Apt Update and Upgrade appears broken after upgrading to HestiaCP 1.4.2 on Ubuntu 20.04

user7632726 · June 7, 2021, 9:36pm

I was able to upgrade from 1.4.1 to 1.4.2 on HestiaCP with Ubuntu 20.04, however now that I have upgraded, the apt update and upgrade appear to be broken.

Trying to execute this: apt update && apt upgrade

Results in this:

root@srv01:/usr/local/hestia/install/upgrade/manual# apt update && apt upgrade
Err:1 http://mirrors.digitalocean.com/ubuntu focal InRelease                                                                                 
  Temporary failure resolving 'mirrors.digitalocean.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease                                                                             
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://ppa.launchpad.net/ondrej/apache2/ubuntu focal InRelease                                                                         
  Temporary failure resolving 'ppa.launchpad.net'
Err:4 https://apt.hestiacp.com focal InRelease                                                                                               
  Temporary failure resolving 'apt.hestiacp.com'
Err:5 https://nginx.org/packages/mainline/ubuntu focal InRelease                                                                             
  Temporary failure resolving 'nginx.org'
Err:6 https://mirror.mva-n.net/mariadb/repo/10.5/ubuntu focal InRelease                                                                      
  Temporary failure resolving 'mirror.mva-n.net'
Err:7 http://mirrors.digitalocean.com/ubuntu focal-updates InRelease         
  Temporary failure resolving 'mirrors.digitalocean.com'
Err:8 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease             
  Temporary failure resolving 'ppa.launchpad.net'
Err:9 http://mirrors.digitalocean.com/ubuntu focal-backports InRelease       
  Temporary failure resolving 'mirrors.digitalocean.com'
Reading package lists... Done              
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/focal/InRelease  Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/focal-updates/InRelease  Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/focal-backports/InRelease  Temporary failure resolving 'mirrors.digitalocean.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Failed to fetch http://ppa.launchpad.net/ondrej/apache2/ubuntu/dists/focal/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Failed to fetch https://apt.hestiacp.com/dists/focal/InRelease  Temporary failure resolving 'apt.hestiacp.com'
W: Failed to fetch https://mirror.mva-n.net/mariadb/repo/10.5/ubuntu/dists/focal/InRelease  Temporary failure resolving 'mirror.mva-n.net'
W: Failed to fetch https://nginx.org/packages/mainline/ubuntu/dists/focal/InRelease  Temporary failure resolving 'nginx.org'
W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/focal/InRelease  Temporary failure resolving 'ppa.launchpad.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@srv01:/usr/local/hestia/install/upgrade/manual#

eris · June 7, 2021, 9:39pm

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
/usr/local/hestia/bin/v-update-firewall

user7632726 · June 7, 2021, 9:43pm

Thanks @eris for the quick reply. That appears to have fixed the issue. Is that a one time thing that I need to do, or do I need to do anything else for permanent fix?

user7632726 · June 8, 2021, 5:59pm

@eris - Thanks again for sharing the above fix. However, I’m not sure this is an issue, but since updating to Hestia 1.4.2 and after running the above commands, I’m still getting this notice upon login to my server:

Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-74-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 updates can be applied immediately.

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings

No mail.

I can successfully run apt update && apt upgrade, but for some reason Ubuntu is reporting it cannot connect to that URL. Any ideas?

Raphael · June 8, 2021, 6:08pm

Google it, it is probaly a known “caching”-issue.

user7632726 · June 8, 2021, 6:14pm

Thank you @Raphael

It does appear to be related to Ubuntu caching things due to the issue related to the 1.4.1 firewall issue.

For anyone else that comes across this thread, the solution was here: I started getting an error message when I log in Failed to connect to ubuntu.com meta-release-lts | DigitalOcean

Basically you need to truncate the file to remove whatever is cached there. You can do this with the following command:

sudo truncate -s 0 /var/lib/ubuntu-release-upgrader/release-upgrade-available

I think the above line should also be included in the thread where the Hestia team explains the iptables fix. Since this issue came out of the bug, I would personally include it, as it’s related.

Thanks for advice!

Raphael · June 8, 2021, 6:26pm

As written, a known issue with ubuntu without network connection, even for a short time .

AleksUA · June 17, 2021, 10:49am

I’m have same problem

Go to ssh with root:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
/usr/local/hestia/bin/v-update-firewall

IPTABLES green now

But run:
apt update && apt upgrade

Could not connect to apt.hestiacp_com:443 (172.67.131.50), connection timed out Could not connect to apt.hestiacp.com:443 (104.21.9.252), connection timed out

AleksUA · June 17, 2021, 10:51am

eris · June 17, 2021, 10:57am

First tell us what the content is of
/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables

Should be something like:

#!/bin/sh

if [ "$IFACE" = "eno3" ]; then
    [ -x "/sbin/ipset" ] && /usr/local/hestia/bin/v-update-firewall-ipset
    /sbin/iptables-restore < /etc/iptables.rules
fi
exit 0

eno3 could have a different name…

v-stop-firewall

Delete all files in /usr/lib/networkd-dispatcher/routable.d/*

Then run apt update && apt upgrade

AleksUA · June 17, 2021, 11:04am

#!/bin/sh

if [ "$IFACE" = "ens3" ]; then
/usr/local/hestia/bin/v-update-firewall-ipset
sleep 3
/sbin/iptables-restore < /etc/iptables.rules
fi
exit 0

Thanks

v-stop-firewall

Then
Delete all files in /usr/lib/networkd-dispatcher/routable.d/*

Now run
apt update && apt upgrade

The problem was not solved

AleksUA · June 17, 2021, 11:09am

Also now all my domains are giving error 500

ping facebook_com GOOD
ping apt.hestiacp.com or nginx.org BAD

eris · June 17, 2021, 11:11am

If you want DM me your root login + ip adress and I will have a quick look…

AleksUA · June 17, 2021, 11:17am

My account does not have permission for private messages ?

Please write to me at DM

hs1 · June 17, 2021, 7:46pm

I resolved this issue by stopping the firewall within the admin panel & re-running apt update && apt upgrade via ssh then reboot