updatenow Tried to sync version /etc/cpanel/TIERS.json file but failed
Currently upcp / updatenow are failing nightly on my CentOS6 / WHM 11.78.0.18 box...
And this ultimately results in...
(NB: log snippets are from two separate runs of upcp, hence date stamp oddities. Disregard.) From the server, I can manually wget
=> Log opened from /usr/local/cpanel/scripts/updatenow (17431) at Wed Apr 3 08:42:51 2019
[2019-04-03 08:42:51 +0100] Running version '11.78.0.18' of updatenow.
[2019-04-03 08:42:51 +0100] Detected version '11.78.0.18' from version file.
[2019-04-03 08:44:01 +0100] E Tried to sync version /etc/cpanel/TIERS.json file but failed: httpupdate.cpanel.net did not have any working mirrors. Please check your internet connection or dns server. at /usr/local/cpanel/Cpanel/HttpRequest.pm line 929.
[2019-04-03 08:44:01 +0100] ***** FATAL: The version for tier 'release' is not defined!
[2019-04-03 08:44:01 +0100] The Administrator will be notified to review this output when this script completes
=> Log closed Wed Apr 3 08:44:01 2019
[2019-04-03 08:44:01 +0100] 17% complete
=> Log closed Wed Apr 3 08:44:01 2019
And this ultimately results in...
[2019-04-02 23:43:29 +0100] E [/usr/local/cpanel/scripts/autorepair] The "/usr/local/cpanel/scripts/autorepair autorepair" command (process 23298) reported error number 25 when it ended.
[2019-04-02 23:57:56 +0100] E [/usr/local/cpanel/scripts/manage_greylisting] The "/usr/local/cpanel/scripts/manage_greylisting --init --update_common_mail_providers" command (process 24273) reported error number 1 when it ended.(NB: log snippets are from two separate runs of upcp, hence date stamp oddities. Disregard.) From the server, I can manually wget
-
Hi @APatchworkBoy Can you tell me about your networking configuration? Are you NAT routed? Have you made any changes recently? What is the output of the following (remove/obfuscate your public IP or identifying information) : cat /var/cpanel/cpnat
curl myip.cpanel.net/v1.00 -
Hi Lauren - Yep, NAT config... recently switched to a Watchguard firewall, with sNAT / http-proxy / https-proxy rules in place... had some issues that resulted in us being delicensed as it stuck the webserver outbound on wrong IP which locked our license out the other day. Raised a ticket (cPanel Support ID #11821731) for it to be unlocked after the issue had been resolved at our end to shunt it out via the correct IP address... #sudo cat /var/cpanel/cpnat 10.126.168.9 8x.x.x.52
#sudo curl myip.cpanel.net/v1.0 8x.x.x.52
All public IPs tally up to our licensed IP address etc...0 -
Hi @APatchworkBoy I can't help but assume that this is related as it seems like it's still a networking issue that you're unable to connect. Feel free to open a ticket though as I'm pretty limited to what I can check without access. I did look at the ticket and ran a quick nmap 80/443 over TCP both show as the only non-filtered ports which should be enough. 0 -
Indeed - inclined to agree with you - unfortunately firewall is handled by a different team here... have opened 11847523 0 -
HI @APatchworkBoy Great, I'm watching that ticket and I'll update here with any new information as it becomes available. Thanks! 0 -
Issue resolved! So, cPanel's MirrorSearch.pm in doing what it does sends some requests/gets some responses without http content-types set. Our firewall / httpproxy was set to deny all http-responses without a content-type defined. Looks like this stops the ping test working within MirrorSearch.pm so upsets autorepair / updatenow / upcp. Our infrastructure team have now switched this to allow instead of deny and all has sprung back to life. Screenshot attached should anyone else land here with Watchguard kit who can't find where we're talking. 0 -
Hi @APatchworkBoy That makes a lot of sense, I'm glad you were able to identify the source of the issue and thanks for letting us know how you resolved it! Thanks! 0
Please sign in to leave a comment.
Comments
7 comments