Submitted by ADDISON74 on Tue, 01/29/2019 - 13:15
I am trying to install from scratch Virtualmin in a Debian 9 virtual machine. Installation fails here. Nothing can do positive from now on.
▣□□ Phase 1 of 3: Setup
Downloading RPM-GPG-KEY-virtualmin-6 [ OK! ]
Downloading RPM-GPG-KEY-webmin [ OK! ]
Installing Virtualmin 6 key [ OK! ]
Installing Webmin key [ OK! ]
Updating apt metadata [ OK! ]
Downloading repository metadata [ OK! ]
Disabling cdrom: repositories [ OK! ]
Cleaning out old metadata [ OK! ]
▣▣□ Phase 2 of 3: Installation
Installing Webmin [ OK! ]
Installing Usermin [ OK! ]
Installing fail2ban [ OK! ]
Removing nginx (if installed) before LAMP installation. [ OK! ]
Removing unneeded packages that could confict with LAMP stack. [ OK! ]
Installing postfix [ OK! ]
Installing virtualmin-lamp-stack [ OK! ]
Installing Virtualmin and plugins [ OK! ]
29 Jan 22:15:07 ntpdate[20878]: the NTP socket is in use, exiting
Installing updates to Virtualmin-related packages [ OK! ]
▣▣▣ Phase 3 of 3: Configuration
[1/23] Configuring AWStats [ ✔ ]
[2/23] Configuring Apache [ ✔ ]
[3/23] Configuring Bind [ ✔ ]
[4/23] Configuring ClamAV [ ✔ ]
[5/23] Configuring Dovecot [ ✔ ]
[6/23] Configuring Firewalld [ ✔ ]
[7/23] Configuring MySQL [ ✔ ]
[8/23] Configuring NTP [ ✔ ]
[9/23] Configuring Net [ ✔ ]
[10/23] Configuring ProFTPd [ ✔ ]
[11/23] Configuring Procmail [ ✔ ]
[12/23] Configuring Quotas [ ✔ ]
[13/23] Configuring SASL [ ✔ ]
[14/23] Configuring Shells [ ✔ ]
[15/23] Configuring SpamAssassin [ ✔ ]
[16/23] Configuring Status [ ✔ ]
[17/23] Configuring Upgrade [ ✔ ]
[18/23] Configuring Usermin [ ✔ ]
[19/23] Configuring Webalizer [ ✔ ]
[20/23] Configuring Webmin [ ✔ ]
[21/23] Configuring Fail2banFirewalld ████▒▒▒Error: Systemd service fail2ban cannot be created unless a command is given
Error
-----
Systemd service fail2ban cannot be created unless a command is given
-----
▣▣▣ Cleaning up
[WARNING] The following errors occurred during installation:
◉ Postinstall configuration returned an error.
[WARNING] The last few lines of the log file were:
[2019/01/29 22:15:34] [INFO] - Succeeded
[2019/01/29 22:15:34] [INFO] - Configuring Status
[2019/01/29 22:15:36] [INFO] - Succeeded
[2019/01/29 22:15:36] [INFO] - Configuring Upgrade
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:37] [INFO] - Configuring Usermin
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:37] [INFO] - Configuring Webalizer
[2019/01/29 22:15:37] [INFO] - Succeeded
[2019/01/29 22:15:38] [INFO] - Configuring Webmin
[2019/01/29 22:15:50] [INFO] - Succeeded
[2019/01/29 22:15:50] [INFO] - Configuring Fail2banFirewalld
[2019-01-29 22:15:51 EET] [DEBUG] Cleaning up temporary files in /tmp/.virtualmin-9083.
Status:
Active
Comments
Submitted by ADDISON74 on Tue, 01/29/2019 - 14:28 Comment #1
Submitted by andreychek on Tue, 01/29/2019 - 14:39 Comment #2
Passing this along to Joe for review.
Submitted by andreychek on Tue, 01/29/2019 - 16:37 Comment #3
It looks like you're seeing the issue described in the post here:
https://www.virtualmin.com/node/53493
Could you try the solution there in the first post and see if that works for you?
If that does indeed resolve it, we'll have to look deeper into that, as that should have been resolved long ago, I'm not quite sure why that would be occurring.
Submitted by ADDISON74 on Wed, 01/30/2019 - 07:11 Comment #4
I already read that post before reporting. Here are the results:
Solution 1 - It is not a solution
Using command "virtualmin-config-system --exclude"
root@server:~# virtualmin-config-system --exclude
Option exclude requires an argument
Usage:
virtualmin config-system [options]
Options:
--help|-h Print this summary of options and exit
--list-bundles|-s List available installation bundles
--list-plugins|-p List available plugins
--bundle|-b A bundle of plugins to execute
--log|-l Path to a file for logging actions
--include|-i One or more extra plugins to include
--exclude|-x One or more plugins to exclude
--test|-t Test services after configured (when available)
Command "virtualmin-config-system --list-plugins"
root@server:~# virtualmin-config-system --list-plugins
Available Plugins:
AWStats Apache Bind ClamAV
Dovecot Fail2ban Fail2banFirewalld Firewall
Firewalld Mailman MySQL NTP
Net Nginx Postfix PostgreSQL
ProFTPd Procmail Quotas SASL
SELinux Shells SpamAssassin Status
Upgrade Usermin Virtualmin Webalizer
Webmin
Command "virtualmin-config-system --exclude Fail2banFirewalld" not working root@server:~# virtualmin-config-system --exclude Fail2banFirewalld Usage: virtualmin config-system [options]
Solution 2 - It is not a solution. I tried editing /usr/share/webmin/init/init-lib.php and using all combinations possible in that if statement. Here are all combinations used:
(!-r "$config{'init_dir'}/$_[0]" || &is_systemd_service($unit))
(!-r "$config{'init_dir'}/$_[0]" || !&is_systemd_service($unit))
!(-r "$config{'init_dir'}/$_[0]" || &is_systemd_service($unit))
Solution 3 - I did not find a file called S99fail2ban in any of rc.d directories. The only file is K01fail2ban
Those "tips" mentioned in that post are not solution to apply in this case. I couldn't manage installing Virtualmin in a VMware workstation 15 with Debian 64-bit. I would like to exclude the packages Fail2Ban, Fail2banFirewalld and Firewalld to see if I can install it, but I don't know. A lot of garbage remains behind with every installation failure.
I need a solution as soon as possible.
Submitted by ADDISON74 on Wed, 01/30/2019 - 08:04 Comment #5
Doing a research fail2ban-firewalld is not a package in Debian. Only Fedora/CentOS/RHEL have this package. Under this circumstances I am wondering why there is a Virtualmin package named Fail2banFirewall?
For those like me who don't use Firewalld after a succeed installation just disable firewalld service. Do not remove it from system. You can use iptables as before (old school).
Submitted by ADDISON74 on Wed, 01/30/2019 - 10:50 Comment #6
This is a bug in Debian 9 installation. Virtualmin is not enabling Firewalld service. Please do the following test and see the results:
Firewalld service disabled:
root@server:~# systemctl disable firewalld.service
Synchronizing state for firewalld.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d firewalld defaults
Executing /usr/sbin/update-rc.d firewalld disable
insserv: warning: current start runlevel(s) (empty) of script `firewalld' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `firewalld' overrides LSB defaults (0 1 6).
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
root@server:~# virtualmin config-system --include Fail2banFirewalld
[1/2] Configuring Firewalld ███████Error: Systemd service firewalld cannot be created unless a command is given ▒██████Error
-----
Systemd service firewalld cannot be created unless a command is given
-----
Firewalld service enabled:
root@server:~# systemctl enable firewalld.service
Synchronizing state for firewalld.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d firewalld defaults
insserv: warning: current start runlevel(s) (empty) of script `firewalld' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `firewalld' overrides LSB defaults (0 1 6).
Executing /usr/sbin/update-rc.d firewalld enable
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /lib/systemd/system/firewalld.service.
root@server:~# virtualmin config-system --include Fail2banFirewalld
[1/2] Configuring Firewalld [ ✔ ]
[2/2] Configuring Fail2banFirewalld [ ✔ ]
As you may see if Virtualmin is not enabling Firewalld installation will fail with error in Phase 3 - Step 21.
Submitted by ADDISON74 on Wed, 01/30/2019 - 11:26 Comment #7
Also fail2ban service should be masked. If it is not masked it won't let you configure Fail2banFirewalld.
Anyone can get rid off Firewalld just stopping the service. Then in jail.local switch from firewalld to normal banning.