Giter Site home page Giter Site logo

apiscp's Introduction

apiscp's People

Contributors

msaladna avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar

Forkers

agentmishra

apiscp's Issues

Feature Request: Web App Updates Logs

Would love to have the Web App UI show have some sort of dated log list that shows X number of recent updates that apiscp has performed on the app. Like x,y,z plugins updated on 10/29/2020 at 7:20pm, etc. Thoughts? Would be cool if that could be tied into the snapshots if enabled for being able to restore before that particular update. Just something to make things more user friendly and intuitive.

Squirrelmail: PHP Notice: Undefined variable: check_mail_mechanism

Probably only one client using squirrelmail, so not an urgent need, but seeing the following polute the httpd_error log:

[root@cp4 ~]# tail -f /var/log/httpd/error_log
[Thu Jan 23 18:56:18.607357 2020] [php7:notice] [pid 1311:tid 139993241310976] [client xx.xxx.xxx.xx:57287] PHP Notice:  Undefined variable: check_mail_mechanism in /var/www/html/squirrelmail/src/left_main.php on line 323, referer: https://server.com/mail/src/left_main.php

[root@cp4 ~]# grep check_mail_mechanism /var/log/httpd/error_log | wc -l
118

From Squirrelmail changelog from 2011:

Added optional JavaScript folder list refresh ("check mail")
    mechanisms that try to avoid refreshing if server is not responding -
    see the $check_mail_mechanism setting in config/config.php or the
    "4. General Options ==> "21. Auto check mail mechanism" setting in
    the configuration tool.  (If you do not update your configuration,
    you will get messages in your logs:  "PHP Notice:  Undefined variable:
    check_mail_mechanism in /path/to/squirrelmail/src/left_main.php on
    line 322...")

Hooks & actions

Would be cool if there were hooks and actions ร  la WordPress kind of stuff, allowing us to add filters and hook pieces of code to the panel during command execution.

An example could be PR #3 which could've been otherwise implemented with an action hook similar to this:

// Apply rewrite structure
add_action('wordpress_install', function ($docroot, ...)
{
    $ret = \Wordpress_Module::execCommand($docroot, "rewrite structure '/%%postname%%/'");

    if (!$ret['success']) {
        return error('failed to set rewrite structure, error: %s', coalesce($ret['stderr'], $ret['stdout']));
    }

    return true;
});

cpcmd: No Error Handling

cpcmd add any value to apnscp-vars-runtime.yml, without information that the value is unknown or not used by upcp -sb

cpcmd scope:set cp.bootstrapper thisisatest ilikeapiscp
INFO    : Setting variable `thisisatest'. Previous not present in apnscp-vars-runtime.yml.
----------------------------------------
MESSAGE SUMMARY
Reporter level: OK
INFO: Setting variable `thisisatest'. Previous not present in apnscp-vars-runtime.yml.
----------------------------------------
1

cat ~/apnscp-vars-runtime.yml |grep thisis
thisisatest: ilikeapiscp

upcp -bs system/sshd

PLAY [localhost] ********************************************************************************************************************************************************************************************************************************************

PLAY RECAP **************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=14   changed=0    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0

This results in confused users/admins when you only has a typo in a value, especially when in both cases cpcmd Reporter succeeded with 1

for example:

cpcmd scope:set cp.bootstrapper permitRootLogin yes <- the wrong value but not recognized
not equal to
cpcmd scope:set cp.bootstrapper PermitRootLogin yes <- the right value

Setup Mail SPF, DMARC & DKIM

Hi,

I have been going through the docs to learn how to setup
SPF Records, DKIM and DMARC

Can anyone guide on how to set this up ?

Failure downloading http://pkg.cloudflare.com/cloudflare-release-latest.el7.rpm

Getting the following error during installation:

fatal: [localhost]: FAILED! => {"attempts": 2, "changed": false, "msg": "Failure downloading http://pkg.cloudflare.com/cloudflare-release-latest.el7.rpm, Request failed: <urlopen error [Errno -2] Name or service not known>"}

Although the installation is still in progress.

Site admin whitelist support

Introduce new rampart service module, allow site admins to whitelist up to n IPs configured by the admin.

[default]
version=3.1
enabled=1
whitelist=[]
max=5

IPs can be shared by multiple sites and will continue to whitelist until the last reference is removed. Moreover a secondary map contains these associations /etc/virtualhosting/mappings/whitelist.map.

Admin can disable support by setting enabled=0 in the service or disable globally by setting [rampart] => user_whitelist to false.

Digital Ocean Block Storage

As requested on Reddit by /u/Dibbyo123.

Add ability to attach/detach block storage on-the-fly in apnscp. Could in theory also provide the storage basis for a new account, although database access will suffer.

php-pools gui 500 error

I get the following error when clicking on php-pools in the web gui. Latest edge version as of this post.

[Mon Dec 09 07:42:26.596830 2019] [php7:error] [pid 9685:tid 140391164651264] [client X.X.X.X:56709] PHP Fatal error: Page_Container and FilesystemPathTrait define the same property ($site) in the composition of apps\php_pools\Page. However, the definition differs and is considered incompatible. Class was composed in /usr/local/apnscp/apps/php-pools/php-pools.php on line 33, referer: https://myscrubbedhostname.com:2083/apps/dashboard

fail2ban config error

Dec  9 18:50:01 cp3 systemd: [/etc/systemd/system/fail2ban.service.d/override.conf:6] Failed to parse protect system value, ignoring: strict
Dec  9 18:50:01 cp3 systemd: [/etc/systemd/system/fail2ban.service.d/override.conf:8] Unknown lvalue 'ReadWritePaths' in section 'Service'

Here are lines 6-8:

ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=-/var/run/fail2ban -/var/lib/fail2ban /var/log/fail2ban.log -/var/spool/postfix/maildrop

cPanel Importer autoresponders

postfix/error[25486]: BA0A17DE52: to=<|/usr/local/cpanel/bin/autorespond,[email protected], /home/iabcente/.autorespond>, orig_to=<[email protected]>, relay=none, delay=1.5, delays=1.5/0.01/0/0.01, dsn=5.1.3, status=bounced (bad address syntax)

Seems to be importing the cpanel autoresponders incorrectly and causing problems. Probably best to not import them if they dont import cleanly? Not a big deal imho if importing them isnt supported. Would rather them not be imported if they are going to cause problems like above

Password Protect Directories

Request
Ability to create password protected directory.

Role
Webmaster View / End User Panel

User Story
As a user logged in to manage my domain, I would love to be able to create password protected directories. The contents within the directory should only be visible and accessible by a remote entity if they pass the password challenge successfully.

Use Case
Say I have a file that I want to share with my team but not the entire world. I own a domain called domain.tld. It would be nice if I were under File Manager, I could create a directory in the main html folder called personal and set a password for it. Then I could upload files to it and ask my team to visit https://domain.tld/personal to retrieve the files. Upon visiting the website, the users must successfully enter the password.

Security
Existing Rampart protections should continue to apply.

Secondary Feature
Would love it if were a scope that could be enabled or disabled by the server admin for the accounts on their Apiscp instance.

Workaround Today
Using OneDrive, Sharefile, etc. to do this. I could theoretically install NextCloud and do this too.

cPanel Restore Support

Cross-server migration only supports apnscp format. Extend migration filter to include cPanel sources, either static or live.

Postfix/Dovecot SNI support

Dovecot presently supports SNI for authentication. Postfix is scheduled to include SNI in 3.4. Update Postfix from 3.2 to 3.4 once 3.4.1 is released thus allowing account hostnames to be used with both incoming/outgoing email as opposed to the server name.

Estimated arrival: Q1 2019

cPanel Import disk quota issue

Plenty of space on server, quota set on plan and statically on import is enough for account, yet get the following error about disk quota and then the import appears to stall out:

ERROR   : rsync: rsync: chown "/home/virtual/site26/fst/home/lori/Mail/.Junk/new/.1570713143.M358472P32140.cp2.cloud.oldserver.com,S=6011048,W=6089153.a4sthP" failed: Disk quota exceeded (122)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: chown "/home/virtual/site26/fst/home/lori/Mail/.Junk/new/.1570713143.M358472P32140.cp2.cloud.oldserver.com,S=6011048,W=6089153.a4sthP" failed: Disk quota exceeded (122)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

INFO    : Created user rcushing, (old/new uid: 32079/21511)
INFO    : Created user aperry, (old/new uid: 32079/21512)
INFO    : Created user trazo, (old/new uid: 32079/21513)
WARNING : passwd missing in .boxtrapper, skipping```

Failed rootflags extraction

This is on KnownHost's Unmanaged Cloud server.

Here's the error, ran with low memory mode because this particular cloud server runs with 2GB RAM running AlmaLinux 8:

TASK [system/kernel : Extract rootflags] **************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => 
  msg: 'Unexpected templating type error occurred on ({{ (lookup("file", "/etc/default/grub") | regex_search("(?:\\s|\\b)rootflags=([^ ''" + ''"'' + "$]+)", "\\1") | last).split(",") }}): ''NoneType'' object is not reversible'

PLAY RECAP ********************************************************************************************************************************************************************************************************
localhost                  : ok=49   changed=8    unreachable=0    failed=1    skipped=29   rescued=0    ignored=0  

Contents of /etc/default/grub:

[root@host playbooks]# cat /etc/default/grub 
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 no_timer_check biosdevname=0 net.ifnames=0"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true

/etc/fstab:

[root@host playbooks]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Tue Nov 28 12:26:53 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/sda4 / xfs defaults,attr2,inode64,usrquota,grpquota,prjquota 0 0
UUID=f95db56c-8b1d-44eb-8174-acaf388b5f6d /boot                   xfs     defaults        0 0
UUID=C88E-FCFD          /boot/efi               vfat    defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2

Let me know if there's other specifics you need for this.

Single administrative panel for multi-server management

Add support for a single panel to manage multiple servers. Could swap out the afi function broker to use the API on each server as needed. This can be combined with CP Proxy to provide a single management portal for all users including administrator.

Presently managing multiple servers requires logging into each server to make changes as necessary. Add a "Switch Server" option to dropdown and complementary Multi-Server app for admin to add API keys for each server.

Example mockup:

switch-server

Remove branding from DNS Manager

DNS Manager has the following text:

Set MX to Apis/Gmail provisions DNS to let Apis or Gmail handle e-mail on the domain. Execute this command to setup hosted Gmail.
Clone External NS MX Records copy public MX records, which is useful to avoid downtime while moving e-mail to Apis.

Mail Migration rsync error for cpanel import?

Nothing special about this cpanel backup from my others that havent had issues. Not sure why its doing a double // or the 'homedirandco'. Dont think thats normal.

ERROR   : rsync: rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/kdo" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/kdo" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/tinas" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/tinas" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/bodo" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

ERROR   : rsync: change_dir "/migrations/apnscp-migration5dcbe10539ffa0.66484823/migexfdwNvm/chicagoland//homedirandco/mail/chicagoland.com/bodo" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]

EditDomain results in flooded log entries

Everytime a domain is edited, it appears that a dependency is attempted to be loaded for every site on the server:

Dec  9 18:50:01 cp3 systemd: [/etc/systemd/system/php-fpm-site25-clientdomain.com.socket:4] Failed to add dependency on After=php-fpm-site25.service, ignoring: Invalid argument
Dec  9 18:50:01 cp3 systemd: [/etc/systemd/system/php-fpm-site25-clientdomain.com.service:69] Failed to load slice unit site25. Ignoring.

I know the slice part can be ignored, but the dependency error seems like an issue:

[root@cp3 system]# cat php-fpm-site25-clientdomain.com.socket
# Templated from /usr/local/apnscp/resources/templates/apache/php/fpm-socket-service.blade.php
[Unit]
Description=PHP-FPM group control site25
BindsTo=php-fpm.service  php-fpm-site25.service After=php-fpm-site25.service

[Socket]
ListenStream=/var/run/php-fpm/site25-clientdomain.com.socket
SocketUser=apache
SocketGroup=admin25
SocketMode=0660
RemoveOnStop=yes
DirectoryMode=1111

[Install]
WantedBy=sockets.target php-fpm.service  php-fpm-site25.service

IPv6 Support

Dependent components:

  • HTTP
  • Name-based pool
  • IP-based pool
  • MX records
  • Migration
  • Rampart firewall lists
  • fail2ban - blocked by 0.10 dependency

Long Bootstapping Time

Hi,

This is the first time I'm trying APIS CP on a freshly provisioned 32GB RAM Performance+ VPS from SSD Nodes.

It has been over 3 hours and the bootstrap installation is still going on. Last task was TASK [system/yum : Configure yum]

There was no error except Failure downloading http://pkg.cloudflare.com/cloudflare-release-latest.el7.rpm but the installation continued despite the error.

Should I be worried?

Addon Domain Path Check for cPanel Imports Failure

The import script seems to only look in /home/username/addon-domain.com, but for many years and still standard on existing cpanel servers, addon domains are located in the public_html directory, so addon domains for some reason are being created as blank directories as /var/www/addon-domain.primarydomain.com:

WARNING : move: `/home/automati/centerstageclassicrumble.net': No such file or directory
WARNING : move: `/home/automati/lodgestat.com': No such file or directory
INFO    : Scanning automationtec.com for Web Apps
INFO    : Searching on `site26' (automationtec.com)
INFO    : Searching docroot `/var/www/html' (automationtec.com) for webapps
INFO    : Detected `wordpress' under `/var/www/html'
INFO    : Searching docroot `/var/www/centerstageclassicrumble.automationtec.com' (centerstageclassicrumble.automationtec.com) for webapps
INFO    : Searching docroot `/var/www/lodgestat.automationtec.com' (lodgestat.automationtec.com) for webapps
(INFO)  : Searching on `site26' (automationtec.com)
(INFO)  : Searching docroot `/var/www/html' (automationtec.com) for webapps
(INFO)  : Detected `wordpress' under `/var/www/html'
(INFO)  : Searching docroot `/var/www/centerstageclassicrumble.automationtec.com' (centerstageclassicrumble.automationtec.com) for webapps
(INFO)  : Searching docroot `/var/www/lodgestat.automationtec.com' (lodgestat.automationtec.com) for webapps

Yet /var/www/lodgestat.automationtec.com is blank and files are actually still in /var/www/html/lodgestat.com, which doesnt get found and linked to the addon domain. Hope this make sense.

Recurring vacation responder

Now that apnscp has an ability to perpetuate work, add the ability to users to set away/back in the panel by leveraging Horizon.

Beacon pseudo-code:

email_set_vacation_schedule [away: [f: 18], back: [m: 6]]
Set a schedule to be away from Friday after 6 PM locale-specific. Return by 6 AM Monday.

More advanced usage:
email_set_vacation_schedule '[away: [f: 18, 18], back: [m: 6, 6]]'
Set away 6 PM - 6 AM daily except for Friday, set away 6 PM, back 6 AM.

M/T/W/R/F/S/U to specify each day of the week.

email_set_vacation_schedule '[away: 2017-12-25 00:00:00, back: 2018-01-03 00:00:00]'

Accept unix timestamp or any parseable datetime

Back/away precedence: Date > Day of week > Time

CentOS 8.2 install experience/issues

A few issues I have experienced when trying to install on CentOS 8.2 on Azure.

The machine comes with /etc/resolv.conf containing an Azure IP for DNS. Bootstrap process appears to replace this with 127.0.0.53. My install command uses 'Cloudflare' for DNS without an API key at this point.

I can add the Azure nameserver (or any other valid resolver) back into resolv.conf and resume the installation.

Once install is resumed, I see:

TASK [system/kernel : Enumerate kernels] ****************************************************************************
fatal: [localhost]: FAILED! => changed=false
  cmd: |-
    awk -F\' '/^menuentry / {print $2}' /boot/grub2/grub.cfg | cat -n | awk '{print $1-1,$1="",$0}' | grep -F "4.18.0-193.6.3.el8_2" | awk  '{print $1}'
  delta: '0:00:00.014156'
  end: '2020-06-26 18:43:49.758071'
  failed_when_result: true
  rc: 0
  start: '2020-06-26 18:43:49.743915'
  stderr: ''
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

After first reboot:

2020-06-26 18:48:36,323 p=1276 u=root n=dnf.[fork.13666] | Unknown configuration value: failovermethod=priority in /etc/yum.repos.d/pgdg-redhat-all.repo; Configuration: OptionBinding with id "failovermethod" does not exist

So I have to again add the valid Azure nameserver back into resolv.conf and it appears to run fine then. This happened again 1 hour into install.

Running systemd-resolve --status shows:

Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
  Current DNS Server: 1.0.0.1
         DNS Servers: 1.0.0.1
                      1.1.1.1
          DNS Domain: ~.
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa

It may work better to utilise resolvconf to set DNS.

After installing/logging in, testing Argos relay displays error:
Util_Process::formatDataCallProc(): ntfy: ERROR: Failed to open /root/.argos.conf Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/ntfy/config.py", line 32, in load_config config = safe_load(open(expanduser(config_path))) FileNotFoundError: [Errno 2] No such file or directory: '/root/.argos.conf'

Syntax error in modules/wordpress.php

EXCEPTION: syntax error, unexpected ')' [/usr/local/apnscp/lib/modules/wordpress.php:655]
0B. apnscpFunctionInterceptor::autoload("Wordpress_Module")
	[n/a]
1B. spl_autoload_call("Wordpress_Module")
	[n/a]
2B. class_exists("Wordpress_Module")
	[/usr/local/apnscp/lib/apnscpfunction.php:311]
3B. apnscpFunctionInterceptor->instantiate_backend_module("wordpress")
	[/usr/local/apnscp/lib/apnscpfunction.php:290]
4B. apnscpFunctionInterceptor->load_all_backend_modules()
	[/usr/local/apnscp/lib/lservicelib.pht:183]
5B. ListenerServiceCommon->start()
	[/usr/local/apnscp/lib/lservicelib.pht:112]
6B. ListenerServiceCommon->__construct()
	[/usr/local/apnscp/lib/lservicelib.pht:1155]
7B. ListenerServiceCommon::init()
	[/usr/local/apnscp/lib/lservice.php:23]

MODE: CLI

Include spf records when selecting non-built-in email provider

Overview

Email servers are starting to enforce SPF validation and rejecting emails where the spf record for the sender-domain doesn't contain a reference to the domain / ip from where the email originated. When using built-in email server, this isn't an issue since the standard spf entry created by apiscp contains both a and mx reference. However, when using a third party email provider, e.g. GMail, this can be a bit tricky because the a and mx pointers in the SPF don't fully encompass the servers Google might use to route the email. To mitigate this, Google requires that the SPF entry contain include:_spf.google.com in the SPF (https://support.google.com/a/answer/10685031).

Current Behavior
Used Gmail as my email method during domain creation and worked through the panel's spf record creator. This resulted in "v=spf1 a mx -all" as the proposed record because I'm a dummy and didn't realize I needed to also add the _spf.google.com in the inclusion list.

Now, given that there are only a handful of third-party email vendors supported, would be nice if the SPF record wizard / dns setup upon creation added the right inclusion within the SPF record.

I noticed the issue in my spf setup when emails started bouncing. Ran a test through mxtools and received the following results:

image

Adding _spf.google.com in the inclusion list fixed it.

image

Proposed Behavior
When selecting a third party email tool during the domain setup wizard, add the inclusion list SPF record by default.

  • Gmail: _spf.google.com
  • MxRoute: mxroute.com

Benefit of the Proposal
Non-technical users that don't know much about mail routing and use a service like Gmail wouldn't need to manually update the SPF record when upon creation of the domain, it's already specified what email service they'd be using. For hosting providers, this may result in fewer of email delivery related cases.

Mastodon 1-click support

Mastodon is a Node.js & Ruby on Rails social media platform with a large community and user base being mostly hosted in VPS environments. If it's possible to add I think it would be a really great addition, especially as a more unique offering.

Installation

Bootstrap task failure yum postgresql11

Hey.
Testing bootstrapping, getting yum failures. Relevant message:

TASK [packages/install : Install packages] ****************************************************************************************************************************
FAILED - RETRYING: Install packages (3 retries left).
FAILED - RETRYING: Install packages (2 retries left).
FAILED - RETRYING: Install packages (1 retries left).
fatal: [localhost]: FAILED! => changed=false 
  attempts: 3
  msg: |-
    warning: /var/cache/yum/x86_64/7/pgdg11/packages/postgresql11-libs-11.2-2PGDG.rhel7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 442df0f8: NOKEY
  
  
    GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-11"
  rc: 1

And in that folder:

ls /etc/pki/rpm-gpg/
RPM-GPG-KEY-apnscp-7  RPM-GPG-KEY-CentOS-7  RPM-GPG-KEY-CentOS-Debug-7  RPM-GPG-KEY-CentOS-Testing-7  RPM-GPG-KEY-CLOUDFLARE-2  RPM-GPG-KEY-EPEL-7  RPM-GPG-KEY-PGDG

cPanel Import - database prefix already in use

Ok, so the weird thing about this one is that the prefix is supposed to be automatically generated, right? This account doesnt even have any mysql databases or users either. Here are snippets from the cli and bug report email:

CLI

INFO    : Primary user always granted access to all databases - skipping grant for waglerb on cptmpdb_waglerb_b8qp411rPBrS1Cwj
INFO    : Primary user always granted access to all databases - skipping grant for waglerb on cptmpdb_waglerb_b8qp411rPBrS1Cwj
INFO    : Primary user always granted access to all databases - skipping grant for waglerb on cptmpdb_waglerb_b8qp411rPBrS1Cwj

Bug Report Email

EXCEPTION: database prefix `cptmpdb_' already in use [/usr/local/apnscp/lib/error_reporter.php:633]
0. Error_Reporter::append_msg("database prefix `cptmpdb_' already in use", 16)
	[/usr/local/apnscp/lib/error_reporter.php:1101]
1. Error_Reporter::merge_buffer([[message:"AddDomain command: /usr/local/apnscp/bin/AddDomain --output=json --plan='basic' -c 'siteinfo,email'='[email protected]' -c 'siteinfo,domain'='waglersite.com' -c 'siteinfo,admin_user'='waglerb' -c 'bandwidth,threshold'='37580963840' -c 'bandwidth,units'='B' -c 'diskquota,quota'='10' -c 'diskquota,units'='G' -c 'aliases,max'='None' -c 'aliases,aliases.10000'='waglerb.com' -c 'mlist,max'='None' -c 'mysql,dbasenum'='None' -c 'mysql,dbaseadmin'='waglerb' -c 'mysql,dbaseprefix'='cptmpdb_' -c 'apache,subnum'='None' -c 'billing,ctime'='1161644001' -c 'auth,cpasswd'='#########' -c 'ssh,enabled'='0' -c 'crontab,permit'='0' -c 'crontab,enabled'='0' -c 'mail,provider'='builtin'", severity:4, caller:"Error_Reporter::add_info", bt:null], [[message:"database prefix `cptmpdb_' already in use", severity:16, caller:"Error_Reporter::merge_buffer
", bt:null], []]])
	[/usr/local/apnscp/lib/datastream.php:302]
2. DataStream->unpack("")
	[/usr/local/apnscp/lib/datastream.php:253]
3. DataStream->writeSocket(<binary>)
	[/usr/local/apnscp/lib/datastream.php:385]

Installation Issues on CentOS 8 with or Without Config Utility

First Issue:

`RUNNING HANDLER [filesystem/make-mounts : Restart polkitd] *********************
fatal: [localhost]: FAILED! => changed=false
msg: 'Could not find the requested service polkit: host'

RUNNING HANDLER [filesystem/swap : Reload sysctl] ******************************

NO MORE HOSTS LEFT *************************************************************

PLAY RECAP *********************************************************************
localhost : ok=58 changed=26 unreachable=0 failed=1 skipped=42 rescued=0 ignored=0

ERR: Stage 2 bootstrap failed
Run 'cd /usr/local/apnscp/resources/playbooks && env ANSIBLE_LOG_PATH=/root/apnscp-bootstrapper.log BOOTSTRAP_SH=/root/resume_apnscp_setup.sh ansible-playbook -l localhost -c local bootstrap.yml' to resume
Installation failed`

After running cd /usr/local/apnscp/resources/playbooks && env ANSIBLE_LOG_PATH=/root/apnscp-bootstrapper.log BOOTSTRAP_SH=/root/resume_apnscp_setup.sh ansible-playbook -l localhost -c local bootstrap.yml

TASK [apnscp/assert-admin-works : Start apnscp] ************************************************************************************
fatal: [localhost]: FAILED! => changed=false
msg: |-
Unable to start service apnscp: Job for apnscp.service failed because a timeout was exceeded.
See "systemctl status apnscp.service" and "journalctl -xe" for details.

PLAY RECAP *************************************************************************************************************************
localhost : ok=737 changed=254 unreachable=0 failed=1 skipped=219 rescued=1 ignored=11

No package MariaDB-devel available on CentOS 8

When setup with curl https://raw.githubusercontent.com/apisnetworks/apnscp-bootstrapper/master/bootstrap.sh | bash -s - -s has_low_memory=true -s use_robust_dns='true' -s dns_default_provider='powerdns' -s ftp_enabled='false' -s mail_enabled='false'

On CentOS 8, this error is droped.

fatal: [localhost]: FAILED! => {"attempts": 1, "changed": false, "failures": ["No package MariaDB-devel available.", "No package MariaDB-server available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

The bug is reported in https://jira.mariadb.org/browse/MDEV-20673

This is fixed changing the mariadb repo file to this:
[mariadb]
name = MariaDB Server
baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.4/yum/rhel/$releasever/$basearch
gpgkey = file:///etc/pki/rpm-gpg/MariaDB-Server-GPG-KEY
gpgcheck = 1
enabled = 1
module_hotfixes = 1

Feature Request: 2 Factor on launchpad with lockout on other services

I understand it's impossible to put 2 factor login over every service individually.
But certainly a good boost to my security would be a feature along the lines of:

  • 2 factor on launchpad
  • an optional lockout on other services (eg FTP, SSH) that's only unlocked by a successful 2 factor login.
  • the lockout is selectable per service.
  • Time window for unlock is selectable eg default 2 hrs but can be set to 12 for letting an FTP job run over night.
  • Multiuser would be great but I'd happily take it on admin only.
  • If you did do multiuser could use that to solve problems where you need automated access to services. Eg Create a new user that doesn't use 2 factor but only has read only rights to needed files. This login could be used by a regular FTP backup service.
  • If you want to get really fancy could have a learning mode like fortification, where for a short period you go into 'full access' mode. Start your FTP connection. After that launchpad get shows you the IPs that accessed in full mode and you can select the ones to whitelist for the longer running 'limited mode'.
  • 2 factor reset would be via email so (as per now) admin email is still the keys to the castle. 2 factor was never a silver bullet but a boost non the less.

Cloudflare DNS proxy status not maintained on edit

There seems to be a bug in the DNS implementation using Cloudflare as the DNS provider. If you have "proxy: true" set in the global default, creating new records will successfully enable the proxy status (orange cloud) in Cloudflare for this record. However, if you then edit an entry, which exists on both ApisCP and Cloudflare (as it should), the proxy status is disabled on Cloudflare with no warning in ApisCP.

The only way to re-enable it is to either (a) delete the record in ApisCP, add it again (pretend its a new record); or (b) log in to Cloudflare, and then re-enable proxy on each record individually.

This may be a limitation with the API, or something that has been addressed before, but I've discovered this just now when mass-updating DNS records to change the IP from an old server to current one... and then found I need to go into Cloudflare and modify each row again after making the IP change in ApisCP. Probably would have been faster to do all updates from Cloudflare in the first place...?

Is there any way to have ApisCP check the status, on update/edit, and maintain the current status at Cloudflare's end? Or, even better, allow management of the proxy status for each record within ApisCP?

Cheers all.

Dns_Module#getRecordId has infinite recursion on simple (non-weighted) records

I am using the AWS Route 53 DNS provider and I encountered the problem that changes in the DNS manager would never complete and instead eventually get the frontend process killed with >200MB memory usage.

Investigation showed that this comes from an infinite recursion here:

https://gitlab.com/apisnetworks/apnscp/-/blob/master/lib/Module/Support/Dns.php#L117

If a record exists but is a simple record, i.e. not weighted and therefore without record ID, getRecordId will find the record but it won't have a record ID, and if $id === null then at the end getRecordId will call itself again with the same argument (return $this->getRecordId($r);), resulting in infinite recursion.

How to reproduce:

  • Configure AWS provider
  • Create a hosted zone in AWS Route 53
  • Create a record in Route 53, for example a TXT record for _test with content "ABC" (use default routing policy "simple", not "weighted")
  • Attempt to change the value of the record from ABC to XYZ in ApisCP and observe the bug happening

...and then:

  • Update the record in Route 53, changing routing policy to "weighted", setting weight 100 and adding some random record ID there
  • Attempt to change the value of the record in ApisCP again and observe the bug no longer happening

Add pull support to migration

Migrations presently push accounts to a new server. This works well when the initiator has root on the target server. When the initiator does not have root and needs to pull from a system, e.g. transferring from a cPanel-based provider, a pull is necessary to provision the account and fetch data off the losing server.

Proposed switch is --pull:

# Create domain example.com on server Atlas
scripts/transferserver -s atlas example.com
# Create domain example.com on this server, pull data from Atlas
scripts/transferserver --pull -s atlas example.com

Global preferences

A superset of preferences that optionally override any user-specific preferences with an inheritable set. Globals come in two forms, default and enforced.

DEFAULT -> ADMIN -> ENFORCED -> USER A
                             |-> USER B
                             `-> USER C

Globals allow an enforceable webhook platform as well as password policy for subordinates. Looking forward, an API entry ACL as well as 2FA confirmation from subordinates.

Snapshot not working

Hi,

When i click on Snapshot, it says Action succeeded, but it doesn't do anything. it just refreshes page. It still shows Enable Snapshot.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.