Issue
cldiag --all Errors.
Solution
1- Check service `lvestats` is present
Check service `lvestats` is present, enabled and active: FAILED: Service is not active. The server can't collect and send statistics to Centralized Monitoring if service lvestats isn't present, enabled and active. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue. Command for disabling this cron checker: "cldiag --disable-cron-checkers check-lvestats-service"
Could you please restart the node_exporter
service running the below:
service cl_node_exporter restart
service lvestats start
You may disable the cron checker using:
cldiag --disable-cron-checkers check-lvestats-service
-------------------------------------------------------------------------------------------------------------
2- Check existing JWT token:
Check existing JWT token:
FAILED: JWT token expired. Please check for JWT token in path "/etc/sysconfig/rhn/jwt.token". Try running "rhn_check" for getting a new token if it is absent. Server can't collect and send statistics to Centralized Monitoring if you don't have a correct JWT token. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-jwt-token"
a- CL Shared Pro
Check if there is a valid CloudLinux OS Shared Pro license:
# /opt/alt/python37/bin/python3 -c "from clcommon.lib.jwt_token import jwt_token_check; print(jwt_token_check())"
# cldiag --check-jwt-token
- If the result is negative, disable the cron checker with the following command:
cldiag --disable-cron-checkers check-jwt-token
- If the result is positive, run the following command to update the license status:
rhn_check
b- CL Shared (NOT SHARED PRO)
In the CloudLinux OS Shared edition, the JWT token issue can be ignored.
Check if there is a valid CloudLinux OS Shared Pro license:
# /opt/alt/python37/bin/python3 -c "from clcommon.lib.jwt_token import jwt_token_check; print(jwt_token_check())"
# cldiag --check-jwt-token
- If the result is negative, disable the cron checker with the following command:
cldiag --disable-cron-checkers check-jwt-token
- If the result is positive, run the following command to update the license status:
rhn_check
c- Server has an IP license
If perform rhn_check or /usr/sbin/clnreg_ks --force
For some seconds, everything is getting better:
-
cldiag --check-cm-all returns output without errors
-
cloudlinux-summary get-remote --json also works as expected
but after 2-3 seconds everything breaks
So, the solution:
/scripts/upcp --force
d- The root cause of this error was a faulty DNS service:
# service named status
Redirecting to /bin/systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/named.service.d
└─cpanel.conf
Active: failed (Result: exit-code) since Tue 2024-03-05 13:07:13 AEDT; 4s ago
Process: 1614603 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, s>
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone ibrc.com.au/IN: loaded serial 2024011117
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone rcvrme.com.au/IN: loaded serial 2024012905
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone sakpainting.com.au/IN: loaded serial 2024021009
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone tuffwash.com.au/IN: loaded serial 2024020916
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone absoluteorganic.digitaljunction.com.au/IN: loaded serial 2024021505
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone crm8.alna.net.au/IN: loaded serial 2024022103
Mar 05 13:07:13 cp-10-syd2.inodecluster.com bash[1614604]: zone chatswoodpublicpandc.digitaljunction.com.au/IN: loaded serial 2024030405
Mar 05 13:07:13 cp-10-syd2.inodecluster.com systemd[1]: named.service: Control process exited, code=exited status=1
Mar 05 13:07:13 cp-10-syd2.inodecluster.com systemd[1]: named.service: Failed with result 'exit-code'.
Mar 05 13:07:13 cp-10-syd2.inodecluster.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
This issue is not related to CloudLinux or its components. You need to contact your service provider for the correct DNS servers information.
-------------------------------------------------------------------------------------------------------------
3- Invalid LVE limits on server
Check the validity of LVE limits on server: FAILED: Invalid LVE limits on server. See doc: https://docs.cloudlinux.com/lve-limits-validation.html NPROC limit must be greater than EP + 15 limit, because number of processes and threads within LVE includes also Apache processes/threads, SSH sessions and etc, which enter into LVE. User(s): 10267 (Both validated limits (EP, NPROC) inheritance from different sources: package and global), 10250 (Both validated limits (EP, NPROC) inheritance from different sources: package and global), 10320 (Both validated limits (EP, NPROC) inheritance from different sources: package and global), 10460 (Both validated limits (EP, NPROC) inheritance from different sources: package and global), 10253 (Both validated limits (EP, NPROC) inheritance from different sources: package and global) Package(s): Unlimited (NPROC is inherited from Hoster)
The automatic validation using cldiag utility by cron job is enabled on a server by default.
You have users 10267 10250 10320 10460 10253
with incorrect values EP=100 NPROC=100. Please fix your limits following that NPROC limit must be greater than EP + 15 limit.
Please use "lvectl" command line utility:
https://docs.cloudlinux.com/index.html?lvectl.html
For example :
lvectl set 10267 --nproc=115
or
lvectl set 10267 --ep=85
Also please pay attention on these articles:
https://docs.cloudlinux.com/lve-limits-validation.html
https://cloudlinux.zendesk.com/hc/en-us/articles/115004516985-EP-and-NPROC-limits-a-look-from-inside
-------------------------------------------------------------------------------------------------------------
4- Check cagefs mount points exists: FAILED: There are missing mount points
Check cagefs mount points exists: FAILED: There are missing mount points: ['/usr/local/psa/admin/plib/modules/site-import/backend/lib/python/parallels/core/extras/ftp-migrator', '/usr/local/psa/admin/plib/modules/site-import/backend/lib/python/parallels/core/extras/web-stream-downloader', '/usr/local/psa/admin/plib/modules/site-import/backend/lib/python/parallels/core/extras/cacert']Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cagefs-mount-points-exist"
1. Remove (or comment out) the mentioned mount point from /etc/cagefs/cagefs.mp
2. Then update and remount CageFS:
cagefsctl --force-update && cagefsctl -M
3. Run cldiag --all command to check if the problem persists.
You can disable this checker using the following command:
cldiag --disable-cron-checkers check-cagefs-mount-points-exist
-------------------------------------------------------------------------------------------------------------
5- Checking if /var/cagefs is located on partition with disk quota enabled
Checking if /var/cagefs is located on partition with disk quota enabled:
FAILED: Details: /var/cagefs located on partition with quota disabled.
Please, activate quota for /var/cagefs for better security.
See details: https://docs.cloudlinux.com/cloudlinux_os_components/#installation-and-update-2
Command for disabling this cron checker: "cldiag --disable-cron-checkers check_cagefs_partition_disk_quota"
The message implies that the /var/cagefs directory is located on a partition without quotas configured. If you wish to enable them, you may follow these guides for cPanel servers:
How to enable quotas
How to enable quotas from WHM for servers using the XFS filesystem (in case your server is using XFS)
Enabling quota for XFS filesystem:
How to Enable Disk Quotas on an XFS File System
Enabling quota for ext4 filesystem:
Chapter 22. Limiting storage space usage on ext4 with quotas
And for Plesk:
https://www.plesk.com/kb/support/how-to-set-hard-quota-on-disk-space-for-subscriptions-in-plesk/
On another note, enabling quotas on /var/cagefs is not critical for server operation, and if you continue receiving the alert even when quotas are enabled, you may simply disable this cron checker with the following command:
# cldiag --disable-cron-checkers check_cagefs_partition_disk_quota
Please use the following command to check if the quota was disabled:
# quotaon -p /
group quota on / (/dev/mapper/S58-root) is off
user quota on / (/dev/mapper/S58-root) is off
Then checked the quotas on partition:
# quotacheck -cmug /
#
An empty answer means that the quota is disabled.
Enable quota and check:
# quotaon -vug /
/dev/mapper/S58-root [/]: user quotas turned on
# quotaon -p /
group quota on / (/dev/mapper/S58-root) is off
user quota on / (/dev/mapper/S58-root) is on
#
# quotacheck -cmug /
quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file.
Please turn quotas off or use -f to force checking.
root@server58 [~]#
-------------------------------------------------------------------------------------------------------------
6- FAILED: Found some nonexistent user's packages. List of "user: package" separated by semicolon
Regarding the following error:
Check existence of all user's packages:
FAILED: Found some nonexistent user's packages. List of "user: package" separated by semicolon: user1:package1 package; user2:package2 Package. If you want to apply package limits for those users - assign existing packages to them, otherwise limits will be applied incorrectly or not applied at all.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cpanel-packages"
The solution is to assign the users listed in the warning message to packages using the cPanel interface.
In this situation, you will need to reassign any existing packages to these accounts. Note that this must be done from the control panel side. Please modify the users and select existing package. Looks like its old package was removed. Also if user was also removed please check /var/cpanel/users folder and move outside or delete his folder.
These users and packages are:
User : Package
user1 : package1;
user2 : package2
You can also disable this check using the command below:
cldiag --disable-cron-checkers check-cpanel-packages
-------------------------------------------------------------------------------------------------------------
7- Centralized Monitoring errors
Check service `cl_plus_sender` is present, enabled and active:
FAILED: Service is not present. Service is not enabled. Service is not active. The server can't collect and send statistics to Centralized Monitoring if service cl_plus_sender isn't present, enabled and active. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cl-plus-sender-service"
Check service `node_exporter` is present, enabled and active:
FAILED: Service is not present. Service is not enabled. Service is not active. The server can't collect and send statistics to Centralized Monitoring if service node_exporter isn't present, enabled and active. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-node-exporter-service"
Check that the server has the minimal required packages for correct working of Centralized Monitoring:
FAILED: System doesn't have the package "cl-end-server-tools". It's required for Centralized Monitoring feature to work and it usually installed automatically by cron. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cmt-packages"
Relaunch the activation script:
# /usr/share/cloudlinux/cl_plus/manage_clplus enable
-------------------------------------------------------------------------------------------------------------
8- Check service `cl_plus_sender` is present, enabled and active
Check service `cl_plus_sender` is present, enabled and active:
FAILED: Service is not present. Service is not enabled. Service is not active. The server can't collect and send statistics to Centralized Monitoring if service cl_plus_sender isn't present, enabled and active. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cl-plus-sender-service"
Try to restart the service and check its status:
service cl_plus_sender restart
service cl_plus_sender status
If it doesn't help, try to reinstall this package:
yum reinstall cl-end-server-tools
You can check if the problem persists with this command:
cldiag -a
-------------------------------------------------------------------------------------------------------------
9- Check service `node_exporter` is present, enabled and active:
Check service `node_exporter` is present, enabled and active:
FAILED: Service is not present. Service is not enabled. Service is not active. The server can't collect and send statistics to Centralized Monitoring if service node_exporter isn't present, enabled and active. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-node-exporter-service"
Restart the node_exporter service running the below:
service cl_node_exporter restart
service lvestats start
-------------------------------------------------------------------------------------------------------------
10- Check that the server has the minimal required packages for correct working of Centralized Monitoring
Check that the server has the minimal required packages for correct working of Centralized Monitoring:
FAILED: System doesn't have the package "cl-end-server-tools". It's required for Centralized Monitoring feature to work and it usually installed automatically by cron. Link to FAQ and troubleshooting https://docs.cloudlinux.com/cloudlinux-os-plus/#faq-2. Please write to support https://cloudlinux.zendesk.com/ if you can't resolve the issue.
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-cmt-packages"
Relaunch the activation script:
# /usr/share/cloudlinux/cl_plus/manage_clplus enable
-------------------------------------------------------------------------------------------------------------
11- Check user's low PMEM limits
Check user's low PMEM limits:
FAILED: Some user(s) on server has low PMEM LVE limit (lower than 512 MB). See doc: https://docs.cloudlinux.com/limits/#limits-validation
1- check if the kernel is lve kernel
2- The solution is to reinstall the core LVE components:
yum reinstall lvemanager lve-utils cagefs alt-python27-cllib
3- Command for disabling this cron checker:
cldiag --disable-cron-checkers check_low_pmem_limits
-------------------------------------------------------------------------------------------------------------
12- am_lve configuration is not found
Check cagefs users can enter cagefs: FAILED: pam_lve configuration is not found in /etc/pam.d/su config file Command for disabling this cron checker: "cldiag --disable-cron-checkers check-users-can-enter-cagefs"
The warning can be corrected by adding the necessary entries to the "/etc/pam.d/su" file. We can do so by running:
echo "session required pam_lve.so 500 1" >> /etc/pam.d/su
cagefsctl --force-update
You may disable this cron checker:
cldiag --disable-cron-checkers check-users-can-enter-cagefs
-------------------------------------------------------------------------------------------------------------
13- Check fs.enforce_symlinksifowner is correctly enabled in sysctl conf
Check fs.enforce_symlinksifowner is correctly enabled in sysctl conf:
INTERNAL_TEST_ERROR: ValueError("invalid literal for int() with base 10: ''")
check if the kernel is lve kernel
The solution is to reinstall the core LVE components:
yum reinstall lvemanager lve-utils cagefs alt-python27-cllib
-------------------------------------------------------------------------------------------------------------
14- FAILED: Looks like your PHP handler doesn't support CloudLinux PHP Selector
Check compatibility for PHP Selector:
FAILED: Looks like your PHP handler doesn't support CloudLinux PHP Selector and as a result does not work http://docs.cloudlinux.com/index.html?compatiblity_matrix.html [It looks like you use mod_ruid. CloudLinux PHP Selector doesn't work properly with it. How to delete mod_ruid and install mod_suexec in cPanel https://docs.cloudlinux.com/cloudlinux_os_components/#installation-5]
Please, see: https://docs.cloudlinux.com/command-line_tools/#check-phpselector and try to fix issue to have working selector
Could you please check the correct integration of the PHP Selector with the cPanel using the following article:
https://cloudlinux.zendesk.com/hc/en-us/articles/360014084800-PHP-Selector-Integration-with-cPanel
- Make sure that the System PHP Version is set to one of the ea-phpXX ones. Attention: Selecting the alt-phpXX (as a “System PHP Version”) will break the PHP Selector.
- Switch the PHP-FPM to Off; the PHP Selector is not compatible with it. Note: If you have PHP-FPM enabled for existing websites, you need to disable it for them.
- Last but not least, make sure that the domains/accounts (where you'd like to use the PHP Selector) use the Inherited version. You need to do that because MultiPHP Manager has a higher priority than PHP Selector. So, if any other PHP version is set in this menu, it will overwrite the PHP version selected in PHP Selector for that domain.
We see that mod_RUID2 enabled, and mod_SUEXEC is NOT enabled. Could you please run the following commands to resolve these issues:
yum remove ea-apache24-mod_ruid2
yum install ea-apache24-mod_suexec
For more information on how to enable mod_suexec, please refer to the following document:
Installing on cPanel servers with EasyApache 4
-------------------------------------------------------------------------------------------------------------
14- FAILED: Choose one of ea-php versions instead of alt-php in cPanel MultiPHP Manager for PHP Selector to start working.
Check MultiPHP system default php version:
FAILED: Choose one of ea-php versions instead of alt-php in cPanel MultiPHP Manager for PHP Selector to start working.
Seems, it's related to the PHP Selector feature settings on your server. Could you please follow the below article as guidance in order to fix the issue?:
https://cloudlinux.zendesk.com/hc/en-us/articles/360014084800-PHP-Selector-Integration-with-cPanel
Please follow the procedures in:
https://cloudlinux.zendesk.com/hc/en-us/articles/360014084800-PHP-Selector-Integration-with-cPanel
First thing you need to do is to verify that your accounts has PHP-FPM disabled on WHM > MultiPHP Manager page (locally for account and globally on the whole server) because PHP-FPM is incompatible with Cloudlinux components such as stated here:
https://docs.cloudlinux.com/shared/limits/#compatibility-matrix
Second thing - verify that accounts has PHP Version set to "Inherited" on WHM > MultiPHP Manager page such as stated here:
https://docs.cloudlinux.com/php_selector/#cpanel
Please note that PHP Selector does not work when alt-php version is selected as system default in MultiPHP Manager. Only ea-php versions should be selected there.
Third thing - make sure that EasyApache4 profile is installed from Cloudlinux. If you are not sure - just select any from the list available on WHM > EasyApache4 page and provision it.Then: CageFS > Enable All:
# /usr/sbin/cagefsctl --enable-all
-------------------------------------------------------------------------------------------------------------
14- FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid
1. According to the output of this command:
id nobody
change the GID of processes that cannot follow symlink.
2. Edit the /etc/sysctl.conf file, add or edit the line:
fs.symlinkown_gid = XX
3. And execute:
$ sysctl -p
Cause
On standard RPM Apache installation, Apache is usually running under GID 48.
On cPanel servers, Apache is running under user nobody, GID 99.
Most likely, in this case, the fs.symlinkown_gid parameter is defined incorrectly in the /etc/sysctl.conf or not defined at all.
-------------------------------------------------------------------------------------------------------------
Comments
0 comments
Please sign in to leave a comment.