check-dns-zone fails

because it does not exist. I have a master server running VM Pro and Cloudmin for Physical Systems. And another server running VM GPL. On either VM system if I go to System Settings > Cloudmin Services Client and put in the connection information I get:

Checking login to services host pericles.karelia.com .. .. check failed : Remote program list-provision-features does not exist

Indeed, none of the provisioning scripts listed here seem to be installed:

https://www.virtualmin.com/documentation/cloudmin/devel/cli/cloudmin_pro...

My read of the docs/forum suggests that I need to have the Cloudmin Services plugin installed on my Cloudmin box. Where do I get that? I see on my downloads page a spot for downloading Cloudmin but not this services plugin. That seems to be a critical missing piece.

I've added my VM boxes as physical systems and they show up and that's all good and I can create and provision new Virtualmin domains through Cloudmin and that's great, but I don't see how I can get the VM boxes to use the master server for DNS (which is what my real need is) without at least the DNS provisioning scripts that I don't seem to have because I don't have this plugin.

So what do I need to do? I have Cloudmin running fine, but i can't move forward without the services plugin. Creating a domain doesn't really work unless I can also get the DNS entries properly set up.

Cheers

Status: 
Closed (fixed)

Comments

Cloudmin Services is still undergoing beta testing, but we can issue you a licence for it if you like?

It is mainly designed for hosting MySQL databases, DNS zones and spam and virus filtering on centralized servers, to offload some of the work from your Virtual systems. Is that something you could make use of?

Yes, please. I would be very interested in a license. It's DNS zones that I'm particularly interested in, with MySQL down the road. If I could help test/use that, I would be delighted to: it's really (I hope) the last piece of the puzzle for me.

Cheers

Ok, I have issued a Cloudmin Services licence for your ttalbot account.

The commands to install it (on your Cloudmin master system) are :

wget -O install.sh http://cloudmin.virtualmin.com/cgi-bin/services-debian-install.cgi\?serial=5558721\&key=NQACOHJQEU
/bin/sh install.sh

Assuming you are running Debian or Ubuntu. Further docs on how to use it can be seen at http://www.virtualmin.com/documentation/cloudmin , under "Cloudmin Services"

Thank you very much!

I hate be a pain, of course, but I installed the cloudmin services plugin on master and have the cloudmin client services machine set up and talking to it, but if I check DNS zones I get:

Checking login to services host pericles.karelia.com .. .. check failed : DNS service not supported

BIND is running both on the client and the master (with the hope that I can turn off BIND on the client as your docs mention) and master is set up to provide hosting for DNS with Create DNS zones set either to Unlimited or Maximum zones 200 and the same for Create slave DNS zones. (Also port 53 is open for both TCP and UDP packets.)

What could the above possibly indicate? What should I check to try to fix this?

Related, what does the "View for DNS zones, View named" setting do?

Cheers

Also

That error means that the Cloudmin services host hasn't been setup to do DNS hosting. This can be done at Virtualmin Settings -> Cloudmin Services, by adding at least one system for which the "Create DNS zones?" option is enabled.

The "View for DNS zones" option controls which BIND view new DNS zones get added to. You can leave it set to "None" if your DNS server doesn't have any zones configured though..

That's what I thought as well, except that I do have a server set up for DNS hosting -- pericles.karelia.com, the same host that is running cloudmin. See attached. Well, attachments aren't working. So here are some screenshots published to another host:

http://wallace.karelia.com/virtualminsupport/screenshots/

In looking at my screenshots, odd that there are no zones (in the services screenshot) when there are clearly zones (in the BIND screenshot). That's the same machine. Obviously cloudmin services was added after that server (pericles) was set up with a virtualmin-controlled domain (sandvox.net), with appropriate zones, etc. Could that be an issue? I'm not sure where the disconnect is here for cloudmin services, nor how to resolve it.

I think I see the issue - on the Cloudmin master system, you need to create an owner account as documented on http://www.virtualmin.com/documentation/provisioning/owners .

Then on the Virtualmin system, you need to enter the username and password of this owner account on the "Cloudmin Services Client" page. The root username and password won't work here ..

Brilliant, thanks! That's all good now. Onto the next issue:

When I try to create a domain now, I get "Services error checking DNS zone: check-dns-zone failed"

When I try it as root on the command-line, I get:

root@pericles:~# cloudmin check-dns-zone domain=sandvoxhost.com Command check-dns-zone.pl was not found

So it seems like I'm still missing parts of cloudmin? Is there some other update or package I need?

So just to follow up again, if I use my Cloudmin web page and do Virtualmin Settings > Virtualmin Domains > Create new Virtualmin domain, fill everything out there (domain name, description, password, create on system to x1.sandvox.net, features enabled, and no virtual IP address assigned, I get:

Creating sandvoxhost4.com on system x1.sandvox.net .. .. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :

so that's all happening within cloudmin. But as we know from the command-line test, this master cloudmin server has no check-dns-zone script.

What to do?

I do appreciate your seeing me through this. I think it will be great if we can only get to the end. :)

That's odd .. does the file /usr/share/webmin/cloudmin-services/check-dns-zone.pl exist on your system?

Oddly enough it does. :(

root@pericles:~# ls -l /usr/share/webmin/cloudmin-services/check-dns-zone.pl -rwxr-xr-x 1 root root 2064 Dec 8 2011 /usr/share/webmin/cloudmin-services/check-dns-zone.pl

But cloudmin from the command-line or the web does not seem to think so.

Could you post the contents of the /usr/sbin/cloudmin command from your system?

Sure:

root@pericles:~# cat /usr/sbin/cloudmin
#!/bin/bash
WEBMIN_CONFIG=/etc/webmin
WEBMIN_VAR=/var/webmin
PERLLIB=/usr/share/webmin
export WEBMIN_CONFIG WEBMIN_VAR PERLLIB
cd /usr/share/webmin/server-manager
id -a | grep uid=0 >/dev/null
if [ "$?" != 0 ]; then
    echo "/usr/sbin/cloudmin must be run as root"
    exit 2
fi
if [ "$1" = "" -o "$1" = "help" -a "$2" = "" -o "$1" = "--help" -a "$2" = "" -o "$1" = "-help" -a "$2" = "" ]; then
    echo "usage: /usr/sbin/cloudmin <command> [args..]"
    echo "   or: /usr/sbin/cloudmin help <command>"
    echo ""
    echo "Available commands :"
    echo ""
    COMMAND=list-commands
else
    COMMAND=$1
fi
shift
if [ "$COMMAND" = "help" ]; then
    help=1
    COMMAND=$1
    shift
fi
echo $COMMAND | fgrep .pl >/dev/null
if [ "$?" != "0" ]; then
    COMMAND="$COMMAND.pl"
fi
for dir in /usr/share/webmin/server-manager; do
    if [ -x "$dir/$COMMAND" ]; then
        if [ "$help" = "1" ]; then
            exec perldoc $dir/$COMMAND
        else
            exec $dir/$COMMAND "$@"
        fi
    fi
done
echo Command $COMMAND was not found
exit 1

Something like this works perfectly fine:

root@pericles:~# cloudmin modify-owner --name bluevisor --provision-max-dns 110
Updated Cloudmin system owner bluevisor

But check-dns-zone does not (and that is apparently needed for cloudmin to fully setup a new domain):

root@pericles:~# cloudmin check-dns-zone
Command check-dns-zone.pl was not found
 
root@pericles:~# cloudmin help check-dns-zone
Command check-dns-zone.pl was not found

Just for fun, here's the list of commands that pop out if I run it. check-dns-zone is listed but yet, as we see above, is not found.

root@pericles:~# /usr/sbin/cloudmin 
usage: /usr/sbin/cloudmin <command> [args..]
   or: /usr/sbin/cloudmin help <command>
 
Available commands :
 
File management
---------------
download-file            Downloads a file from a single system
stat-file                Displays information about a file on a managed system.
transfer-file            Transfer a file between two systems
upload-file              Uploads a file to one or more systems
upload-multiple-files    Uploads multiple files to a directory on one or more
                         systems. 
list-directory           Lists the contents of a directory on a remote system.
 
Virtual systems
---------------
create-system            Creates a new virtual system of some type
delete-system            Deletes a virtual system or systems
login-system             Open the console of some virtual system
modify-system            Changes the description, hostname, OS or login details
                         system single a of 
move-system              Moves a virtual system from one host to another
passwd-system            Changes the SSH and/or Webmin password on some system
pause-system             Pauses one or more managed systems
reboot-system            Reboots one or more managed systems
shell-system             Open a root shell on some virtual system.
shutdown-system          Shuts down one or more managed systems
startup-system           Starts up one or more managed systems
unpause-system           Un-pauses one or more managed systems
wait-ssh-system          Waits until one or more systems can be contacted via
                         SSH. 
list-systems             Output a table of all systems managed by Cloudmin.
refresh-systems          Updates the status of multiple systems, and displays
                         results the 
update-systems           Updates installed packages on multiple systems, and
                         results. the displays 
get-console              Output boot-time console messages for some host
modify-reverse-address   Changes the DNS hostname for a reverse address
 
Network interfaces
------------------
create-interface         Adds a new network interface to some system
delete-interface         Removes a network interface from some system
modify-interface         Changes the IP or MAC address of an interface on some
                         system. 
list-interfaces          Lists network interfaces on some system
 
System owners
-------------
create-owner             Create a new Cloudmin system owner
delete-owner             Delete an existing Cloudmin system owner
modify-owner             Updates a Cloudmin system owner
list-owners              Lists some or all Cloudmin system owners
 
Virtualmin domains
------------------
create-domain            Creates a new virtualmin domain on one system
move-domain              Moves a domain from one system to another
delete-domains           Removes Virtualmin domains from managed systems
disable-domains          Disables Virtualmin domains on managed systems
enable-domains           Enables Virtualmin domains on managed systems
list-domains             Lists domains on some or all managed servers
 
License management
------------------
add-licence              Adds one Virtualmin licence to the pool
change-licence           Change a system's Cloudmin license key
delete-licence           Removes one Virtualmin licence from the pool
list-licences            Lists all Virtualmin licences
 
Provisioning
------------
list-provision-features  Output a list of all available features for
                         provisioning. 
list-provision-history   Output a list of all provisioned features.
list-provision-mysql-use Ouput a list of all users of some MySQL DB
modify-owner-provision   Set provisioning limits for some system owner.
provision-dns-zone       Create a DNS zone for a system owner.
provision-mysql-database Create a MySQL database on some provisioning system.
provision-mysql-login    Create a MySQL login on some provisioning system.
provision-spam           Allow a client system to make spam filtering requests.
provision-virus          Allow a client system to make virus scanning requests.
unprovision-dns-zone     Remove a DNS zone from some provisioning system.
unprovision-mysql-databa Remove a MySQL database on some provisioning system.
unprovision-mysql-login  Remove a MySQL login on some provisioning system.
unprovision-spam         Remove spam filtering access from some provisioning
                         system. 
unprovision-virus        Remove virus scanning access from some provisioning
                         system. 
check-dns-zone           Checks if a DNS zone exists or not on any provisioining
                         system. 
modify-dns-zone          Renames, disabled or re-enables a DNS zone.
provision-dns-zone       Create a DNS zone for a system owner.
unprovision-dns-zone     Remove a DNS zone from some provisioning system.
check-mysql-database     Checks if a MySQL database exists or not on any
                         system. provisioining 
provision-mysql-database Create a MySQL database on some provisioning system.
unprovision-mysql-databa Remove a MySQL database on some provisioning system.
check-mysql-login        Checks if a MySQL user exists or not on any
                         system. provisioining 
modify-mysql-login       Lock, unlock or rename the MySQL login on some system.
provision-mysql-login    Create a MySQL login on some provisioning system.
unprovision-mysql-login  Remove a MySQL login on some provisioning system.
list-dns-records         Output all records in some provisioned zone.
modify-dns-records       Change some or all records in a DNS zone.
 
Other scripts
-------------
install-virtualmin       Installs Virtualmin on multiple systems
install-webmin           Installs Webmin on multiple systems
list-bandwidth           Lists bandwidth use for some system over some date
                         range 
list-commands            Lists API scripts available
list-processes           List or find running processes on some systems
list-reverse-addresses   Lists IP to name DNS mappings for some system
list-ssh-keys            Lists all registered SSH keys
list-system-history      Lists the values of some statistic on one or more
                         systems. 
list-updates             Lists all available updates on one or more systems
run-command              Run some shell command on multiple systems in parallel
setup-bind-zone          Creates a new BIND zone, and sets up BIND if needed.
transfer-command         Run a command on one system with a file on another
                         input either as system 

Ok, I see the issue - the line

for dir in /usr/share/webmin/server-manager; do

should really be :

for dir in /usr/share/webmin/server-manager /usr/share/webmin/cloudmin-services; do

If you go to Cloudmin Settings -> Cloudmin Plugins, make sure "Cloudmin Services" is checked and then click Save, the script should be automatically re-generated.

OK, I did that, and that does indeed restore the function from the command-line:

root@pericles:~# cloudmin check-dns-zone --domain sandvoxhost5.com
OK: clash=0

but if I try to create a new virtualmin domain on the server through cloudmin, I still get the original error:

Create Virtualmin Domain 
x1.sandvox.net
Creating sandvoxhost5.com on system x1.sandvox.net ..
.. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :
  Return to domains form 

Call remote API is definitely checked for the system owner.

What do we do next?

That error usually indicates some problem with Webmin on the cloudmin master system communicating with the DNS host system. But in your case, they are the same machine, right?

One thing you should check is that TCP ports 10000 to 10100 are open on the Cloudmin master system, and the DNS server system.

A little more info: if I use Cloudmin to create a new test virtualmin domain on the local (master) server, it appears to work fine:

Create Virtualmin Domain 
pericles.karelia.com
Creating sandvoxhost6.com on system pericles.karelia.com ..
Beginning server creation ..
 
Creating administration group sandvoxhost6.com ..
.. done
 
Creating administration user sandvoxhost6.com ..
.. done
 
Creating aliases for administration user ..
.. done
 
Adding administration user to groups ..
.. done
 
Creating home directory ..
.. done
 
Creating mailbox for administration user ..
.. done
 
Adding new DNS zone ..
.. done
 
Adding new virtual website ..
.. done
 
Adding webserver user www-data to server's group ..
.. done
 
Performing other Apache configuration ..
.. done
 
Setting up log file rotation ..
.. done
 
Creating status monitor for website ..
.. done
 
Re-starting DNS server ..
.. done
 
Applying web server configuration ..
.. done
 
Saving server details ..
.. done
 
All done!
.. Virtualmin domain created successfully!
Updating system status ..
.. status successfully retrieved.
 
  Return to domains form 

It's when I try to create a domain, with a DNS zone, on the other server (x1.sandvox.net) that things fail, if that helps.

That's a possibility. I thought they were open, but there may be multiple firewalls in play here. Checking...

No, it still fails. I've verified that port range is open on both systems. I've also told Webmin to listen on all of those ports on both systems in Webmin Configuration > Ports and Addresses. I didn't know if that was needed or not.

In any case, when I try to create a domain on the non-master machine, but having master act as DNS Zone master, I still get the error:

Create Virtualmin Domain 
x1.sandvox.net
Creating sandvoxhost8.com on system x1.sandvox.net ..
.. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :

What to do?

Any chance I could login to your system to see what is going wrong here?

OK, if that's what we need to do, that's what we need to do. I just really want to move forward and get this setup working. So, as mentioned previously, there are two instances running:

1) pericles.karelia.com - has VM Pro, Cloudmin, and Cloudmin Services installed. It is a pretty stock install running Apache, MySQL, BIND, etc. It is aliased to ns1.sandvox.net. This is our "master" server which we want to use to host DNS and provision new domains on other instances that we roll out.

The root password is currently (redacted)

There is also one system owner created on pericles.karelia.com. The system owner is (redacted) and the password is (redacted)

You can see that it is working by trying something like [url]https://(redacted)@pericles.karelia.com:10000/server-manager/remote.cgi?program=list-systems[/url] in a browser.

2) x1.sandvox.net which is running VM GPL (at EC2, so it has an external IP of 54.243.234.110 but a different internal IP. That took a little while to make happy, but I believe it is.). It is stripped down a bit. The only services I want running here are nginx and ssh (or rather sftp). This seems to work fine. I can create a test domain directly on that machine using Virtualmin on that machine.

The root password is (redacted)

It is set up as a Cloudmin Services Client using bluevisor as the system owner.

--

The test for me, I think, is to use Cloudmin on pericles to create a new test domain on x1. So I log in to pericles using a browser. I go to Cloudmin. I pick Virtualmin Settings > Virturalmin Domains > Create new Virtualmin domain. I put in a for now fake domain name, e.g., sandvoxhost9.com, a test password, etc., I uncheck all enabled features except Admin user, BIND DNS domain, Home directory, and Nginx website. I click Create Virtual Server.

And that's when I see:

Creating sandvoxhost9.com on system x1.sandvox.net .. .. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :

What other information can I provide?

Thanks

OK, if that's what we need to do, that's what we need to do. I just really want to move forward and get this setup working. So, as mentioned previously, there are two instances running:

1) pericles.karelia.com - has VM Pro, Cloudmin, and Cloudmin Services installed. It is a pretty stock install running Apache, MySQL, BIND, etc. It is aliased to ns1.sandvox.net. This is our "master" server which we want to use to host DNS and provision new domains on other instances that we roll out.

The root password is currently [redacted]

There is also one system owner created on pericles.karelia.com. The system owner is [redacted] and the password is [redacted]

You can see that it is working by trying something like [url]https://[redacted]@pericles.karelia.com:10000/server-manager/remote.cgi?program=list-systems[/url] in a browser.

2) x1.sandvox.net which is running VM GPL (at EC2, so it has an external IP of 54.243.234.110 but a different internal IP. That took a little while to make happy, but I believe it is.). It is stripped down a bit. The only services I want running here are nginx and ssh (or rather sftp). This seems to work fine. I can create a test domain directly on that machine using Virtualmin on that machine.

The root password is [redacted]

It is set up as a Cloudmin Services Client using bluevisor as the system owner.

--

The test for me, I think, is to use Cloudmin on pericles to create a new test domain on x1. So I log in to pericles using a browser. I go to Cloudmin. I pick Virtualmin Settings > Virturalmin Domains > Create new Virtualmin domain. I put in a for now fake domain name, e.g., sandvoxhost9.com, a test password, etc., I uncheck all enabled features except Admin user, BIND DNS domain, Home directory, and Nginx website. I click Create Virtual Server.

And that's when I see:

Creating sandvoxhost9.com on system x1.sandvox.net .. .. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :

What other information can I provide?

Thanks

OK, if that's what we need to do, that's what we need to do. I just really want to move forward and get this setup working. So, as mentioned previously, there are two instances running:

1) pericles.karelia.com - has VM Pro, Cloudmin, and Cloudmin Services installed. It is a pretty stock install running Apache, MySQL, BIND, etc. It is aliased to ns1.sandvox.net. This is our "master" server which we want to use to host DNS and provision new domains on other instances that we roll out.

The root password is currently [redacted]

There is also one system owner created on pericles.karelia.com. The system owner is [redacted] and the password is [redacted]

You can see that it is working by trying something like [url]https://[redacted]@pericles.karelia.com:10000/server-manager/remote.cgi?program=list-systems[/url] in a browser.

2) x1.sandvox.net which is running VM GPL (at EC2, so it has an external IP of 54.243.234.110 but a different internal IP. That took a little while to make happy, but I believe it is.). It is stripped down a bit. The only services I want running here are nginx and ssh (or rather sftp). This seems to work fine. I can create a test domain directly on that machine using Virtualmin on that machine.

The root password is [redacted].

It is set up as a Cloudmin Services Client using bluevisor as the system owner.

--

The test for me, I think, is to use Cloudmin on pericles to create a new test domain on x1. So I log in to pericles using a browser. I go to Cloudmin. I pick Virtualmin Settings > Virturalmin Domains > Create new Virtualmin domain. I put in a for now fake domain name, e.g., sandvoxhost9.com, a test password, etc., I uncheck all enabled features except Admin user, BIND DNS domain, Home directory, and Nginx website. I click Create Virtual Server.

And that's when I see:

Creating sandvoxhost9.com on system x1.sandvox.net .. .. failed : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi :

What other information can I provide?

Thanks

One other follow up, if I try to create a test domain directly on x1 now using its Virutalmin installation, I get this error in response:

same thing but with more detail?

until I had set up x1 as a cloudmin services client, I could at least create a test domain on x1 itself using x1's VM in a browser without a problem.

Failed to create virtual server : Services error checking DNS zone : check-dns-zone failed : Error: Bad response from fastrpc.cgi : table.formsection, table.ui_table, table.loginform { border-collapse: collapse; } var rowsel = new Array(); Security Warning defaultStatus="root logged into Webmin 1.600 on pericles.karelia.com (Ubuntu Linux 12.04)"; Security Warning Warning! Webmin has detected that the program http:// was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command. If your browser does not send the Referer header needed, you can turn off this check as follows :Login to Webmin normally.Go to the Webmin Configuration module.Click on the Trusted Referrers icon.Check the Trust links from unknown referrers box, and click Save. Alternately, you can configure Webmin to allow links from unknown referers by :Login as root, and edit the /etc/webmin/config file.Find the line referers_none=1 and change it to referers_none=0.Save the file. Error ----- Bad response from fastrpc.cgi : table.formsection, table.ui_table, table.loginform { border-collapse: collapse; } var rowsel = new Array(); Security Warning defaultStatus="root logged into Webmin 1.600 on pericles.karelia.com (Ubuntu Linux 12.04)"; Security Warning Warning! Webmin has detected that the program http:// was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command. If your browser does not send the Referer header needed, you can turn off this check as follows :Login to Webmin normally.Go to the Webmin Configuration module.Click on the Trusted Referrers icon.Check the Trust links from unknown referrers box, and click Save. Alternately, you can configure Webmin to allow links from unknown referers by :Login as root, and edit the /etc/webmin/config file.Find the line referers_none=1 and change it to referers_none=0.Save the file. ----- Exit status: 256

OK, I think it's sort of fixed. After reading through that lengthier error message -- that I only got after trying to create the domain directly on the non-master machine -- I went into Webmin on the master machine and turned on

Trust links from unknown referrers

and suddenly it now all works. So that's is really, really good news. I had set Halloween as my goal for this step and we made it!

Now, can you tell me the consequences of turning on this checkbox and what a more secure way to do it would be? If this was in the Cloudmin docs and I missed it, apologies, though perhaps it deserves either special calling out or additions to the script to check this and turn it on, or hopefully fill it out with more secure parameters.

So, how much danger am I in with this checkbox being on? How should it be set up to be more secure?

I tried putting x1.sandvox.net in the trusted websites textarea and that made no difference at all (still fails unless I also turn on trust unknown referrers).

Wow, that is surprising - the referrer check shouldn't cause RPC call problems. I will take a closer look at the code responsible for this though.

I had a look at the code responsible for this error check, and found a bug that can cause this problem when the Cloudmin master and the DNS server are on the same machine. Plus another bug that prevents the error from being reported in a useful way :-(

These will be fixed in the next Webmin release. Till then, turning off checking of unknown referers is the best work-around.

Very good. I'll look for an update in the future and will use this workaround in the meantime. Thanks for your help!