I have two networks interconnected by wireguard, the network is working normally, I can even access shared folders, SMB, NFS and Windows folders working. I can ping any host on both subnets. I'm creating an ispconfig server with a slave, each on a subnet. I install the first one in expert mode, everything is ok I install the second one including it as a slave to the first one, it also installs normally. But when I go to admin, and create the firewall rules, it creates them on the Master, but not on the slave. On the slave it doesn't even enable UFW. Stay with this message forever: To test, on the slave, I did php -q update.php, and then I received the following error message: Code: Checking MariaDB version 10.11.4 .. OK PHP Warning: mysqli_connect(): (HY000/1045): Access denied for user 'ispcsrv2'@'192.168.1.112' (using password: YES) in /tmp/ispconfig3_install/install/lib/mysql.lib.php on line 112 PHP Fatal error: Uncaught TypeError: mysqli_query(): Argument #1 ($mysql) must be of type mysqli, bool given in /tmp/ispconfig3_install/install/lib/mysql.lib.php:113 Stack trace: #0 /tmp/ispconfig3_install/install/lib/mysql.lib.php(113): mysqli_query() #1 /tmp/ispconfig3_install/install/update.php(287): db->setDBName() #2 {main} thrown in /tmp/ispconfig3_install/install/lib/mysql.lib.php on line 113 root@isp2:/tmp/ispconfig3_install/install#
My guess is user 'ispcsrv2'@'192.168.1.112' does not have account on master database. Did you install using ISPConfig auto installer? If you installed manually, verify what database user accounts you created during install. By the way, which ISPConfig installation manual did you follow? Also by the way: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
A common reason for such an issue are wrong settings in /etc/hosts. Ensure that the master and slave hostname is listed in /etc/hosts on both servers and that they use the internal IP that you want to use for this connection. After you fixed that, run an ISPConfig update on the slave node and choose to reconfigure services in master database.
I researched and read a lot before starting this installation. I followed a mix of these installations: I already have an infrastructure working at the moment on SiteA and SiteB running with Sentora. But due to slow development, small community and versions of old resources, such as PHP, I decided to switch to ISPConfig. The slave server today only serves the secondary DNS. With ISPConfig, initially, I will keep it that way too, the slave only for secondary DNS. I've already installed ISPConfig about 10 times, both on the master and the slave, just to learn how everything works, because as I'm the only one doing maintenance, I need to know what to do if there's a problem. First I did a simple installation, both machines, master and slave working on the same network, everything works normally. So I simulated a local installation, but on different networks, master at 192.168.1.0/24 and slave running at 192.168.0.0/24, separated only by a simple router but with all the routes configured correctly. Then I took the slave server to SiteB, and redid the entire installation on both the master and the slave, they finished the installations very well, without problems, but any changes I try to make through the manager regarding the slave server are not passed on to he. My network today is working as follows:
See post #3 in regard to hosts files. The system must be able to resolve the hostnames of the nodes to the same IP on both nodes. If both nodes resolve hostnames to a different IP, then MySQL will reject the login. So this is not an ISPConfig, issue, it's a MySQL login issue caused by different name / IP resolving on the nodes..
This could really be it, I put the external IP and internet in /etc/hosts. So should I only put the Internal IPs on both machines? Today it's like that in both: Code: 127.0.0.1 localhost.localdomain localhost 192.168.0.121 isp2.slave.com isp2 2xx.xxx.xxx.xx isp2.slave.com isp2 192.168.1.111 isp1.master.com isp1 2xx.xxx.xxx.xx isp1.master.com isp1 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters they should look like this: Code: 127.0.0.1 localhost.localdomain localhost 192.168.0.121 isp2.slave.com isp2 192.168.1.111 isp1.master.com isp1 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
You must use the IP in /etc/hosts that you want the system to use for the connection. When the system gets installed on a slave, then the installer does a lookup for the hostname of the slave and then adds a mysql ispcsrv* user in master mysql server for the hostname and also for the Ip that was the result of the lookup, to allow the slave later to connect by IP and hostname. Now, if the slave connects later but mysql on master thinks that the connect comes from a different IP, then login gets rejected. that#s why it is important that master and slave agree on which IP is which hostname and that the connect in the end must come from that IP when slave connects to master.
I understand Till, and Thank you very much for now. I will redo the 2 servers from scratch, but now only use the internal IP. I'll ask again if anything And a great end of years for you and Taleman I can't edit the post above and the links to the installations I followed are missing: https://www.howtoforge.com/perfect-server-debian-12-buster-apache-bind-dovecot-ispconfig-3-2/ https://www.howtoforge.com/how-to-r...-secondary-with-ispconfig-3-debian-squeeze-p2 https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/313#note_54975
There is no need to do that. As I mentioned in #3, all you have to do is to run an ispconfig update on the slave server after correcting the hosts files.
That#s the hard way to do it The easy way is to use the auto-installer: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ 1) Install master as normal single server. 2) Add root mysql user with the capability to login from slave node. 3) Install slave node in interactive mode, this allows you to choose to connect to master during installation. And in regard to commandline options of the auto installer, choose what suits your needs for the nodes.
I quickly redid the installation on both hosts here. Master host, everything ok. Slave host stops communicating with MariaDB: Code: MySQL master server hostname []: isp1.reloaded.com.br MySQL master server port [3306]: MySQL master server root username [root]: MySQL master server root password []: XXXXXXXXXXXXXXXXX MySQL master server database name [dbispconfig]: Unable to connect to mysql server Host '192.168.1.112' is not allowed to connect to this MariaDB server MySQL master server hostname []: I am using WireGuard as a VPN, the 2 Wireguard hosts are using the following rules for full communication between the two Sites: Code: sysctl -w net.ipv4.ip_forward=1 ufw route allow in on wg0 out on enX0 iptables -t nat -A POSTROUTING -o enX0 -j MASQUERADE See that the IP it complains about is the IP of the WireGuard Host on the Site where the ispconfig Master host is. So by this logic, I should create access to MariaDB in the master as follows: Code: CREATE USER 'root'@'192.168.1.112' IDENTIFIED BY 'PASS'; GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.1.112' IDENTIFIED BY 'PASS' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; Instead of the internal IP of the slave host which is 192.168.0.121?
I added the user and permission: Code: CREATE USER 'root'@'192.168.1.112' IDENTIFIED BY 'PASS'; GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.1.112' IDENTIFIED BY 'PASS' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; This way I can finish installing the slave server, in the web manager, when I do anything related to the server, the changes are pending again: Code: The following changes are not yet populated to all servers: Create new firewall rule: 1 I looked in the LOG and saw the error: Code: 2023-11-20T18:17:11.886358-03:00 isp1 mariadbd[58540]: 2023-11-20 18:17:11 3110 [Warning] Access denied for user 'ispcsrv2'@'192.168.1.112' (using password: YES) From what I looked at in phpmyadmin, this user's password is different, so I can't add this user to mariadb. Another question, is there a database on the slave server, if so, does the master record something there? I don't think so, but just to make it clear to me.
You can find all passwords (the one for localhost and the one for the remote connection to the master server) in cleartext in the ISPConfig configuration file /usr/local/ispconfig/server/lib/config.inc.php
For the record in case anyone has a similar case, I managed to solve the problem. It wasn't a problem with the wrong configuration or installation of ISPConfig, but rather with my VPN connection: What happens is that ISPConfig needs direct access to MariaDB through the IPs and Hostnames, which were configured in the Master installation, and as a result, there cannot be NAT or Masquerade in the VPN connection, because with NAT and Masquerade the request IP it will be that of the VPN server, and not the real one of the slave Host. It is possible to resolve this in two ways: Code: The first and more complicated one is adding a bunch of Rules/IPtables, and new user permissions, to the Master Server. Code: The second and simplest is to remove NAT and Masquerade from your VPN connection. I managed to make it work both ways, but I chose to stick with the second one, for its simplicity and ease of maintenance, and besides, I won't need to change anything non-standard on the ISPConfig servers. And once again, THANK YOU SO MUCH to till and Talema.
