| Version 28 (modified by mburillo@…, 10 months ago) (diff) |
|---|
Essential Zentyal files for troubleshooting and tweaking
Introduction
The objective of the Zentyal GUI is to be an easy, yet powerful interface to perform all our system administration. Even then, is not always possible to do everything for everyone. In this document we are going to study the main configuration files and zentyal CLI commands for those who want to go a little deeper under the hood. Our goal will be the troubleshooting, lower level configuration review to gain better understanding on how Zentyal works and minor tweaks that we will be able to perform editing those files.
Zentyal specific configuration files
Let's start with the files located under /etc/zentyal, listing this directory, we will be able to see a bunch of .conf files
core.conf firewall.conf network.conf ppa.gpg zentyal.conf dns.conf hooks/ openvpn.conf pre-save/ events.conf logs.conf post-save/ users.conf
And also some directories (hooks, post-save, pre-save) related with customs hooks, which will be covered in a different how-to.
If you manually change this files, they won't be overwritten by default since dpkg will use the force-confold option by default (although you can manually replace them with the package maintainer's version if you want.
the basic instructions for the formatting of this .conf are contained at the beginning of the file:
# Everything after a '#' character is ignored # # All whitespace is ignored # # Config keys are set this way: # # key = value # # They may contain comments at the end: # # key = value # this is ignored
Let's review some of these configurations
File: core.conf
redis_port = 6380 # Redis is an in-memory key-value data store for the zentyal configuration (a configuration database to say it roughly), by default the redis server only listens in the loopback interface, here you can change in which port. widget_ignore_updates = yes # If you don't want to see the possible software updates in the Dashboard, you can choose 'no'. desktop_services_enabled = yes desktop_services_port = 6895 # Auto-configuration of desktop clients for the services provided by Zentyal (mail, samba, Jabber, VoIP, ...), is implemented as a webservice which listens on all interfaces (0.0.0.0:6895). The associated service ''Desktop Services'' is allowed by default in the firewall section ''Internal networks to Zentyal''.
File: firewall.conf
iptables_log_limit = 50 # Sometimes the firewall generates a huge amount of information, you can limit the maximum number of packages logged per minute. iptables_log_burst = 10 # You may also want to avoid logging a lot of times the exact same event, this will limit the bursts of identical packets appearing in your logs. iptables_log_drops = yes # Whether or not create logs of the dropped packets. nat_enabled = yes # The default behavior is to NAT the internal networks when redirecting to external, but we may have a router in charge of this, or we may want a different behavior, like different external address assigned to different internal networks.
File: network.conf
ifaces_to_ignore = sit,tun,tap,lo,irda,ppp,virbr,vboxnet,vnet # Types of interfaces that won't be displayed to be configured explicitly by Zentyal on the ''network'' section.
File: users.conf
mk_home = yes # whether to create user homes or not dir_umask = 0077 # default mode for home directory (umask mode) enable_quota = yes # enable quota support slave_time = 5 # number of minutes between master pushes of LDAP changes to its slaves multiple_ous = yes # This option allows you to have more than one organizational unit in the same ldap. This may be used, for example, to have multiple Zarafa domains.
File: zentyal.conf
debug = yes # Whether to enable the DEBUG> logs in ''/var/log/zentyal/zentyal.log'', this file will be commented below in this document. It's a good idea to enable it if we want to perform basic Zentyal troubleshooting. dump_exceptions = yes # Show full stack trace in the Zentyal interface when you hit a bug, also very interesting for diagnosis. override_user_modification = yes # Don't ask when a user modification is found. Override any user change using Zentyal's configuration.
Zentyal output and debugging files
As we did in the first section, let's have a look at the Zentyal log directory /var/log/zentyal:
access-desktop-services.log access.log error.log redis-server.log software.log zentyal.log
Fist of all, as a general tip to reproduce a suspected problem, it's generally a good idea to execute tail -f <logfile> and then hit the Enter key a few times, this way you can see the last log and clearly see the new log lines appearing in real time.
Example:
tail -f zentyal.log 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: cat /var/run/clamav/clamd.pid 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: status 'ebox.bind9' 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: LANG=C /usr/sbin/ejabberdctl status 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: status 'ebox.ntpd' 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: status 'ebox.openvpn.server.vpnserver' 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: status 'ebox.slapd' 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: cat /var/run/heimdal-kdc.pid 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: cat /var/run/kpasswdd.pid 2012/07/11 18:05:10 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: cat /var/run/apache2.pid 2012/07/11 18:06:14 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: status 'ebox.redis' 2012/07/11 18:06:15 INFO> GlobalImpl.pm:551 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: network antivirus dns openvpn firewall 2012/07/11 18:06:15 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: network 2012/07/11 18:06:15 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: set -e /sbin/modprobe 8021q /sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD 2012/07/11 18:06:15 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: cp /var/lib/zentyal/tmp//interfaces /etc/network/interfaces 2012/07/11 18:06:16 DEBUG> Sudo.pm:164 EBox::Sudo::_root - sudo commands: set -e /bin/mv /var/lib/zentyal/tmp/sjtCvBGY6U '/etc/ppp/pap-secrets'
Generic daemon output files
This is a list of logfiles used by all Zentyal modules.
| Module | Path | logrotate upstream |
| zarafa | /var/log/zarafa/dagent.log | yes |
| zarafa | /var/log/zarafa/spooler.log | yes |
| zarafa | /var/log/zarafa/ical.log | yes |
| zarafa | /var/log/zarafa/monitor.log | yes |
| zarafa | /var/log/zarafa/gateway.log | yes |
| zarafa | /var/log/zarafa/indexer.log | yes |
| zarafa | /var/log/zarafa/server.log | yes |
| zarafa | /var/log/zarafa/audit.log | yes |
| samba | /var/log/samba/log.smbd | yes |
| samba | /var/log/samba/log.nmbd | yes |
| remoteservices | /home/ebox-remote-support/support.log | not rotated |
| ftp | /var/log/vsftpd.log | yes |
| core | /var/log/zentyal/access.log | zentyal-core |
| core | /var/log/zentyal/error.log | zentyal-core |
| core | /var/log/zentyal/zentyal.log | zentyal-core |
| core | /var/log/zentyal/redis-server.log | zentyal-core |
| core | /var/log/zentyal/runit/wild-services.log | not used atm |
| software | /var/log/zentyal/software.log | zentyal-software |
| openvpn | /var/log/quagga/ripd.log | yes |
| openvpn | /var/log/quagga/zebra.log | yes |
| openvpn | /var/log/zentyal/openvpn/*.log | zentyal-openvpn |
| usercorner | /var/log/zentyal-usercorner/access.log | zentyal-usercorner |
| usercorner | /var/log/zentyal-usercorner/error.log | zentyal-usercorner |
| usercorner | /var/log/zentyal-usercorner/zentyal.log | zentyal-usercorner |
| radius | /var/log/freeradius/radius.log | yes |
| /var/log/mail.log | yes | |
| ebackup | /var/log/zentyal/duplicity-debug.log | zentyal-ebackup |
| ebackup | /var/log/zentyal/duplicity-command.log | zentyal-ebackup |
| webserver | /var/log/apache2/*.log | yes |
| captiveportal | /var/log/zentyal-captiveportal/error.log | zentyal-captiveportal |
| captiveportal | /var/log/zentyal-captiveportal/access.log | zentyal-captiveportal |
| captiveportal | /var/log/zentyal-captiveportal/zentyal.log | zentyal-captiveportal |
| antivirus | /var/log/clamav/freshclam.log | yes |
| antivirus | /var/log/clamav/clamav.log | yes |
| squid | /var/log/dansguardian/access.log | |
| squid | /var/log/squid/access.log | |
| printers | /var/log/cups/*log | yes |
| jabber | /var/log/ejabberd/*.log | yes |
| ids | /var/log/snort/portscan.log | yes |
| ids | /var/log/snort/alert | yes |
| ids | /var/log/snort/portscan2.log | yes |
| asterisk | /var/log/asterisk/debug | yes |
| asterisk | /var/log/asterisk/messages | yes |
| asterisk | /var/log/asterisk/full | yes |
| asterisk | /var/log/asterisk/*_log | yes |
| webmail | /var/log/roundcube/sendmail | yes |
| webmail | /var/log/roundcube/errors | yes |
Useful commands and scripts
You will find some utility scripts under several directories named /usr/share/zentyal(*)
zentyal/ zentyal-firewall/ zentyal-objects/ zentyal-users/ zentyal-antivirus/ zentyal-jabber/ zentyal-openvpn/ zentyal-webserver/ zentyal-ca/ zentyal-network/ zentyal-services/ zentyal-dns/ zentyal-ntp/ zentyal-software/
Let's review some of them
zentyal/clean-conf : Delete the redis configuration associated with one of the zentyal modules.
Example:
./clean-conf openvpn
This will erase all the redis keys associated with that module. Useful when you reach an inconsistent configuration state during beta testing and you are not able to return to a safe point using the GUI, for example. Be careful, take into account that redis doesn't check relational integrity, so you may end with an incoherent DB.
