From 50435425e5d8bfea84c000629f9d82feebc5690b Mon Sep 17 00:00:00 2001 From: silversword411 Date: Fri, 21 Jan 2022 11:51:54 -0500 Subject: [PATCH 1/2] adding all services to troubleshooting script --- troubleshoot_server.sh | 49 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/troubleshoot_server.sh b/troubleshoot_server.sh index 7a28c10c..688a1667 100644 --- a/troubleshoot_server.sh +++ b/troubleshoot_server.sh @@ -2,6 +2,7 @@ # Tactical RMM install troubleshooting script # Contributed by https://github.com/dinger1986 +# v1.1 1/21/2022 update to include all services # This script asks for the 3 subdomains, checks they exist, checks they resolve locally and remotely (using google dns for remote), # checks services are running, checks ports are opened. The only part that will make the script stop is if the sub domains dont exist, theres literally no point in going further if thats the case @@ -134,6 +135,10 @@ celerybeatstatus=$(systemctl is-active celerybeat) nginxstatus=$(systemctl is-active nginx) natsstatus=$(systemctl is-active nats) natsapistatus=$(systemctl is-active nats-api) +meshcentralstatus=$(systemctl is-active meshcentral) +mongodstatus=$(systemctl is-active mongod) +postgresqlstatus=$(systemctl is-active postgresql) +redisserverstatus=$(systemctl is-active redis-server) # RMM Service if [ $rmmstatus = active ]; then @@ -210,6 +215,50 @@ else echo -ne ${RED} 'nats-api Service isnt running (Tactical wont work without this)' | tee -a checklog.log printf >&2 "\n\n" +fi + +# meshcentral Service +if [ $meshcentralstatus = active ]; then + echo -ne ${GREEN} Success meshcentral Service is running | tee -a checklog.log + printf >&2 "\n\n" +else + printf >&2 "\n\n" | tee -a checklog.log + echo -ne ${RED} 'meshcentral Service isnt running (Tactical wont work without this)' | tee -a checklog.log + printf >&2 "\n\n" + +fi + +# mongod Service +if [ $mongodstatus = active ]; then + echo -ne ${GREEN} Success mongod Service is running | tee -a checklog.log + printf >&2 "\n\n" +else + printf >&2 "\n\n" | tee -a checklog.log + echo -ne ${RED} 'mongod Service isnt running (Tactical wont work without this)' | tee -a checklog.log + printf >&2 "\n\n" + +fi + +# postgresql Service +if [ $postgresqlstatus = active ]; then + echo -ne ${GREEN} Success postgresql Service is running | tee -a checklog.log + printf >&2 "\n\n" +else + printf >&2 "\n\n" | tee -a checklog.log + echo -ne ${RED} 'postgresql Service isnt running (Tactical wont work without this)' | tee -a checklog.log + printf >&2 "\n\n" + +fi + +# redis-server Service +if [ $redisserverstatus = active ]; then + echo -ne ${GREEN} Success redis-server Service is running | tee -a checklog.log + printf >&2 "\n\n" +else + printf >&2 "\n\n" | tee -a checklog.log + echo -ne ${RED} 'redis-server Service isnt running (Tactical wont work without this)' | tee -a checklog.log + printf >&2 "\n\n" + fi echo -ne ${YELLOW} Checking Open Ports | tee -a checklog.log From 63c60ba716e01c77179caa380f82043c60685c56 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Fri, 21 Jan 2022 11:52:25 -0500 Subject: [PATCH 2/2] docs - Adding troubleshooting notes around --- docs/docs/faq.md | 4 +-- docs/docs/functions/api.md | 2 +- docs/docs/functions/django_admin.md | 2 +- docs/docs/functions/settings_override.md | 2 +- docs/docs/howitallworks.md | 2 +- docs/docs/tipsntricks.md | 4 +++ docs/docs/troubleshooting.md | 34 +++++++++++++----------- docs/docs/unsupported_scripts.md | 8 +++--- 8 files changed, 33 insertions(+), 25 deletions(-) diff --git a/docs/docs/faq.md b/docs/docs/faq.md index 8119523d..4753af3d 100644 --- a/docs/docs/faq.md +++ b/docs/docs/faq.md @@ -86,9 +86,9 @@ Copy the username then ssh into the server and run: ```bash cd /meshcentral/ -sudo systemctl stop meshcentral +sudo systemctl stop meshcentral.service node node_modules/meshcentral --resetaccount --pass -sudo systemctl start meshcentral +sudo systemctl start meshcentral.service ``` ## Help! I've been hacked there are weird agents appearing in my Tactical RMM diff --git a/docs/docs/functions/api.md b/docs/docs/functions/api.md index 7d384119..accc3adf 100644 --- a/docs/docs/functions/api.md +++ b/docs/docs/functions/api.md @@ -33,7 +33,7 @@ Open `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` and add SWAGGER_ENABLED = True ``` -Restart django: `sudo systemctl restart rmm` +Restart django: `sudo systemctl restart rmm.service` Then visit `https://api.example.com/api/schema/swagger-ui/` to see it in action. diff --git a/docs/docs/functions/django_admin.md b/docs/docs/functions/django_admin.md index 8cf81302..11f8a841 100644 --- a/docs/docs/functions/django_admin.md +++ b/docs/docs/functions/django_admin.md @@ -7,7 +7,7 @@ The django admin is basically a web interface for the postgres database. As of Tactical RMM v0.4.19, the django admin is disabled by default. -To enable it, edit `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` and change `ADMIN_ENABLED` from `False` to `True` then `sudo systemctl restart rmm` +To enable it, edit `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` and change `ADMIN_ENABLED` from `False` to `True` then `sudo systemctl restart rmm.service` Login to the django admin using the same credentials as your normal web ui login. diff --git a/docs/docs/functions/settings_override.md b/docs/docs/functions/settings_override.md index 8f4037df..a878c650 100644 --- a/docs/docs/functions/settings_override.md +++ b/docs/docs/functions/settings_override.md @@ -16,4 +16,4 @@ REST_KNOX = { } ``` -Change `(days=30)` to whatever you prefer. Then run `sudo systemctl restart rmm` for changes to take effect. +Change `(days=30)` to whatever you prefer. Then run `sudo systemctl restart rmm.service` for changes to take effect. diff --git a/docs/docs/howitallworks.md b/docs/docs/howitallworks.md index 722f0d9c..5989cee4 100644 --- a/docs/docs/howitallworks.md +++ b/docs/docs/howitallworks.md @@ -130,7 +130,7 @@ Nginx is the web server for the `rmm`, `api`, and `mesh` domains. All sites redi #### Tactical RMM (Django uWSGI) service -Built on the Django framework, the Tactical RMM service is the heart of system by serving the API for the frontend and agents. +Built on the Django framework, the Tactical RMM service is the heart of the system by serving the API for the frontend and agents. ???+ note "systemd config" diff --git a/docs/docs/tipsntricks.md b/docs/docs/tipsntricks.md index fd7517da..99372b42 100644 --- a/docs/docs/tipsntricks.md +++ b/docs/docs/tipsntricks.md @@ -66,3 +66,7 @@ Use the (i) at the end of the script name to: - Left Click: Opens the script source in Github ![Script Parameter Syntax](images/tipsntricks_script_syntaxhelp.png) + +## Running a command on Tactical with Tactical + +Use the agent recovery "shell command" feature that will run in detached process so it won't kill itself or create a script that runs detached to call it. diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md index e4d834ba..94266044 100644 --- a/docs/docs/troubleshooting.md +++ b/docs/docs/troubleshooting.md @@ -78,25 +78,25 @@ Reload NATS: ```bash /rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reload_nats -sudo systemctl restart nats +sudo systemctl restart nats.service ``` Look at nats service errors (make sure it's running) ```bash -sudo systemctl status nats +sudo systemctl status nats.service ``` If nats isn't running see detailed reason why it isn't: ```bash -sudo systemctl stop nats +sudo systemctl stop nats.service nats-server -DVV -c /rmm/api/tacticalrmm/nats-rmm.conf ``` Fix the problem, then restart nats. ``` -sudo systemctl restart nats +sudo systemctl restart nats.service ``` ### From Agent Install @@ -143,19 +143,21 @@ Open your browser's dev tools (++ctrl+shift+j++ on chrome) and check the Console Check all the systemd services that the rmm uses to function and check to make sure they're all active/running and enabled: ```bash -sudo systemctl status rmm -sudo systemctl status daphne -sudo systemctl status celery -sudo systemctl status celerybeat -sudo systemctl status nginx -sudo systemctl status nats -sudo systemctl status nats-api -sudo systemctl status meshcentral -sudo systemctl status mongod -sudo systemctl status postgresql -sudo systemctl status redis +sudo systemctl status rmm.service +sudo systemctl status daphne.service +sudo systemctl status celery.service +sudo systemctl status celerybeat.service +sudo systemctl status nginx.service +sudo systemctl status nats.service +sudo systemctl status nats-api.service +sudo systemctl status meshcentral.service +sudo systemctl status mongod.service +sudo systemctl status postgresql.service +sudo systemctl status redis-server.service ``` +or you can use `systemctl --failed` to see any failed services on your machine. + Read through the log files in the following folders and check for errors: ```bash @@ -171,6 +173,8 @@ Read through the log files in the following folders and check for errors: - mesh.example.com can be proxied with the caveat that Mesh checks the cert presented to the agent is the same one on the server. I.e. no MITM. You'll need to copy Cloudflare's edge cert to your server if you want to proxy this domain. +If you're getting `Invalid group id` at the end of the install you're probably doing something wrong/wrong IP for api. + ## Testing Network Connectivity between agent and server Use powershell, make sure you can connect to 443 and 4222 from agent to server: diff --git a/docs/docs/unsupported_scripts.md b/docs/docs/unsupported_scripts.md index b69a335c..942302a3 100644 --- a/docs/docs/unsupported_scripts.md +++ b/docs/docs/unsupported_scripts.md @@ -365,7 +365,7 @@ sudo echo "${tacticalfail2banjail}" > /etc/fail2ban/jail.d/tacticalrmm.local ### Restart fail2ban ```bash -sudo systemctl restart fail2ban +sudo systemctl restart fail2ban.service ``` ## Using purchased SSL certs instead of LetsEncrypt wildcards @@ -430,7 +430,7 @@ You need to add the certificate private key and public keys to the following fil 7. Restart services - sudo systemctl restart rmm celery celerybeat nginx nats nats-api + sudo systemctl restart rmm.service celery.service celerybeat.service nginx.service nats.service nats-api.service ## Use certbot to do acme challenge over http @@ -668,7 +668,7 @@ sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/fro ### Restart nginx -sudo systemctl restart nginx +sudo systemctl restart nginx.service ### Get letsencrypt Certs @@ -886,7 +886,7 @@ add the lines from 'real_ip' module inside server tag: restart nginx - systemctl restart nginx + systemctl restart nginx.service ### APACHE enable ssl proxy, rewriteEngine.