSB: Start NTP daemon...
Starting LSB: Start/stop uWSGI server instance(s)...
Starting LSB: coturn TURN Server...
Starting LSB: disk temperature monitoring daemon...
Starting /etc/rc.local Compatibility...
Starting LSB: Starts and daemonize Glances server...
Starting LSB: Metronome XMPP Server...
Starting dnsmasq - A lightweight DHCP and caching DNS server...
[ OK ] Started Etherpad-lite, the collaborative editor..
Starting YunoHost VPN Client....
Starting OpenBSD Secure Shell server...
Starting Fail2Ban Service...
[ OK ] Started coturn.
[ OK ] Started Permit User Sessions.
[ OK ] Started OpenBSD Secure Shell server.
[ OK ] Started LSB: coturn TURN Server.
[ OK ] Started LSB: disk temperature monitoring daemon.
[ OK ] Started Advanced key-value store.
[ OK ] Started LSB: Start NTP daemon.
[ OK ] Started LSB: Starts and daemonize Glances server.
Starting The PHP FastCGI Process Manager...
[ OK ] Started LSB: OpenLDAP standalone se…weight Directory Access Protocol).
[ OK ] Started dnsmasq - A lightweight DHCP and caching DNS server.
[ OK ] Reached target Host and Network Name Lookups.
Starting Postfix Mail Transport Agent (instance -)...
[ OK ] Started rapid spam filtering system.
Starting LSB: LDAP connection daemon...
[FAILED] Failed to start The PHP 7.0 FastCGI Process Manager.
See 'systemctl status php7.0-fpm.service' for details.
[ OK ] Started LSB: Metronome XMPP Server.
[ OK ] Started A high performance web server and a reverse proxy server.
[ OK ] Started LSB: Start/stop uWSGI server instance(s).
[FAILED] Failed to start The PHP FastCGI Process Manager.
See 'systemctl status php5-fpm.service' for details.
[ OK ] Started LSB: LDAP connection daemon.
Starting Dovecot IMAP/POP3 email server...
[ OK ] Started Regular background program processing daemon.
[ OK ] Started MariaDB database server.
[ OK ] Started ttrss_backend.
[ OK ] Started /etc/rc.local Compatibility.
[ OK ] Started Getty on tty1.
[ OK ] Started Serial Getty on ttyS0.
[ OK ] Reached target Login Prompts.
[ OK ] Started Dovecot IMAP/POP3 email server.
Stopping LSB: Start NTP daemon...
[ OK ] Stopped LSB: Start NTP daemon.
__ __ __ __ __ _ _______ __ __ _______ _______ _______
| | | || | | || | | || || | | || || || |
| |_| || | | || |_| || _ || |_| || _ || _____||_ _|
| || |_| || || | | || || | | || |_____ | |
|_ _|| || _ || |_| || _ || |_| ||_____ | | |
| | | || | | || || | | || | _____| | | |
|___| |_______||_| |__||_______||__| |__||_______||_______| |___|
IP:
SSH fingerprints:
- SHA256:bZjIm85FIegIKBUNdkt+CResPr4sCVbht5u2sPtNGr0 (DSA)
- SHA256:WULIcDWqfs2j1K+IYFImsQo5mUdqAGsaNLJhYTU6GZo (ECDSA)
- SHA256:LWnl1WgGDaw/le3lyg0pMbS+xIM16UaBPovkSqgbTNo (ED25519)
- SHA256:KMzS6Ws99YS+0L/B2IZGrOEtNHLJZPz9bJZIWwzqatg (RSA)
stemy login:
Quand tu dis inaccessible, accès HTTPS ? Ssh? Les deux? Serveur physique ou VM ?
Dans tous les cas et en plus du dmesg, pourrais tu expliquer plus en détail avec les logs en fonction des services impactés ?
Merci pour les infos.
On va commencer par la couche basse.
Est-ce que la configuration IP est bonne et est-ce que tu ping ta passerelle ? Côté fichier /etc/hosts, tout est ok? Est-ce que tu as les ports en écoute, vérification local avec netstat -ltunp
Test extérieur avec https://ports.yunohost.org
En local, est-ce que tu peux faire un :
curl https://localhost/yunohost/sso
root@stemy:~# curl https://localhost/yunohost/sso
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
root@stemy:~# curl -k https://localhost/yunohost/sso
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
root@stemy:~#
Quels sont les éléments entre le wan et le lan pour accéder depuis l’extérieur ?
Pourrais-tu vérifier les configurations routing + port et leurs activation ?
Côté applicatif, tes services semblent en écoute et on accède à yunohost depuis le serveur.
Pour le test https://ports.yunohost.org, tout est rouge ou certains en vert ?
Il faudrait checker ton VPN, le serveur qui l’héberge ou voir avec la société qui te fourni le service.
Déjà, tu le ping maintenant, si tu l’as mis en place côté VPN client sur ton serveur yunohost, vois ta configuration et les règles du VPN.
Autrement, écrit au support de l’offre de ton VPN.
Il n’y a pas eu de mise à jour récente d’effectuée sur le système? J’ai eu des soucis en passant à la dernière version de Debian : Stretch
D’après les logs fournis, il y a un problème de démarrage de php-fpm :
Je ne connais pas le fonctionnement de la brique internet et si c’est lié à ton problème
J’ai eu un problème similaire et tu sembles avoir des connaissances en informatique, essais de regarder ce post pour t’en inspirer : 502 Bad Gateway error depuis la migration vers la V3 - #19 by Gofannon
Est-ce que tu peux # tail -50 /var/log/openvpn-client.log et nous fournir la sortie pour avoir une vue sur les 50 dernières lignes du journal d’openvpn client?
pas de php-fpm (5 ou 7)
Dans les deux cas de php-fpm il semblerait que l’application piratebox pose problème.
Donc…
soit il faut essayer de la désinstaller, quitte à la réinstaller plus tard (avec ou sans backup en fonction de ce que tu en fais).
soit il faut juste essayer de faire fonctionnes php-fpm sans piratebox en veillant à mettre de côté les fichiers faisant référence à piratebox et qui se trouveraient dans /etc/php5/fpm/pool.d/ et dans /etc/php/7.0/fpm/pool.d.
Pour mettre de côté tu peux par exemple faire # mv /etc/php5/fpm/pool.d/piratebox.conf /root/piratebox.conf.php5 pour peu que le fichiers a déplacer temporairement soit bien piratebox.conf. Et faire pareil pour ce qui est de php7.
Ensuite tenter # yunohost service start php5-fpm et # yunohost service start php5-fpm et vérifier si les services ont démarré avec # systemctl status php5-fpm.service et # systemctl status php7-fpm.service.
Ça ne résoudra pas le problème avec l’application piratebox mais ça permettra peut-être de faire démarrer php-fpm.
Bon, j’ai essayé une demi-douzaine de fois de le démarrer mais ça bloque à chaque fois.Soit il tente de démarrer synapse en boucle sans y parvenir, du coup la séquence de boot est au point mort, soit il démarre mais me met «connexion refusée» quand je tente de me connecter en ssh.
Dans le log open vpn le message est assez clair Sat Jul 7 08:48:21 2018 WARNING: Your certificate has expired! ce qui est étrange puisque la dernière version de neutrinet_ynh prend en compte le renouvellement du certificat ssl.
Par contre, à ma connaissance, cela n’a pas encore été testé sur stretch et si je ne me trompe pas, le fait qu’il y ait php7-fpm sur ta brique c’est que la mise à niveau a été faite non?
Par contre c’est bien dommage que la piste piratebox ne fonctionne pas parce que ça me semblait un bon angle. Quelles sont les sorties de # systemctl status php5-fpm.service et # systemctl status php7-fpm.service avec l’application piratebox mise de côté?
Update. J’ai dû redémarrer le serveur et de nouveaux problèmes sont apparus. Seules les applis de serveur mail, Hextris, Neutrinet, Riot et yunosearx fonctionnent, absolument toutes les autres me retournent une erreur 502.
Il faudrait donner plus de détails, par exemple le nom des applis qui ne fonctionnent pas.
En attendant je vais essayer de deviner et miser sur le fait que les applis qui ne fonctionnent pas sont des applis PHP et donc qui dépendent des services php-fpm (pour PHP v5 et/ou PHP v7).
Que donnent les commandes suivantes ?
sudo systemctl status php7.0-fpm
sudo systemctl status php5-fpm