Description of problem: After upgrading a server running quassel-core I can no longer connect to core. Mga5 was using quassel-0.12.4-1, Mga6 updated it to quassel-0.12.4-4 The quassel-core service is running and seems to be connecting to the irc servers, but it's not possible to connect to the quassel core from any clientany machine. In Mga6 quassel-core is run by quassel user from systemd and I think this change has broken the upgrade. I am stumped for now and cannot access any irc backlogs or channels other than by using another irc client. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3.
After discussions upstream it seems that the problem is in /etc/quassel.conf in quassel-core on the server. # (List of) IP address(es) that quasselcore should listen on. # Defaults to ::,127.0.0.1 LISTEN=::,127.0.0.1 This needs to be: LISTEN=::,0.0.0.0 Changing this fixes the issue and the client can then connect. This is in SOURCES/quassel.conf and should fix the upgrade issue if it is implemented in quassel in Mga6 ----------------- It would also be nice to add a small README.Mageia with the following tip for adding an SSL certificate for quassel-core containing the following: ------------- Without an SSL certificate quassel-core complains: Warning: SslServer: Unable to set certificate file Quassel Core will still work, but cannot provide SSL for client connections. A suitable certificate can be installed by using the following and answering a few questions as they appear: su systemctl stop quasselcore.service openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /var/lib/quasselquasselCert.pem -out /var/lib/quassel/quasselCert.pem chown quassel:quassel /var/lib/quassel/quasselCert.pem systemctl start quasselcore.service exit
Without making the change in /etc/quassel.conf, can you connect to the core from a client on the same machine? If so, please do *not* change it in the package. You should use an SSH tunnel to securely connect to it from a remote machine, if that's what you want to do. As for the SSL certificate thing, I made myself one and it still complains about it.
(In reply to David Walser from comment #2) > Without making the change in /etc/quassel.conf, can you connect to the core > from a client on the same machine? I have no reason to have a client on the server. > If so, please do *not* change it in the > package. You should use an SSH tunnel to securely connect to it from a > remote machine, if that's what you want to do. No I don't, it's all in the LAN. > As for the SSL certificate thing, I made myself one and it still complains > about it. It works fine here and no longer complains, however the command I used was from upstream dev not the one suggested on the quassel site. It adds the cert in /var/lib/quassel/ rather than ~/ of the logged in user. In the config it seems that the IPs are a 'list of', so maybe 'adding' 0.0.0.0 to the list rather than replacing it will work? The correct syntax for the list is not mentioned though.
I installed quassel-client on the server as a test with only 0.0.0.0 in the config and running it (over ssh) I can connect with no problems to core. From journal: Jan 08 12:58:27 zmhost.mtf.net quasselcore[9646]: 2018-01-08 12:58:27 Info: Client connected from 127.0.0.1 Jan 08 12:58:48 zmhost.mtf.net quasselcore[9646]: 2018-01-08 12:58:48 Info: Client 127.0.0.1 initialized and authenticated successfully as "quassel" (UserId: 1). So using 0.0.0.0 in the config does not exclude localhost.
I was only asking you to run the client on the server to verify that the core does in fact work. If you use the SSH tunnel I gave you on IRC, that would work too. In either case, I intended for you to *leave* it configured for 127.0.0.1, as it should be, *not* to change it to 0.0.0.0. Ahh, I'll have to try the /var/lib/quassel then, because yes I put mine in ~ as well. If you're comfortable opening the port and it'll only be accessible on your LAN, then that's fine to make that change locally, but the package should stay as it is. As for whether it will "affect" anyone, that depends on how they use it. We actually only added the systemd service for it for Mageia 6, so nobody would have been using that on Mageia 5 unless they copied that locally for themselves. On Mageia 5, I run quasselcore from my user account as an autostart, rather than running it as a quassel user, and I'm sure I'll continue to do that in Mageia 6, as will most users I would guess. The systemd service is configured to be secure by default. You asked on IRC about does the SSH tunnel stay open if you close the terminal; the answer is no. There are additional options you can give to SSH to not run a shell so it can just execute in the background (and not require you to keep a terminal open), but it's nice to have a shell there so you know the connection is still active.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED