is it safe to use Yunohost 4.1 for my production ?
which power of VPS shall order from OVH to run :
- 2 wordpress
- 1 transmission
1 Like
Yes, I suppose 2vCPU + 2GB RAM should be quite enough for just that ⊠(or maybe even 1vCPU + 1GB RAM if youâre low on budget)
i have 6gb of ram and 80% of ram is gone !
Yes, Linux ate you RAM, c.f. https://www.linuxatemyram.com/
But thatâs not really the topic discussed in this threadâŠ
Bonjour, je me joins a tout le monde pour vous remercier du travail effectuĂ©, tant en qualitĂ© quâen quantitĂ© !!
3 Likes
Salut tout le monde.
Je suis en phase de test pour mon 1er autohébergÚrent. ^^RPI 4B 4GB/SSD.
Pour information
Je me rend compte que si jâInstall directement la nouvelle version. Sur carte SD ou SSD
yunohost-buster-4.1.7.1-rpi-stable.img.
MySQL ne ce lance pas aprĂšs la port installation. (mĂȘme aprĂšs une relance manuel)
Par contre si jâinstalle une ancienne version .
image_2020-10-03-yunohost-lite-qemu
Et fais ensuite la mise Ă jour, plus de problĂšme MySQL
Bien Ă tous
One question to the France, sortie mean âexitâ right? But then you should not translate Sortie de YunoHost word by word in English 
Sortie also means âReleaseâ like âA band releasing an albumâ translates to âUn groupe sort son nouvel albumâ 
Oh yeah true, forgot about that⊠But then every fire exit in France is a fire release?
I donât want to release some fire⊠
We call it âsortie de secoursâ, basically âemergency exitâ 
if u are like this:
THEN BACK ON TOPIC!
3 Likes
Salut !
Je viens finalement de faire la migration de mon YNH en 3.x vers le 4.x.
Il se trouve quâil est passĂ© directement au 4.1.7.1, donc je poste mes soucis ici.
Il me semble que quasiment tout sâest bien passĂ©, sauf les deux derniĂšres migrations.
Il me reste ceci dans lâadmin:
19. Extend/rework the app permission management system
18. Migrate old network traffic rules to the new nftable system
Concernant les regles de traffic, voici le log: https://paste.yunohost.org/raw/esexikagif
Je vous laisse jeter un oeil, lâerreur principale semble etre:
ERROR - Migration 0018_xtable_to_nftable did not complete, aborting. Error: Failed to migrate legacy iptables rules to nftables: Failed to run command 'iptables-legacy-save | iptables-restore'.
Et pour le coup, je ne suis pas trop sur de comment résoudre ça.
Est-ce que simplement tenter de relancer la migration peut marcher ?
Pour la deuxiĂšme migration sur les app permissions, je ne mets pas le log ici (il contient des noms de domaines, mais je peux passer le lien en MP si besoin), lâerreur semble ĂȘtre:
2021-02-13 17:25:18,312: ERROR - Migration 0019_extend_permissions_features did not complete, aborting. Error: Corrupted YAML read from /etc/ssowat/conf.json.persistent (reason: while scanning for the next token
found character '\t' that cannot start any token
in "<string>", line 5, column 1:
"mysubdomain.maindomain.tld/.well-k ...
^)
Donc, en effet dans /etc/ssowat/conf.json.persistent jâai des tab et des espaces mĂ©langĂ©s.
Jâai remplacĂ© les tab par des espaces, et je pense quâil ne me reste plus quâa relancer la migration.
Mais tant quâa faire, je prĂ©fĂ©rerai rĂ©gler lâautre soucis en mĂȘme temps !
Est-ce que vous avez une idée ?
Merci beaucoup !
Ce sont deux problÚmes indépendants
Câest effectivement la bonne chose Ă corrigĂ©e pour la migration 19
Pour la 18, pas sur de pourquoi ça marche pas, jâai dĂ©jĂ vu ça sur dâautres install ⊠Si il nây a pas de configuration rĂ©seau spĂ©cifique (par ex. Docker ou que sais-je), normalement câest ok de Skip (Passer) la migration car les rĂšgles firewall sont de toute maniĂšre regĂ©nĂ©rĂ©e lorsque tu recharges le firewall. Donc si faire un redĂ©marrage du service ynh-firewall fonctionne, tu peux skip la migration
Salut !
Jâai relancĂ© les deux migrations via la webadmin, et si la 18 est toujours plantĂ©e, la 19 sâest bien passĂ©e.
Pour le moment, le yunohost-firewall ne démarre pas bien.
Via la webadmin, le service est donnĂ© comme âfailedâ, avec ce log:
-- Logs begin at Sat 2021-02-06 07:46:02 CET, end at Sun 2021-02-14 20:12:01 CET. --
Feb 13 18:54:34 yunohost[2420]: - 5353
Feb 13 18:54:34 yunohost[2420]: - 22000
Feb 13 18:54:34 yunohost[2420]: - 51413
Feb 13 18:54:34 systemd[1]: Started YunoHost Firewall.
Feb 13 18:56:26 systemd[1]: Stopping YunoHost Firewall...
Feb 13 18:57:56 systemd[1]: yunohost-firewall.service: Stopping timed out. Terminating.
Feb 13 18:57:56 systemd[1]: yunohost-firewall.service: Control process exited, code=killed, status=15/TERM
Feb 13 18:57:56 systemd[1]: yunohost-firewall.service: Failed with result 'timeout'.
Feb 13 18:57:56 systemd[1]: Stopped YunoHost Firewall.
Feb 13 18:57:56 systemd[1]: Starting YunoHost Firewall...
Feb 13 18:58:02 yunohost[2741]: Some firewall rule commands have failed. More info in log.
Feb 13 18:58:02 yunohost[2741]: opened_ports:
Feb 13 18:58:02 yunohost[2741]: - 22
Feb 13 18:58:02 yunohost[2741]: - 25
Feb 13 18:58:02 yunohost[2741]: - 53
Feb 13 18:58:02 yunohost[2741]: - 80
Feb 13 18:58:02 yunohost[2741]: - 443
Feb 13 18:58:02 yunohost[2741]: - 587
Feb 13 18:58:02 yunohost[2741]: - 993
Feb 13 18:58:02 yunohost[2741]: - 3128
Feb 13 18:58:02 yunohost[2741]: - 3690
Feb 13 18:58:02 yunohost[2741]: - 5222
Feb 13 18:58:02 yunohost[2741]: - 5269
Feb 13 18:58:02 yunohost[2741]: - 5353
Feb 13 18:58:02 yunohost[2741]: - 22000
Feb 13 18:58:02 yunohost[2741]: - 51413
Feb 13 18:58:02 systemd[1]: Started YunoHost Firewall.
Feb 14 20:02:38 systemd[1]: Stopping YunoHost Firewall...
Feb 14 20:04:08 systemd[1]: yunohost-firewall.service: Stopping timed out. Terminating.
Feb 14 20:04:08 systemd[1]: yunohost-firewall.service: Control process exited, code=killed, status=15/TERM
Feb 14 20:04:08 systemd[1]: yunohost-firewall.service: Failed with result 'timeout'.
Feb 14 20:04:08 systemd[1]: Stopped YunoHost Firewall.
Feb 14 20:04:08 systemd[1]: Starting YunoHost Firewall...
Feb 14 20:04:12 yunohost[4915]: Some firewall rule commands have failed. More info in log.
Feb 14 20:04:12 yunohost[4915]: opened_ports:
Feb 14 20:04:12 yunohost[4915]: - 22
Feb 14 20:04:12 yunohost[4915]: - 25
Feb 14 20:04:12 yunohost[4915]: - 53
Feb 14 20:04:12 yunohost[4915]: - 80
Feb 14 20:04:12 yunohost[4915]: - 443
Feb 14 20:04:12 yunohost[4915]: - 587
Feb 14 20:04:12 yunohost[4915]: - 993
Feb 14 20:04:12 yunohost[4915]: - 3128
Feb 14 20:04:12 yunohost[4915]: - 3690
Feb 14 20:04:12 yunohost[4915]: - 5222
Feb 14 20:04:12 yunohost[4915]: - 5269
Feb 14 20:04:12 yunohost[4915]: - 5353
Feb 14 20:04:12 yunohost[4915]: - 22000
Feb 14 20:04:12 yunohost[4915]: - 51413
Feb 14 20:04:12 systemd[1]: Started YunoHost Firewall.
Et vis ssh, il apparait comme âexitedâ. En faisant sudo service fail2ban status puis sudo service yunohost-firewall status jâobtiens:
admin@myserverid:~$ sudo service fail2ban status
â fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2021-02-13 17:24:41 CET; 1 day 2h ago
Docs: man:fail2ban(1)
Process: 4976 ExecReload=/usr/bin/fail2ban-client reload (code=exited, status=0/SUCCESS)
Main PID: 27300 (fail2ban-server)
Memory: 40.4M
CGroup: /system.slice/fail2ban.service
ââ27300 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Feb 13 17:26:38 myserverid.myserverip.eu systemd[1]: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ban.pid â /run/fail2ban/fail2ban.pid; please update the unit file accordingly.
Feb 13 18:54:34 myserverid.myserverip.eu systemd[1]: Reloading Fail2Ban Service.
Feb 13 18:54:34 myserverid.myserverip.eu fail2ban-client[2474]: OK
Feb 13 18:54:34 myserverid.myserverip.eu systemd[1]: Reloaded Fail2Ban Service.
Feb 13 18:58:01 myserverid.myserverip.eu systemd[1]: Reloading Fail2Ban Service.
Feb 13 18:58:01 myserverid.myserverip.eu fail2ban-client[2793]: OK
Feb 13 18:58:01 myserverid.myserverip.eu systemd[1]: Reloaded Fail2Ban Service.
Feb 14 20:04:12 myserverid.myserverip.eu systemd[1]: Reloading Fail2Ban Service.
Feb 14 20:04:12 myserverid.myserverip.eu fail2ban-client[4976]: OK
Feb 14 20:04:12 myserverid.myserverip.eu systemd[1]: Reloaded Fail2Ban Service.
admin@myserverid:~$ sudo service yunohost-firewall status
â yunohost-firewall.service - YunoHost Firewall
Loaded: loaded (/lib/systemd/system/yunohost-firewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2021-02-14 20:04:12 CET; 4min 56s ago
Process: 4915 ExecStart=/usr/bin/yunohost firewall reload (code=exited, status=0/SUCCESS)
Main PID: 4915 (code=exited, status=0/SUCCESS)
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 587
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 993
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 3128
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 3690
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 5222
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 5269
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 5353
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 22000
Feb 14 20:04:12 myserverid.myserverip.eu yunohost[4915]: - 51413
Feb 14 20:04:12 myserverid.myserverip.eu systemd[1]: Started YunoHost Firewall.
Je nâai pas docker dâinstallĂ©, et la seule bidouille dont je me souvienne vaguement par rapport aux rĂšgles rĂ©seau, câest dâavoir tentĂ© dâexclure lâIP dynamique de ma connexion rĂ©sidentielle.
Jâessaye de retrouver des dĂ©tails la dessus, mais il est possible que jâai simplement rajoutĂ© un truc du genre iptables -A INPUT -s my.home.dyn.ip -j ACCEPT pour me dĂ©bloquer temporairement.
Est-ce quâil y a moyen dâavoir plus de dĂ©tails sur ce qui empeche le firewall de dĂ©marrer ?
Merci !
Edit: apres avoir essayé de lancer/stoper/relancer le firewall via la cli, je suis aller fouiller dans les logs yunohost-cli.
Je vois passer ces messages:
(more logs above)
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,394 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -p UDP --dport 53 -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,442 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -p UDP --dport 5353 -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,490 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -p UDP --dport 51413 -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,530 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -p UDP --dport 587 -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,570 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -i lo -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,614 DEBUG yunohost.firewall _on_rule_command_error - [7285.1] "ip6tables -w -A INPUT -p icmpv6 -j ACCEPT" returned non-zero exit status 4:
> ip6tables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain INPUT
2021-02-14 20:25:08,733 DEBUG yunohost.service _run_service_command - [7285.1] Running 'systemctl reload fail2ban'
2021-02-14 20:25:09,435 WARNING yunohost.firewall firewall_reload - [7285.1] Some firewall rule commands have failed. More info in log.
En espérant que a puisse aider!
Tu es sur quel genre de machine ?
Je suis sur un kimsuffi, serveur dĂ©diĂ© avec Debian installĂ©. Sur Yunohost depuis⊠jâai envie de dire 2016?
Edit: peut-ĂȘtre que ça nâa rien a voir, mais est-ce que ça pourrait venir des ouvertures du Firewall vers les IPs de monitoring dâOVH?
Je ne me rappelle pas avoir configurĂ© quoique ce soit la dessus, donc je pense que ces IPs devaient ĂȘtre ouvertes depuis lâinstallation du serveur en 2016.
