Any update on this migration error ?
La migration 0018_xtable_to_nftable a échoué avec l’exception Impossible de recharger le pare-feu : annulation
Thanks
First it would help to know what kind of hardware you’re running as asked in the support template message
Second if you’re able to run yunohost firewall reload without any error then skipping migration 18 is probably fin
- My yunohost is installed on an instance provided by scaleway. Here is the result of
hostnamectl:
Static hostname: scw-f66613
Icon name: computer-vm
Chassis: vm
Virtualization: kvm
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 5.7.11-mainline-rev1
Architecture: x86-64
- The firewall restart fails:
Warning: You cannot play with ip6tables here. You are either in a container or your kernel does not support it
Error: Could not reload the firewall
I still have this ip6tables issue.
Any idea ?
Zblerg it’s weird that it works for ipv4 but not ipv6 … not sure why, I guess naively i would disable ipv6 on the system then … and hopefully ynh-firewall code won’t try to set the ipv6 firewall if ipv6 is disabled
Well, the ipv6 is disabled yet.
In migration logs, I have this: https://paste.yunohost.org/raw/oxumenuzuv
It seems that iptables is not available. I try this:
sudo apt-get --reinstall install iptables and I rebooted my instance but it did not fix anything.
Zblerg I guess some kernel module should be enabled somehow but I’m always puzzled by those error …
I guess one ugly workaround can be to replace ip6tables by a dummy command … something like (message to people reading this understanding what this do : yes, i’m sorry) :
ln -sf /bin/true $(which ip6tables)
stderr:
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Tente juste de redemarrer ynh-firewall et si ça marche tu peux skip la migration …
OK, is this the right command:
sudo service ynh-firewall restart ?
I tried to start this service through the service section in the UI. And I et:
2021-02-18 20:24:53,021 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- stderr: 'iptables: Operation not supported.'
2021-02-18 20:24:53,021 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- stderr: "iptables v1.8.2 (nf_tables): Chain 'f2b-sshd' does not exist"
2021-02-18 20:24:53,021 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- stderr: "iptables v1.8.2 (nf_tables): Couldn't load match `multiport':No such file or directory"
2021-02-18 20:24:53,021 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- stderr: ''
2021-02-18 20:24:53,021 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2021-02-18 20:24:53,022 fail2ban.utils [3773]: ERROR 7f6554d8bb30 -- returned 2
Il semble que lorsqu’on upgrade Debian de Stretch à Buster, il faut aussi migrer de iptables à nftables.
Est-ce que vous conseillez de faire ce qui est décrit ici: From Stretch to Buster : How to migrate from iptables to nftables ? | Samuel Forestier ?
C’est précisément ce qui est censé être géré par la migration 18 … sauf que dans l’absolu elle n’est pas 100% nécessaire (à part si tu as éventuellement des conf iptables custom parce que docker ou autre) car elles sont regénérées à chaque rechargement du firewall … Mais là le problème semble être que iptables (qui est en fait maintenant un alias à nftables) ne semble pas super happy avec les règles que l’on tente d’appliquer …
J’ai finalement ignoré la migration mais l’upgrade de nextcloud vers nextcloud 20.0 échoue toujours. Je me demandais si il était possible de faire un upgrade vers une version que l’on spécifie manuellement, 19.0.0 par exemple (et donc faire un upgrade de nextcloud de 15.0 à 19.0 plutôt que 15.0 vers 20.0.7) ?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.