8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Ask questions about your setup or get help installing ZCS server (ZD section below).
apiening
Posts: 8
Joined: Tue Aug 30, 2016 9:57 pm

8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Postby apiening » Thu Sep 13, 2018 7:07 pm

Hi there,
I want to upgrade my ZCS 8.7.9 to the latest version, but since I red somewhere that it is safer to upgrade to the latest 8.7 release first, I'll take this route and update to 8.8. in another step.

However, the installer exits with an error that my /etc/hosts file contains a line like:

Code: Select all

127.0.0.1     myhost.mydomain.com myhost localhost.localdomain localhost

And that's true.
However, if I remove the myhost.mydomain.com and myhost parts, I get another error instead:

Code: Select all

Error: Unable to create a successful TLS connection to the ldap masters.
       Fix cert configuration prior to upgrading.

How can I proceed from here?

Thank you in advance!


phoenix
Ambassador
Ambassador
Posts: 25772
Joined: Fri Sep 12, 2014 9:56 pm

Re: 8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Postby phoenix » Thu Sep 13, 2018 7:27 pm

Your hosts file is incorrect. Go to the wiki and read the Split DNS article, it tells you what the format of your hosts file should be. You can also find the details in lots of forum threads if you search.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 301
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL6_64.P7
Contact:

Re: 8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Postby JDunphy » Thu Sep 13, 2018 8:05 pm

apiening wrote:Hi there,
I want to upgrade my ZCS 8.7.9 to the latest version, but since I red somewhere that it is safer to upgrade to the latest 8.7 release first, I'll take this route and update to 8.8. in another step.

However, the installer exits with an error that my /etc/hosts file contains a line like:

Code: Select all

127.0.0.1     myhost.mydomain.com myhost localhost.localdomain localhost

And that's true.
However, if I remove the myhost.mydomain.com and myhost parts, I get another error instead:

Code: Select all

Error: Unable to create a successful TLS connection to the ldap masters.
       Fix cert configuration prior to upgrading.

How can I proceed from here?

Thank you in advance!

Observe that ldap is tied to your lan ip address and not the loopback. netstat will show you that the listen socket for port 389 is tied to your lan ip address. The entries look like this where zmhostname is defined in /etc/hosts
lan ipaddress mail mail.example.com

... In your case, the ldap connection failed because there is nothing listening at: 127.0.0.1:389 so you had an incorrect /etc/hosts entry.

Here is what I do on centos to see what should be in /etc/hosts

Code: Select all

% netstat -l | grep tcp | grep ldap
tcp        0      0 mail.example.com:ldap *:*                         LISTEN     


To protect yourself, It is a good idea to make sure that the local resolver can not get a different ip value from what you have listed in your hosts file. I don't think that applies here but if you were testing the update process on a different machine and cloning an existing server, I would setup an authoritative dns server on the testing box with the test servers ip address and point this test server's local resolver to it. I would also make sure a fw blocked incoming packets for this test server on the real server. Probably extra information for your case... Fix that /etc/hosts entries for your zmhostname and you should be ok.
apiening
Posts: 8
Joined: Tue Aug 30, 2016 9:57 pm

Re: 8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Postby apiening » Thu Sep 13, 2018 8:07 pm

phoenix wrote:Your hosts file is incorrect. Go to the wiki and read the Split DNS article, it tells you what the format of your hosts file should be. You can also find the details in lots of forum threads if you search.

The DNS for the public IP is configured correctly, including mx etc. Can't see the need of an additional local DNS server.
My problem is, that if i "fix" my /etc/hosts by removing "myhost.mydomain.com myhost" as it is stated in the manual, the TLS connection isn't working anymore (see initial post).

From my understanding, the integrated cert of the LDAP mismatches if myhost.mydomain.com does not resolve to 127.0.0.1 anymore.
This is probably because the /etc/hosts was already faulty while the initial install has been done.

Any ideas how I can fix this?
pup_seba
Outstanding Member
Outstanding Member
Posts: 503
Joined: Sat Sep 13, 2014 2:43 am
Location: Tarragona - Spain

Re: 8.7.9 to 8.7.11 on Ubuntu 16.04 /etc/hosts error

Postby pup_seba » Thu Sep 13, 2018 8:28 pm

At least from my phone, that hosts file looks bad...if phoenix also says it is bad, then maybe you should try to fix that.

I believe nobody is telling to deploy an additional dns server, the split dns article was referenced as it contains instructions on how the hosts file is formatted.

I'm guessing now that you may be facing two problems:
1. Bad /etc/hosts file content and/or formatting (it looks horrible...but maybe it looks this bad because I'm on my phone and the code snippet is not showing it well).
2. Your ldap hostname and the certificate it has, do mismatch.

1. Fix your hosts file.
2. If 1 does not fix your problem, relax tls security and interprocess communication. (There are wikis on how to do both and i remember a bug explaining how during uogrades tls is challenged showing an error similar to yours)
Sebastián Greco
Infrastructure Developer @https://www.essiprojects.com/

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 7 guests