Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-06-07T14:33:10Zhttps://gitlab.com/sympl.io/sympl/-/issues/128Symbiosis: Apache PHP7 module isn't enabled automatically following dist-upgr...2019-06-07T14:33:10ZPaul CammishSymbiosis: Apache PHP7 module isn't enabled automatically following dist-upgrade from Symbiosis JessieImported from https://www.github.com/BytemarkHosting/symbiosis/issues/116
During the dist-upgrade from Symbiosis Jessie to Stretch, Apache will not enable the PHP7 module as it conflicts with PHP5 (which should already be enabled). The ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/116
During the dist-upgrade from Symbiosis Jessie to Stretch, Apache will not enable the PHP7 module as it conflicts with PHP5 (which should already be enabled). The PHP5 module should therefore be explicitly disabled in favour of PHP7.https://gitlab.com/sympl.io/sympl/-/issues/130Symbiosis: ClamAV can be a resource hog, and doesn't need to be running if it...2019-04-14T20:11:44ZPaul CammishSymbiosis: ClamAV can be a resource hog, and doesn't need to be running if it's not configured.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/49
We've had a few Symbiosis users recently (with otherwise pretty quiet machines who are seeing issues with clamav hogging resources - CPU, disk and RAM.
This seems...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/49
We've had a few Symbiosis users recently (with otherwise pretty quiet machines who are seeing issues with clamav hogging resources - CPU, disk and RAM.
This seems to be down to a memory leak in clamd, which after 150+ days of uptime chews up a significant amount of RAM, which can then cause freshclam to have problems allocating memory, leading to it chewing up CPU time and disk space as it writes `WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory ([0-9]* bytes).` to freshclam.log over and over until the disk is full, then starts consuming all the CPU time on the box.
Really, clamd doesn't need to even be running if its not configured to be used, and provides users a false sense of security if they see it running on the box but its not configured, however it may be worth an extra daily/weekly forced restart/reload of the service if it is being used, to clear out any memory leak issues.https://gitlab.com/sympl.io/sympl/-/issues/132Symbiosis: common: postinst needs to check for a better valid hostname2019-04-14T20:14:08ZPaul CammishSymbiosis: common: postinst needs to check for a better valid hostnameImported from https://www.github.com/BytemarkHosting/symbiosis/issues/57
The HOSTNAME env variable doesn't tend to bell
It should probably check against a regexp for the presence of a dot in the $HOSTNAME env variable:
```regex
/^[_a-z...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/57
The HOSTNAME env variable doesn't tend to bell
It should probably check against a regexp for the presence of a dot in the $HOSTNAME env variable:
```regex
/^[_a-z0-9-]+\.([_a-z0-9-]+\.?)+$/
```
would do the trickhttps://gitlab.com/sympl.io/sympl/-/issues/133Symbiosis: Deprecated File.exists? call used by symbiosis-httpd-configure in ...2019-04-14T00:49:09ZPaul CammishSymbiosis: Deprecated File.exists? call used by symbiosis-httpd-configure in StretchImported from https://www.github.com/BytemarkHosting/symbiosis/issues/121
Running `symbiosis-httpd-configure -vdf` returns a deprecated `File.exists?` warning, as per:
<pre>
root@blank:~# symbiosis-httpd-configure -vdf
Configuration: b...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/121
Running `symbiosis-httpd-configure -vdf` returns a deprecated `File.exists?` warning, as per:
<pre>
root@blank:~# symbiosis-httpd-configure -vdf
Configuration: blank.default.aladlow.uk0.bigv.io.conf
Forcing re-creation of configuration due to --force.
/usr/lib/ruby/vendor_ruby/symbiosis/config_file.rb:138: warning: File.exists? is a deprecated name, use File.exist? instead
Syntax OK
Configuration: zz-mass-hosting.conf
Forcing re-creation of configuration due to --force.
/usr/lib/ruby/vendor_ruby/symbiosis/config_file.rb:138: warning: File.exists? is a deprecated name, use File.exist? instead
Syntax OK
Configuration: zz-mass-hosting.ssl.conf
Forcing re-creation of configuration due to --force.\r\n/usr/lib/ruby/vendor_ruby/symbiosis/config_file.rb:138: warning: File.exists? is a deprecated name, use File.exist? instead
Syntax OK
</pre>https://gitlab.com/sympl.io/sympl/-/issues/140Symbiosis: Exim "Warning: purging the environment" error on restart2019-04-14T20:30:56ZPaul CammishSymbiosis: Exim "Warning: purging the environment" error on restartImported from https://www.github.com/BytemarkHosting/symbiosis/issues/114
Exim prints the following warning message whenever the service is restarted:
`Jun 18 14:12:19 symbiosis2.default.aladlow.uk0.bigv.io exim4[573]: Starting MTA:201...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/114
Exim prints the following warning message whenever the service is restarted:
`Jun 18 14:12:19 symbiosis2.default.aladlow.uk0.bigv.io exim4[573]: Starting MTA:2018-06-18 14:12:19 Warning: purging the environment.`
`Jun 18 14:12:19 symbiosis2.default.aladlow.uk0.bigv.io exim4[573]: Suggested action: use keep_environment.`
This message is fairly harmless but can cause emails to be generated from `cron.daily`, for example:
```
/etc/cron.daily/exim4-base:
LOG: MAIN
Warning: purging the environment.
Suggested action: use keep_environment.
```
The solution should be to set `keep_environment =` in Exim's configuration.https://gitlab.com/sympl.io/sympl/-/issues/142Symbiosis: Frequently used packages aren't installed by default2019-06-20T13:42:39ZPaul CammishSymbiosis: Frequently used packages aren't installed by defaultImported from https://www.github.com/BytemarkHosting/symbiosis/issues/120
There are a number of packages which are typically installed manually on a newly created Symbiosis server as a first priority, since they're used so often. The fo...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/120
There are a number of packages which are typically installed manually on a newly created Symbiosis server as a first priority, since they're used so often. The following packages are sure bets to be installed in most cases:
`curl, iotop, less, lsof, psmisc, rsync, screen, smartmontools, telnet, vim, wget, htop, mtr-tiny, xfsprogs, tree, dnsutils`
It would be useful if we could add these packages as a Symbiosis dependency to ensure they're installed automatically.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/143Symbiosis: I want SSL only without HSTS2020-07-11T06:36:30ZPaul CammishSymbiosis: I want SSL only without HSTSImported from https://www.github.com/BytemarkHosting/symbiosis/issues/66
I want a back-out path from ssl-only. Currently, if I deploy SSL only HSTS headers get issued, which mean I have no way to back out if I have problems with certifi...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/66
I want a back-out path from ssl-only. Currently, if I deploy SSL only HSTS headers get issued, which mean I have no way to back out if I have problems with certificate renewal or spot a problem with the way the SSL site renders
So, maybe I could make a file `config/ssl-only-no-sts` to get ssl throughout the site, and when I'm confident that I can commit to this configuration, then deploy STS.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/147Symbiosis: It's too easy to break Exim by changing ssl certificate ownership.2019-06-20T13:19:51ZPaul CammishSymbiosis: It's too easy to break Exim by changing ssl certificate ownership.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/47
Pretty much everything in /srv/ is owned by admin:admin, so it's tempting to run something like "chown -R admin:admin /srv". The problem is that Exim certificates ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/47
Pretty much everything in /srv/ is owned by admin:admin, so it's tempting to run something like "chown -R admin:admin /srv". The problem is that Exim certificates lie in /srv/<HOSTNAME>/config/ssl/sets and Debian-exim (the user that runs Exim) is not a member of the admin group, so this is an awkward fact to learn and remember.
It might be better if the certificates were managed in /etc/ssl - from where they are currently, and tortuously symlinked.
Alternatively, if issue 38 https://gitlab.bytemark.co.uk/open-source/symbiosis/issues/38 is implemented, then I've made a suggestion for managing these certs.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/148Symbiosis: Log files not created in /srv/site.com/public/logs/2019-06-20T13:20:10ZPaul CammishSymbiosis: Log files not created in /srv/site.com/public/logs/Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/140
I've recently setup Symbiosis on a Digital Ocean droplet to test some things. The initial setup worked perfectly on the second attempt. But I have a few questions...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/140
I've recently setup Symbiosis on a Digital Ocean droplet to test some things. The initial setup worked perfectly on the second attempt. But I have a few questions:
1) Is there a recommended approach for handling the DNS side? I found that adding the server's IP into /srv/mysite.com/config/ip did the trick along with a real email address to ensure Letsencrypt works as expected.
2) Curious also that I don't see any log files.
/srv/mysite.com/public/logs hasn't even been created. EDIT: Seems like symbiosis-httpd-logger is not running ...
Can anyone illuminate?Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/149Symbiosis: Logrotate cron error for prosody when it's not running2019-06-07T14:25:51ZPaul CammishSymbiosis: Logrotate cron error for prosody when it's not runningImported from https://www.github.com/BytemarkHosting/symbiosis/issues/131
The logrotate cron will email the following warning every week if prosody isn't active:
<pre>
/etc/cron.daily/logrotate:
error: error running shared postrotate s...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/131
The logrotate cron will email the following warning every week if prosody isn't active:
<pre>
/etc/cron.daily/logrotate:
error: error running shared postrotate script for
'/var/log/prosody/prosody.log /var/log/prosody/prosody.err '
run-parts: /etc/cron.daily/logrotate exited with return code 1
</pre>
It looks like this is because the postrotate tries to check for the existence of `/var/run/prosody/prosody.pid` which won't be there when prosody is disabled (by default):
<pre>
[ -e /var/run/prosody/prosody.pid ] && /etc/init.d/prosody reload > /dev/null
</pre>
We should be able to suppress that by changing this line to e.g
<pre>
/etc/init.d/prosody reload > /dev/null
</pre>Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/150Symbiosis: MariaDB breaks phpMyAdmin authentication in Stretch2019-04-14T20:44:29ZPaul CammishSymbiosis: MariaDB breaks phpMyAdmin authentication in StretchImported from https://www.github.com/BytemarkHosting/symbiosis/issues/126
MariaDB uses unix socket authentication by default, rather than username/password. As such, phpMyAdmin HTTP authentication won't accept the credentials for the `r...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/126
MariaDB uses unix socket authentication by default, rather than username/password. As such, phpMyAdmin HTTP authentication won't accept the credentials for the `root@localhost` MySQL user.
Likely fix would be to either disable unix socket auth, or create an additional MySQL user which uses username/password authentication.https://gitlab.com/sympl.io/sympl/-/issues/151Symbiosis: Masked potentially dovecot service break upgrades2019-04-17T20:26:34ZPaul CammishSymbiosis: Masked potentially dovecot service break upgradesImported from https://www.github.com/BytemarkHosting/symbiosis/issues/77
(Reading database ... 55746 files and directories currently installed.)
Preparing to unpack .../symbiosis-xmpp_2015%3a1026_all.deb ...
Unpacking symbio...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/77
(Reading database ... 55746 files and directories currently installed.)
Preparing to unpack .../symbiosis-xmpp_2015%3a1026_all.deb ...
Unpacking symbiosis-xmpp (2015:1026) over (2015:1024) ...
service dovecot restart
Failed to restart dovecot.service: Unit dovecot.service is masked.
Makefile:14: recipe for target 'all' failed
make: *** [all] Error 1
dpkg: warning: subprocess old post-removal script returned error exit status 2
dpkg: trying script from the new package instead ...
service dovecot restart
It no longer needs to re-start Dovecot :)https://gitlab.com/sympl.io/sympl/-/issues/152Symbiosis: Method redefined' and 'variable not initialized' warnings returned...2019-06-07T14:39:39ZPaul CammishSymbiosis: Method redefined' and 'variable not initialized' warnings returned from symbiosis-httpd-configure when '--verbose' flag usedImported from https://www.github.com/BytemarkHosting/symbiosis/issues/122
Running `symbiosis-httpd-configure` with the `--verbose` flag appended, e.g `symbiosis-httpd-configure -vdf`, returns the following:
<pre>
root@symbiosis2:/etc/e...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/122
Running `symbiosis-httpd-configure` with the `--verbose` flag appended, e.g `symbiosis-httpd-configure -vdf`, returns the following:
<pre>
root@symbiosis2:/etc/exim4# symbiosis-httpd-configure -vdf
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
Domain: symbiosis2.default.aladlow.uk0.bigv.io
Current SSL set 6: signed by /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3, expires 2018-09-07 22:00:16 UTC
This site has SSL enabled, and is using the host's primary IPs -- continuing with SNI.
SSL is enabled -- using SSL template
Adding to configurations
Configuration: example.site.net.conf
Forcing re-creation of configuration due to --force.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:70: warning: instance variable @tempfiles not initialized
Syntax OK
</pre>
Notably:
`/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff`
`/usr/lib/ruby/vendor_ruby/diffy/diff.rb:70: warning: instance variable @tempfiles not initialized`
These probably shouldn't be displayed as standard.
Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/154Symbiosis: Missing error document handling for non-mass-hosted domains2019-04-16T22:18:11ZPaul CammishSymbiosis: Missing error document handling for non-mass-hosted domainsImported from https://www.github.com/BytemarkHosting/symbiosis/issues/79
Relating to https://www.github.com/BytemarkHosting/symbiosis/issues/63 - the default site is configured using ErrorDocument in zz-masshosting.conf and zz-masshosti...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/79
Relating to https://www.github.com/BytemarkHosting/symbiosis/issues/63 - the default site is configured using ErrorDocument in zz-masshosting.conf and zz-masshosting.ssl.conf, but is not in the template for other sites.
When I installed symbiosis-stretch on a new virtualmachine it created `/etc/apache2/sites-enabled/symbiosis-stretch.work.telyn.uk0.bigv.io.conf`. I suspect this is unintended and possibly to do with how we do SSL now?https://gitlab.com/sympl.io/sympl/-/issues/155Symbiosis: monit: Use systemd timer to launch instead of cron2019-04-14T20:52:49ZPaul CammishSymbiosis: monit: Use systemd timer to launch instead of cronImported from https://www.github.com/BytemarkHosting/symbiosis/issues/55
This requires a .timer as well as a .service file](https://wiki.archlinux.org/index.php/Systemd/Timers). It also means that sysvinit isn't really supported, unles...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/55
This requires a .timer as well as a .service file](https://wiki.archlinux.org/index.php/Systemd/Timers). It also means that sysvinit isn't really supported, unless a check is put in place to remove the cron job or otherwise disable it.https://gitlab.com/sympl.io/sympl/-/issues/157Symbiosis: Mysql user of admin with admin password for mysql access2019-06-20T13:21:36ZPaul CammishSymbiosis: Mysql user of admin with admin password for mysql accessImported from https://www.github.com/BytemarkHosting/symbiosis/issues/61
Just had a customer who processed a migration from symb6 to symb8 and managed to overwrite the mysql db in the process.
Wondered if there might be some traction i...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/61
Just had a customer who processed a migration from symb6 to symb8 and managed to overwrite the mysql db in the process.
Wondered if there might be some traction in having an admin user with the admin password as a mysql user that we can control access for a little more, no access to the mysql folder for example...
Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/158Symbiosis: On Stretch, httpd.postinst doesn't correctly preserve `no-stats` s...2019-06-07T10:51:39ZPaul CammishSymbiosis: On Stretch, httpd.postinst doesn't correctly preserve `no-stats` settingsImported from https://www.github.com/BytemarkHosting/symbiosis/issues/124
This is what I think should happen:
1. If `no-stats` is present and not set to `false`: remove, as this is the default now.
2. If `no-stats` is present and set t...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/124
This is what I think should happen:
1. If `no-stats` is present and not set to `false`: remove, as this is the default now.
2. If `no-stats` is present and set to `false`: move to `stats` and truncate, ensuring stats are enabled.
3. If `no-stats` isn't present: create `stats`.
4. Otherwise do nothing.
Patrick advised that we can potentially not do (3) and just put in release notes that the default is now that stats are disabled by default, as we use webalizer which is old and clunky and potentially many customers don't use it.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/159Symbiosis: On Stretch, man pages for symbiosis-common scripts are empty2019-04-14T20:53:51ZPaul CammishSymbiosis: On Stretch, man pages for symbiosis-common scripts are emptyImported from https://www.github.com/BytemarkHosting/symbiosis/issues/117
Looks like a problem finding ruby libraries during generation of the packages.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/117
Looks like a problem finding ruby libraries during generation of the packages.https://gitlab.com/sympl.io/sympl/-/issues/160Symbiosis: Optional symbiosis-httpd-logger package fails under load2019-04-14T20:58:39ZPaul CammishSymbiosis: Optional symbiosis-httpd-logger package fails under loadImported from https://www.github.com/BytemarkHosting/symbiosis/issues/113
Under high loads with a large number of sites (and therefore large number of instances of the logger), the symbiosis-httpd-logger process stalls and fails to writ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/113
Under high loads with a large number of sites (and therefore large number of instances of the logger), the symbiosis-httpd-logger process stalls and fails to write logs, apparently causing Apache to stall and spin up more processes to deal with the incoming traffic.
A workaround for this seems to be to be to adjust the Apache templates for HTTP/HTTPS sites to log directly to disk, saving the extra processor time and RAM, however this means the `logs` directories won't be automatically generated (should be fixable in symbiosis-httpd-configure or elsewhere, and log files will not be owned by admin:admin (which is not a huge problem, as they are cycled automatically, and still readable by admin).https://gitlab.com/sympl.io/sympl/-/issues/161Symbiosis: Package d-push for stretch?2019-06-07T14:35:45ZPaul CammishSymbiosis: Package d-push for stretch?Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/52
d-push was removed from debian before stretch because it wasn't php7 compatible in time. It is now compatible with PHP7, so we could choose to package it ourselves...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/52
d-push was removed from debian before stretch because it wasn't php7 compatible in time. It is now compatible with PHP7, so we could choose to package it ourselves.
We should determine if anyone actually uses d-push to sync emails to their mobile device and how important it is to them - i.e. whether or not they can just use IMAP instead.
I'd be very surprised if anyone was unable to use IMAP. We're talking early 2000s MS stuff here I'd expect.