SYSTEM INFORMATION
OS type and version
Ubuntu 22.04 Azure VM
We are currently in the process of trying to installl virtualmin running under a Ubuntu 22.04 Pro Azure instance.
We are also using Ubuntu’s Security Tools and MS Defender, which we configured in our vm before running the vmin install script.
I had trouble with getting the vmin pro install.sh script to run at first as it was saying the vmin package repo wasn’t signed. I managed to fix that by running:
sh ./install.sh -s
chmod 644 /usr/share/keyrings/*
apt update
Virtualmin then installed without errors. Straight after installation, I decided to reboot the Ubuntu/vmin VM but it never came back up. Well, apparently it is running according to Azure but we have been unable to ssh into the vm using Azures bastion ssh portal connection option after rebooting.
We’ve had this happen twice now. After installing vmin, and rebooting, Azure’s bastion ssh connection no longer lets us login to the vm.
Any ideas why this might be happening? Are virtualmin’s firewall settings blocking Azure bastion ssh?
Thanks
1 Like
Ilia
October 3, 2024, 4:04pm
2
Thanks for the heads up!
What was the output of ls -lsa /usr/share/keyrings before running this command?
I posted that in the comments to the github ticket:
opened 02:44PM - 01 Oct 24 UTC
We've had to start over with our virtualmin server but I've not been able to get… it the latest vmin pro install.sh script to install any packages under Ubuntu 22.04 running in an Azure VM.
As per the vmin download page instructions, I'm trying to install it using the install.sh I downloaded from https://www.virtualmin.com/account/ when signed in.
Apparently `./install -s` should fix the repos but that gives me errors.
```
# sh ./install.sh -s
[INFO] Log will be written to: /home/danielm/virtualmin-install.log
[INFO] Started Virtualmin 7 Professional software repositories setup
▣ Phase 1 of 1: Setup
Downloading Virtualmin 7 key ✔
Installing Virtualmin 7 key ✔
Downloading repository metadata [ERROR] Failed with error: 100
✘
[ERROR] Something went wrong. Exiting.
[ERROR] The last few log entries were:
Err:6 https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3E570892B9A0B8B7
Hit:12 https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Get:13 https://download.webmin.com/download/newkey/repository stable Release [18.3 kB]
Get:14 https://download.webmin.com/download/newkey/repository stable Release.gpg [819 B]
Ign:14 https://download.webmin.com/download/newkey/repository stable Release.gpg
Reading package lists...
W: https://packages.microsoft.com/ubuntu/22.04/prod/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for d
etails.
W: GPG error: https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3E570892B9A0
B8B7
E: The repository 'https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease' is not signed.
W: GPG error: https://download.webmin.com/download/newkey/repository stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2D223B91
8916F2A2
E: The repository 'https://download.webmin.com/download/newkey/repository stable Release' is not signed.
Downloading repository metadata: [2024-10-01 15:38:39 BST] [ERROR] Failed with error: 100
[2024-10-01 15:38:39 BST] [ERROR] Something went wrong. Exiting.
[2024-10-01 15:38:39 BST] [ERROR] The last few log entries were:
```
```
# cat virtualmin-install.log
Checking for HTTP client .. found /usr/bin/wget -nv
2024-10-01 15:38:33 URL:https://software.virtualmin.com/lib/slib.sh [24222/24222] -> "slib.sh" [1]
[2024-10-01 15:38:33 BST] [INFO] Log will be written to: /home/danielm/virtualmin-install.log
[2024-10-01 15:38:33 BST] [DEBUG] LOG_ERRORS_FATAL=1
[2024-10-01 15:38:33 BST] [DEBUG] LOG_LEVEL_STDOUT=INFO
[2024-10-01 15:38:33 BST] [DEBUG] LOG_LEVEL_LOG=DEBUG
Checking for Perl .... found Perl at /usr/bin/perl
Checking for HTTP client .. found /usr/bin/wget -nv
Checking for GPG .. found GPG command
[2024-10-01 15:38:33 BST] [INFO] Started Virtualmin 7 Professional software repositories setup
[2024-10-01 15:38:33 BST] [DEBUG] Install mode: setup
[2024-10-01 15:38:33 BST] [DEBUG] Product: Virtualmin Professional
[2024-10-01 15:38:33 BST] [DEBUG] virtualmin-install.sh version: 7.4.0
[2024-10-01 15:38:33 BST] [DEBUG] Installing serial number and license key into /etc/virtualmin-license
[2024-10-01 15:38:33 BST] [DEBUG] Operating system name: Ubuntu
[2024-10-01 15:38:33 BST] [DEBUG] Operating system version: 22.04
[2024-10-01 15:38:33 BST] [DEBUG] Operating system type: ubuntu
[2024-10-01 15:38:33 BST] [DEBUG] Operating system major: 22
[2024-10-01 15:38:33 BST] [DEBUG] Configuring package manager for Ubuntu 22.04 ..
[2024-10-01 15:38:33 BST] [DEBUG] apt-get repos: virtualmin
[2024-10-01 15:38:33 BST] [DEBUG] Installing Webmin and Virtualmin package signing keys ..
Spin pid is: 226324
2024-10-01 15:38:33 URL:https://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-7 [3212/3212] -> "RPM-GPG-KEY-virtualmin-7" [1]
Downloading Virtualmin 7 key: Success.
Spin pid is: 226349
gpg: key 3E570892B9A0B8B7: "Virtualmin, Inc. (Package signing key for Virtualmin 7) <security@virtualmin.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Installing Virtualmin 7 key: Success.
Spin pid is: 226379
Hit:1 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
Hit:3 http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:5 http://azure.archive.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease [10.7 kB]
Hit:7 https://esm.ubuntu.com/cis/ubuntu jammy InRelease
Hit:8 https://esm.ubuntu.com/apps/ubuntu jammy-apps-security InRelease
Hit:9 https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates InRelease
Hit:10 https://esm.ubuntu.com/infra/ubuntu jammy-infra-security InRelease
Ign:11 https://download.webmin.com/download/newkey/repository stable InRelease
Err:6 https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3E570892B9A0B8B7
Hit:12 https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Get:13 https://download.webmin.com/download/newkey/repository stable Release [18.3 kB]
Get:14 https://download.webmin.com/download/newkey/repository stable Release.gpg [819 B]
Ign:14 https://download.webmin.com/download/newkey/repository stable Release.gpg
Reading package lists...
W: https://packages.microsoft.com/ubuntu/22.04/prod/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for d
etails.
W: GPG error: https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3E570892B9A0
B8B7
E: The repository 'https://software.virtualmin.com/vm/7/pro/apt virtualmin InRelease' is not signed.
W: GPG error: https://download.webmin.com/download/newkey/repository stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2D223B91
8916F2A2
E: The repository 'https://download.webmin.com/download/newkey/repository stable Release' is not signed.
Downloading repository metadata: [2024-10-01 15:38:39 BST] [ERROR] Failed with error: 100
[2024-10-01 15:38:39 BST] [ERROR] Something went wrong. Exiting.
[2024-10-01 15:38:39 BST] [ERROR] The last few log entries were:
```
I can provide any other logs you require.
Hopefully we won't have to install Ubuntu 20.04 and then upgrade from there, it is out of support in a few months so thats only a temp workaround.
I have tried running
```
sudo apt clean
sudo apt update
```
After running the `install.sh -s` but that doesn't help.
Is the vmin apt repo signed in a way that is friendly with Ubuntu 22.04 and later? It seems they changed the way apt deals with gpg keys in Ubuntu 22.04, apt-key is deprecated. I have read a number of reports of people who can install vmin under Ubuntu 20.04 and then update it to Ubuntu 22 or Ubuntu 24 but cannot get it to install under 22.04 and I can't help but think its this:
https://sites.google.com/site/installationubuntu/home/ubuntu-22-04/apt-key-is-deprecated
I didn’t mention our bastion SSH issue as part of that issue.
I must admit I don’t fully understand how Azures bastion ssh works. Apparently it works without having to install additional software in your Azure VM but I don’t know if it uses a different port to normal ssh?
Does the current vmin pro install script change any network config or add any firewall rules?
I haven’t been able to use regular ssh in setting up this VM until now because I awaiting the required VPN access so I dependent on using Azures bastion ssh until then and it stops working after the first reboot after installing vmin.
Joe
October 4, 2024, 7:37am
4
It does not alter network configuration, but it does add a firewall. It installs firewalld, closes it by default, and opens the ports you would expect a virtual hosting system to have open, including ssh.
If you figure out how bastion ssh works (I’ve never heard of it), let us know and I can make sure we don’t interfere with it. I don’t like weird stuff (ssh should live on port 22, by default), but if their weird way is documented, we can work with it.
Its prob the same as my previous post on gh about but the permissions of my keychain files AFTER running install.sh -s but BEFORE running chmod are:
root@poseidon:/home/danielm# ls -lsa /usr/share/keyrings
total 84
4 drwxr-xr-x 2 root root 4096 Oct 4 10:16 .
4 drwxr-xr-x 122 root root 4096 Oct 1 12:01 ..
4 -rw-r----- 1 root root 641 Sep 25 15:16 microsoft-prod.gpg
8 -rw-r--r-- 1 root root 7399 Sep 18 2018 ubuntu-archive-keyring.gpg
8 -rw-r--r-- 1 root root 6713 Oct 27 2016 ubuntu-archive-removed-keys.gpg
4 -rw-r--r-- 1 root root 3023 Mar 26 2021 ubuntu-cloudimage-keyring.gpg
0 -rw-r--r-- 1 root root 0 Jan 17 2018 ubuntu-cloudimage-removed-keys.gpg
4 -rw-r--r-- 1 root root 1227 May 27 2010 ubuntu-master-keyring.gpg
4 -rw-r--r-- 1 root root 1150 Aug 8 15:00 ubuntu-pro-anbox-cloud.gpg
4 -rw-r--r-- 1 root root 2247 Aug 8 15:00 ubuntu-pro-cc-eal.gpg
4 -rw-r--r-- 1 root root 2274 Aug 8 15:00 ubuntu-pro-cis.gpg
4 -rw-r--r-- 1 root root 2236 Aug 8 15:00 ubuntu-pro-esm-apps.gpg
4 -rw-r--r-- 1 root root 2264 Aug 8 15:00 ubuntu-pro-esm-infra.gpg
4 -rw-r--r-- 1 root root 2275 Aug 8 15:00 ubuntu-pro-fips-preview.gpg
4 -rw-r--r-- 1 root root 2275 Aug 8 15:00 ubuntu-pro-fips.gpg
4 -rw-r--r-- 1 root root 2250 Aug 8 15:00 ubuntu-pro-realtime-kernel.gpg
4 -rw-r--r-- 1 root root 2235 Aug 8 15:00 ubuntu-pro-ros.gpg
4 -rw-r----- 1 root root 2313 Oct 4 10:16 ubuntu-virtualmin-7.gpg
4 -rw-r----- 1 root root 2261 Oct 1 14:02 ubuntu-webmin-developers.gpg
4 -rw-r----- 1 root root 891 Oct 1 15:05 webmin.gpg
Ilia
October 4, 2024, 9:59am
6
Joe:
It installs firewalld, closes it by default, and opens the ports you would expect a virtual hosting system to have open, including ssh.
It also uninstalls pre-installed ufw, which could potentially interfere with any custom pre-configurations made earlier (for ufw).
I’m new to Azures bastion SSH but as far as I can tell it still uses port 22. If I find a good source of info on it I’ll let you know.
I don’t have all the details unfortunately but I do know that it was the fstab mount options for the btrfs /home partition that was causing our vmin VM not to boot which is why bastion ssh wasn’t working. Apparently our VM didn’t like the quota option the vmin install script added in.
1 Like
Joe
October 4, 2024, 4:37pm
9
Oh, that’s completely unrelated to ssh. And, yeah, if the system won’t boot after adding quotas to the /home filesystem boot options, obviously that’s a problem.
I thought we only added the quota options for filesystems we know about. I’ll have to check…
1 Like
Joe
October 4, 2024, 4:42pm
10
This is the code where quotas get dealt with during installation, and I would assume on a quick scan that it wouldn’t make changes for btrfs, but if you’'re seeing it change, I guess Webmin doesn’t know it doesn’t know how to work with btrfs quotas (which are different).
package Virtualmin::Config::Plugin::Quotas;
use strict;
use warnings;
no warnings qw(once);
use parent 'Virtualmin::Config::Plugin';
$| = 1;
our $config_directory;
our (%gconfig, %miniserv);
our $trust_unknown_referers = 1;
sub new {
my ($class, %args) = @_;
# inherit from Plugin
my $self = $class->SUPER::new(name => 'Quotas', %args);
return $self;
}
show original
1 Like
Ilia
October 4, 2024, 9:20pm
11
Thanks for clearing this up!
I’m on it now, testing with Ubuntu 22.04 and Btrfs…
1 Like
Ilia
October 4, 2024, 10:44pm
12
@danboid Thanks for the heads up! The bug is actually nasty!
@Joe , alright, here is the fix to support Btrfs quotas at install time without breaking anything!
Yet, it still won’t work properly. @Jamie , could you check the Virtualmin code to ensure it handles Btrfs quota systems correctly?
1 Like
system
December 3, 2024, 10:45pm
13
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.