Cpanel Module Error "a Connection To The Server Could Not Be Established."

[L3Y]

Hi,

 

I am trying to setup the cPanel module with a reseller - i do not want to use root for this.

 

If i add or modify a server in the cPanel module config, i get this error : "A connection to the server could not be established. Please check to ensure that the Hostname, User Name, and Remote Key are correct."

 

 

I saw if i remove those lines from the cpanel.php file, then i can add the server, but still : i have no cPanel package listed upon modification of existing package.

 

'valid_connection'=>array(
                    'rule'=>array(array($this, "validateConnection"), $vars['host_name'], $vars['user_name'], $vars['use_ssl'], &$vars['account_count']),
                    'message'=>Language::_("Cpanel.!error.remote_key_valid_connection", true)
                )

 

 

• There is nothing on the server's log.  No other error.
• The reseller is ok with he's ACL : we do allow listpkgs, password change, suspension, create and "Allow the reseller to use all global packages" - this should be enough imho.
• Under Blesta, in Tools > Logs, it's strange : i see a success for listpkgs each time i try to access the package creation page ( in fact, all automated task return a success even if there is no request made)
• The reseller already have a couple of packages.
• I tried without firewall (and also without phpids just in case)

 

 

While i was trying to add the server, and i was trying to create a package, i was running a tcpdump on both cPanel and Blesta servers, and i saw absolutely no request made to the remote cPanel server (same thing on the cPanel server).   There is no attempt to log in through the API

 

There is no logs on the cPanel server, and no logs on the Blesta server for the API requests. 

 

...why am i getting a success result in the logs under Blesta while no request is made, and why the cPanel module do not work for me?  I even see success for cPanel API requests even if the key is an old key, that's no longer valid.

 

What's wrong exactly?  Any clue?

 

Thank you,

Carl

[Tyson]

The module always logs a success result for requests (Input). Responses from cPanel (Output) may not result in success. If you don't receive a response, then you may have a log with an Input value but no corresponding Output.

 

The error check you removed from the module appears to be accurate. Blesta is unable to communicate with the server, or the credentials are incorrect. Make sure that the server Blesta is installed on meets the system requirements. If no outbound connections are being attempted, make sure you have curl available to php.

 

If you're still not able to find out where the problem lies, you can check if the module is throwing an exception. You will need to add a line of code to the module.

Open /components/modules/cpanel/cpanel.php and find:

$this->log($module_row->meta->host_name . "|listpkgs", null, "input", true);

Just below that is a catch statement:

catch (Exception $e) {
    // API request failed
}

Update it to log the exception message:

catch (Exception $e) {
    // API request failed
    $this->log($module_row->meta->host_name, $e->getMessage() . " \n\n" . $e->getTraceAsString(), "output", false);
}

Then go to add/edit a cPanel package in Blesta. A request will be made to fetch the packages from cPanel. If an exception is thrown by the module, the module will now log an entry into the Module Logs table under [Tools] -> [Logs] that should give more insight into the problem.

[L3Y]

Hi,

 

In the meantime, i found we can also test using :

openssl s_client -connect hostname:2087

This way, there is no need to modify the code for testing. 

 

See here for some infos i found on how to diagnose connexion issues with cPanel : https://forums.cpanel.net/threads/unable-to-create-email-account-via-xml-api.369361/#post-1494952

[L3Y]

I think this reply may help other with a similar issue.

 

If you can connect to the remote server from the command line using this :

openssl s_client -connect hostname:2087

...but you still get this error :

server.hostname.com
curl_exec threw error "Failed to connect to 111.00.00.00: Permission denied" for https://server.hostname.com:2087/json-api/listpkgs?

Then check if SELINUX is set to enforcing in /etc/selinux/confing, on your Blesta Server.  If yes, then you may want to issue this command for testing :

echo 0 >/selinux/enforce

To re-enable after testing :

echo 1 >/selinux/enforce

If it worked with SELINUX disabled, then DO NOT leave SELINUX disabled only for this reason   In fact SELINUX is doing it's job : it blocked a connexion from Apache / Nginx to another port than the standard one.   It act as a kind of firewall.  If your firewall prevent a connexion to happen, then you do not shut down the firewall : you open the port.  Same thing also apply for SELINUX.

 

You may fix any issues to communicate through the port 2087 like this :

 

First, install the required package to mange selinux :

yum install policycoreutils setroubleshoot

then, do this to allow the apache, lighttpd or nginx to communicate through the port 2087

semanage port -a -t http_port_t -p tcp 2087

This way, you keep as much possible of protection, and you can use the cPanel module.

 

To keep your system clean, you can undo the last yum install by doing :

yum history undo last

so it will uninstall the last installed package and it's dependencies.

 

Hope that help

 

Carl