Apache script config with loggly - apache

I am trying to configure loggly in apache in my ubuntu machine.
What I have done is
curl -O https://www.loggly.com/install/configure-apache.sh
sudo bash configure-apache.sh -a XXXXXX -u XXXXXX
After entering the last line it's saying
ERROR: Apache logs did not make to Loggly in time. Please check network and firewall settings and retry.
Manual instructions to configure Apache2 is available at https://www.loggly.com/docs/sending-apache-logs/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/
Any idea why it's showing and how to solve it?

This is likely a network issue or a delay in sending the logs or even an issue with the script. Check out the following link that has the manual instructions. https://www.loggly.com/docs/sending-apache-logs/ that you can follow and use to verify the script created the configuration files correctly.

Related

Issue installing virtualmin in vps

Trying to install Virtualmin in my new Ubuntu Xenial vps, executing install.sh, I get the following error:
[... up to here all fine..]
Processing triggers for dovecot-core (1:2.2.22-1ubuntu2.2) ...
Job for dovecot.service failed because the control process exited with error cod e. See "systemctl status dovecot.service" and "journalctl -xe" for details.
invoke-rc.d: initscript dovecot, action "restart" failed.
dpkg: error processing package dovecot-core (--configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for libapache2-mod-php7.0 (7.0.8-0ubuntu0.16.04.3) ...
Errors were encountered while processing:
dovecot-core
FATAL - Fatal Error Occurred: Something went wrong during installation: 0
FATAL - Cannot continue installation.
FATAL - Attempting to remove virtualmin repository configuration, so the install ation can be
FATAL - re-attempted after any problems have been resolved.
FATAL - Removing temporary directory and files.
FATAL - If you are unsure of what went wrong, you may wish to review the log
FATAL - in /root/virtualmin-install.log
I have installed virtualmin in other vps and did not have such issue before. I meet the same issue in this vps also if I change operating system. What could I do to solve? Thanks
I wanted to install virtualmin on Ubuntu 16.04; I met same issues (as in your log); the error is quite cryptic and unexpected; virtualmin setup worked flawlessly in other vps.
A particular thing of my new vps is that ipv6 is not supported; it is probably the same in your case. Working on this information I made virtualmin work as expected, with the following steps:
fresh install of Ubuntu 16.04
apt-get install dovecot-common dovecot-imapd dovecot-pop3d
(these packages are the part related to dovecot for Ubuntu, taken from virtualmin install.sh). This gave issues.
Then edited: /etc/dovecot/dovecot.conf file.. uncommenting the line "listen = *, ::" and setting it to "listen = *" (listen just to ipv4 instead of also ipv6)
then again "apt-get install dovecot-common dovecot-imapd dovecot-pop3d", to check that installation finely completes.
install virtualmin: "/bin/sh install.sh"
service apache2 restart
In /etc/hosts comment the rows related to ipv6 (those with ::)
remove the "ipv6=1" line from /etc/webmin/miniserv.conf
/etc/init.d/webmin restart (now webmin should be up and working at https://yourip:10000)
I've tried these steps to install VirtualMin on my VPS Ubuntu 16.04. I am damn sure it will work for you.
Here are some prerequisites of the VirtualMin on Ubuntu:
-> You must have a new Ubuntu VPS or system with at 1 GB RAM.
-> You must have root access or access to a user with Sudo privileges.
-> A valid hostname set on your server’s primary IP address.
-> Two registered custom nameservers for Virtualmin.
Steps:
Step 1: Update your system with the latest available version:
Linux command: apt-get update
Step 2: Set Hostname and FQDN:
For Virtualmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname and /etc/hosts files, as well as update your DNS settings so DNS lookups resolve properly.
Linux command: hostname
To change the hostname for your server, open the file /etc/hostname in your editor:
Linux command: sudo nano /etc/hostname
Delete the current hostname and replace it with your hostname:
Use just the hostname, not the entire FQDN, in this file. For example, if your FQDN is demo.yourdomainname.com, enter demo in this file.
Save the file and exit the editor.
Next, add both the hostname and FQDN in the /etc/hosts file:
Linux command: sudo nano /etc/hosts
Modify the line that starts with 127.0.0.1 to use your FQDN and hostname, in that order:
127.0.1.1 your_hostname.your_domain.com your_hostname
127.0.0.1 localhost
...
Remember to replace your_hostname and your_domain.com with your own hostname and domain name. Save the file and exit the editor.
To check if the name has been changed correctly, reboot your server.
Linux command: sudo reboot
Step 3: Download and install Virtualmin
To install Virtualmin, download and run the official Virtualmin installation script, which will install Virtualmin, and Webmin, along with a LAMP stack, BIND, and Postfix.
Use wget to download the script:
Linux command: wget http://software.virtualmin.com/gpl/scripts/install.sh -O /tmp/virtualmin-install.sh
After the Virtualmin script has been downloaded successfully, we will go for the execution of the script. For that, first we will have to make the script file executable by running the following chmod command:
Linux command: chmod +x /tmp/virtualmin-install.sh
Once the file is made executable, we will go further towards running it using a shell. Enter the following command in the terminal to install Virtualmin through script.
Linux command: sh /tmp/virtualmin-install.sh
The script will give a warning message about existing data and compatible operating systems. Press y to confirm that you want to continue the installation.
The installation process may take a few minutes to complete all the steps as it installs various software packages and components.
Step 4: Configuring Webmin Using The Post-Installation Wizard
To configure Webmin, we'll use its web-based Post-Installation Wizard. Open your web browser and navigate to https://your_server_ip:10000. You can also use your fully-qualified domain name to access the site.
Note: Your browser may show a "Your connection is not secure" or "Your connection is not private" warning since Virtualmin uses a self-signed certificate. This warning is normal. You can ignore it.
Next, we'll need to enter the root username and password which is same as of the Linux system's to get access to the Web-based Control Panel of VirtualMin.
Once you have logged in, you'll see the Introduction screen stating that you are going through the steps to configure Virtualmin. Press Next to continue.
On the Memory use screen, select No for Preload Virtual Libraries, because you don't need to run the Virtual User interface all the time. Select Yes for Run email domain lookup server to enable faster mail processing. Press Next to continue.
On the Virus scanning screen, select No for Run ClamAV server scanner so you'll use less RAM. Press Next to continue.
On the Spam filtering screen, select No for Run SpamAssassin server filter and press Next to continue.
On the Database servers screen, select Yes to Run MySQL database server because MySQL server is widely used and supported by most applications, and no to Run PostgreSQL database server. Press Next to continue.
On the MySQL password screen, enter your desired MySQL root password. It should be different from the root password you used to log in to Webmin.
Select Yes if you’d like to remove the test MySQL database
Select Yes if you’d like to remove the anonymous MySQL user
On the MySQL database size screen, select the RAM option that matches the amount of RAM your server has. For a 1GB server, select Large system (1G) on which MySQL is heavily used. Press Next to continue.
On the Nameserver screen, Enter your primary and secondary nameservers which you configured in the prerequisites. If you haven't set these up, check the Skip check for resolvability box to avoid error message and proceed. Press Next to continue.
On the Password storage mode screen, select Store plain-text passwords if you must support password recovery. Otherwise, choose Only store hashed passwords. Here we have chosen plain-text passwords as an example. Press Next to continue.
you will see the All done screen. Click Next to end.
You may see a message stating that Virtualmin's configuration has not been checked. Click the Re-check and refresh the configuration button to check your Virtualmin configuration. Address any errors that the check reports. This process may take a few minutes to complete.
Congratulations! Your server is now configured.

Not able to open the deck UI for spinnaker

I installed spinnaker using the command
bash <(curl --silent https://spinnaker.bintray.com/scripts/InstallSpinnaker.sh)
on a local ubuntu machine.
After installation I am not able to connect to the Deck UI of spinnaker using URL: http://localhost:9000
Check logs in /var/log/apache2 for errors, and /etc/apache2/ports.conf to see if it is is listening on 127.0.0.1:9000
The install script should have made those changes for you, but maybe you had a permissions issue or some other kind of local system policy preventing the installation from working properly.

Run ssh on Apache -> Failed to get a pseudo terminal: Permission denied

I'm using flask with apache(mod_wsgi).
When I use ssh module with external command subprocess.call("ssh ......",shell=True)
(My Python Flask code : Not wrong)
ssh = "sshpass -p \""+password+"\" ssh -p 6001 "+username+"#"+servername+" \"mkdir ~/MY_SERVER\""
subprocess.call(ssh, shell=True)
I got this error on Apache error_log : Failed to get a pseudo terminal: Permission denied
How can I fix this?
I've had this problem under RHEL 7. It's due to SELinux blocking apache user to access pty. To solve:
Disable or set SELinux as permissive (check your security needs): edit /etc/selinux/config and reboot.
Allow apache to control its directory for storing SSH keys:
sudo -u apache
chown apache /etc/share/httpd
ssh to desired host, accept key.
I think apache's login shell is "/sbin/nologin".
If you want to allow apache to use shell command, modify /etc/passwd and change the login shell to another shell like "/bin/bash".
However, this method is vulnerable to security. Many python ssh modules are available in internet. Use one of them.
What you are doing seems frightfully insecure. If you cannot use a Python library for your SSH connections, then you should at least plug the hole that is shell=True. There is very little here which is done by the shell anyway; doing it in Python affords you more control, and removes a big number of moving parts.
subprocess.call(['/usr/bin/sshpass', '-p', password,
'/usr/bin/ssh', '-T', '-p', '6001', '{0}#{1}'.format(username, servername),
'mkdir ~/MY_SERVER'])
If you cannot hard-code the paths to sshpass and ssh, you should at least make sure you have a limited, controlled PATH variable in your environment before doing any of this.
The fix for Failed to get a pseudo-terminal is usually to add a -T flag to the ssh command line. I did that above. If your real code actually requires a tty (which mkdir obviously does not), perhaps experiment with -t instead, and/or redirecting standard input and standard output.

Jenkins - j_acegi_security_check

I am trying to setup jenkins, but I cant get the authentication to work. I am running jenkins on Tomcat6 on CentOS 6.2. I enable logging in, and everything goes fine until I try to log in. After giving my credential and pressing login, tomcat gives me a error:
"HTTP Status 404 - The requested resource () is not available." on http://myserver:8080/jenkins/j_acegi_security_check
By googling I can find this:
https://issues.jenkins-ci.org/browse/JENKINS-3761
Two suggested fixes I have found:
Run jenkins on tomcat instead of running the standalone version - I
am already doing so.
Edit a file: WEB-INF/security/SecurityFilters.groovy - I tried to
edit, but I can't get it to change anything
Is there something I could do to make this work?
Spent ages wrestling with this one, make sure a Security Realm is set when you are choosing your Authorization method in Jenkins.
That is, in Manage Jenkins → Configure Global Security select an option in the Security Realm list.
For example:
You may have forgotten to select a Security Realm as specified below
https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup
In case you have locked yourself out, you can revert the Jenkins config.xml file to set <useSecurity>true</useSecurity> node value to false by following instructions here
https://wiki.jenkins-ci.org/display/JENKINS/Disable+security
As mentioned on the bug page:
The error was caused by a proxy pass rule "/jenkins http://localhost:9080/jenkins/" which led to the incomming (jenkins) request "/jenkins//j_acegi_security_check" (double //). So the login page was rejected with 404 (while all other pages where served).
Make sure your /jenkins ProxyPass does not end with a trailing slash in the destination URL.
I had the same problem with 404 on the "/jenkins/j_acegi_security_check" page.
Using Jenkins with Tomcat, after a lot of tries to solve it, I came to following solution - I´m using 18080 as default port without SSL-redirection.
It´s related to the redirection, but in that case (as using Tomcat) it has to be changed in the tomcat-server-configuration:
Look in /conf/server.xml for the following entry:
<Connector port="18080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Just commenting out the redirectPort helped for me:
<Connector port="18080" protocol="HTTP/1.1"
connectionTimeout="20000" />
I had the same HTTP 404 on the "/jenkins/j_acegi_security_check" URI problem .
And the same issue as pointed out by pga above: Tomcat was being started as user root.
This was because I had setup tomcat to restart automatically by creating a startup tomcat script at "/etc/init.d/".
Fixed the issue with:
su - tomcatuser - c /cde/pkgs/../tomcat/start.sh
I was facing the same issue on Ubuntu as well as on AIX, where I desperately needed it to work in production settings. I even tried Tomcat and Apache web servers, still the same issue.
Finally changing the class loader as follows made it work in stand-alone mode:
java -jar jenkins.war --httpPort=79802 --preferredClassLoader=java.net.URLClassLoader &
By the way, this is default settings in standard Jenkins distribution for Ubuntu, from where I got the clue.
Probably the issue is related with packaging, but for now this solution works. Check if this resolves similar issues.
My bookmarked jenkins login url was: https://jenkins.foo.com/login?from=%2F
If security is disabled and you hit that url with any credentials or blank ones, it brings up the j_acegi error.
Instead, use https://jenkins.foo.com/ and it will take you straight to the dashboard.
I had the same HTTP 404 on the "/jenkins/j_acegi_security_check" URI.
In my case, Jenkins was running on a Tomcat started by user 'root'. Stopped Tomcat, and started it again by the proper separate application user. Problem solved.
Seeing vote down: I did the steps again on fresh server.
There were ** characters and I removed that
There were missing $sign for tomcat like this $TOMCAT_VERSION
(Both corrected and it is working) (updated on 28.03.2016)
Disable the security as given below:
http://markunsworth.com/2012/02/13/locked-yourself-out-of-jenkins/
Unable to login jenkins, and can't disable login option either
Or
Locked in login with Jenkins on Tomcat.
http://xx.xxx.xxx.xxx:8080/jenkins/login?from=/jenkins/ and after filling the userId Password, which was not set up at all, will always take to this page
http://xx.xxx.xxx.xxx:8080/jenkins/j_acegi_security_check
HTTP Status 404 - description The requested resource is not available.
I had .war file installed in tomcat
It took me long to fix this issue.
I had many times completely removed Tomcat, Jenkins all folders .jenkins etc reinstalled and what not...
Remove both Tomcat and Jenkins completely once again...
The solution is proper use of user and group, let us see how to it by running the following commands one by one.
You are logged in with user(e.g. vimal) with sudo permission.
vimal#h123:~$ sudo apt-get update
vimal#h123:~$ BASE_USER=vimal
vimal#h123:~$ sudo chown -Rf $BASE_USER:$BASE_USER /opt/
vimal#h123:~$ USER=apache-tomcat
vimal#h123:~$ GROUP=myjenkins
vimal#h123:~$ TOMCAT_INSTALL_DIR=/opt
vimal#h123:~$ TOMCAT_VERSION=apache-tomcat-8.0.23
vimal#h123:~$ TOMCAT_URL=http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.zip
For TOMCAT_URL, copy the link that you need from archive/src (.zip) of tomcat download site
vimal#h123:~$ mkdir -p $TOMCAT_INSTALL_DIR
vimal#h123:~$ cd $TOMCAT_INSTALL_DIR
vimal#h123:~$ wget $TOMCAT_URL
vimal#h123:~$ unzip -q $TOMCAT_VERSION.zip
vimal#h123:~$ rm $TOMCAT_VERSION.zip
Before running command below you need to have JAVA_HOME set up in like JAVA_HOME="/usr/lib/jvm/java-8-oracle/" by adding this into
sudo nano /etc/environment
vimal#h123:~$ sudo chmod +x $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/bin/*.sh
vimal#h123:~$ $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/bin/catalina.sh start
vimal#h123:~$
vimal#h123:~$ cd $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/webapps/
vimal#h123:~$ wget http://mirrors.jenkins-ci.org/war-stable/latest/jenkins.war
Wait for a couple of minutes till Jenkins is fully loaded. Needs 2GB memory.
Try going to the browser on http://xx.xxx.xxx.xxx:8080/jenkins/ and it will work...
Took me one day to find the solution.
Here is how I resolved this issue:
# service tomcat status
tomcat start/running, process 996
# service tomcat stop
tomcat stop/waiting
# service jenkins status
Jenkins Continuous Integration Server is not running
# service jenkins restart
* Restarting Jenkins Continuous Integration Server jenkins [ OK ]
# service tomcat start
tomcat start/running, process 3839
# service jenkins status
Jenkins Continuous Integration Server is running with the pid 3694
Refresh your browser and Jenkins should be up and running.
Hope this helps!

fabric appears to start apache2 but doesn't

I'm using fabric to remotely start a micro aws server, install git and a git repository, adjust apache config and then restart the server.
If at any point, from the fabfile I issue either
sudo('service apache2 restart') or run('sudo service apache2 restart') or a stop and then a start, the command apparently runs, I get the response indicating apache has started, for example
[ec2-184-73-1-113.compute-1.amazonaws.com] sudo: service apache2 start
[ec2-184-73-1-113.compute-1.amazonaws.com] out: * Starting web server apache2
[ec2-184-73-1-113.compute-1.amazonaws.com] out: ...done.
[ec2-184-73-1-113.compute-1.amazonaws.com] out:
However, if I try to connect, the connection is refused and if I ssh into the server and run
sudo service apache2 status it says that "Apache is NOT running"
Whilst sshed in, if run
sudo service apache start, the server is started and I can connect. Has anyone else experienced this? Or does anyone have any tips as to where I could look, in log files etc to work out what has happened. There is nothing in apache2/error.log, syslog or auth.log.
It's not that big a deal, I can work round it. I just don't like such silent failures.
Which version of fabric are you running?
Have you tried to change the pty argument (try to change shell too, but it should not influence things)?
http://docs.fabfile.org/en/1.0.1/api/core/operations.html#fabric.operations.run
You can set the pty argument like this:
sudo('service apache2 restart', pty=False)
Try this:
sudo('service apache2 restart',pty=False)
This worked for me after running into the same problem. I'm not sure why this happens.
This is an instance of this issue and there is an entry in the FAQ that has the pty answer. Unfortunately on CentOS 6 doesn't support pty-less sudo commands and I didn't like the nohup solution since it killed output.
The final entry in the issue mentions using sudo('set -m; service servicename start'). This turns on Job Control and therefore background processes are put in their own process group. As a result they are not terminated when the command ends.
When connecting to your remotes on behalf of a user granted enough privileges (such as root), you can manage system services as shown below:
from fabtools import service
service.restart('apache2')
https://fabtools.readthedocs.org/en/0.13.0/api/service.html
P.S. Its requires the installation of fabtools
pip install fabtools
Couple of more ways to fix the problem.
You could run the fab target with --no-pty option
fab --no-pty <task>
Inside fabfile, set the global environment variable always_use_pty to False, before your target code executes
env.always_use_pty = False
using pty=False still didn't solve it for me. The solution that ended up working for me is doing a double-nohup, like so:
run.sh
#! /usr/bin/env bash
nohup java -jar myapp.jar 2>&1 &
fabfile.py
...
sudo("nohup ./run.sh &> nohup.out", user=env.user, warn_only=True)
...