Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-04-14T20:44:29Zhttps://gitlab.com/sympl.io/sympl/-/issues/150Symbiosis: MariaDB breaks phpMyAdmin authentication in Stretch2019-04-14T20:44:29ZPaul CammishSymbiosis: MariaDB breaks phpMyAdmin authentication in StretchImported from https://www.github.com/BytemarkHosting/symbiosis/issues/126
MariaDB uses unix socket authentication by default, rather than username/password. As such, phpMyAdmin HTTP authentication won't accept the credentials for the `r...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/126
MariaDB uses unix socket authentication by default, rather than username/password. As such, phpMyAdmin HTTP authentication won't accept the credentials for the `root@localhost` MySQL user.
Likely fix would be to either disable unix socket auth, or create an additional MySQL user which uses username/password authentication.https://gitlab.com/sympl.io/sympl/-/issues/151Symbiosis: Masked potentially dovecot service break upgrades2019-04-17T20:26:34ZPaul CammishSymbiosis: Masked potentially dovecot service break upgradesImported from https://www.github.com/BytemarkHosting/symbiosis/issues/77
(Reading database ... 55746 files and directories currently installed.)
Preparing to unpack .../symbiosis-xmpp_2015%3a1026_all.deb ...
Unpacking symbio...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/77
(Reading database ... 55746 files and directories currently installed.)
Preparing to unpack .../symbiosis-xmpp_2015%3a1026_all.deb ...
Unpacking symbiosis-xmpp (2015:1026) over (2015:1024) ...
service dovecot restart
Failed to restart dovecot.service: Unit dovecot.service is masked.
Makefile:14: recipe for target 'all' failed
make: *** [all] Error 1
dpkg: warning: subprocess old post-removal script returned error exit status 2
dpkg: trying script from the new package instead ...
service dovecot restart
It no longer needs to re-start Dovecot :)https://gitlab.com/sympl.io/sympl/-/issues/152Symbiosis: Method redefined' and 'variable not initialized' warnings returned...2019-06-07T14:39:39ZPaul CammishSymbiosis: Method redefined' and 'variable not initialized' warnings returned from symbiosis-httpd-configure when '--verbose' flag usedImported from https://www.github.com/BytemarkHosting/symbiosis/issues/122
Running `symbiosis-httpd-configure` with the `--verbose` flag appended, e.g `symbiosis-httpd-configure -vdf`, returns the following:
<pre>
root@symbiosis2:/etc/e...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/122
Running `symbiosis-httpd-configure` with the `--verbose` flag appended, e.g `symbiosis-httpd-configure -vdf`, returns the following:
<pre>
root@symbiosis2:/etc/exim4# symbiosis-httpd-configure -vdf
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff
Domain: symbiosis2.default.aladlow.uk0.bigv.io
Current SSL set 6: signed by /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3, expires 2018-09-07 22:00:16 UTC
This site has SSL enabled, and is using the host's primary IPs -- continuing with SNI.
SSL is enabled -- using SSL template
Adding to configurations
Configuration: example.site.net.conf
Forcing re-creation of configuration due to --force.
/usr/lib/ruby/vendor_ruby/diffy/diff.rb:70: warning: instance variable @tempfiles not initialized
Syntax OK
</pre>
Notably:
`/usr/lib/ruby/vendor_ruby/diffy/diff.rb:43: warning: method redefined; discarding old diff`
`/usr/lib/ruby/vendor_ruby/diffy/diff.rb:70: warning: instance variable @tempfiles not initialized`
These probably shouldn't be displayed as standard.
Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/154Symbiosis: Missing error document handling for non-mass-hosted domains2019-04-16T22:18:11ZPaul CammishSymbiosis: Missing error document handling for non-mass-hosted domainsImported from https://www.github.com/BytemarkHosting/symbiosis/issues/79
Relating to https://www.github.com/BytemarkHosting/symbiosis/issues/63 - the default site is configured using ErrorDocument in zz-masshosting.conf and zz-masshosti...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/79
Relating to https://www.github.com/BytemarkHosting/symbiosis/issues/63 - the default site is configured using ErrorDocument in zz-masshosting.conf and zz-masshosting.ssl.conf, but is not in the template for other sites.
When I installed symbiosis-stretch on a new virtualmachine it created `/etc/apache2/sites-enabled/symbiosis-stretch.work.telyn.uk0.bigv.io.conf`. I suspect this is unintended and possibly to do with how we do SSL now?https://gitlab.com/sympl.io/sympl/-/issues/155Symbiosis: monit: Use systemd timer to launch instead of cron2019-04-14T20:52:49ZPaul CammishSymbiosis: monit: Use systemd timer to launch instead of cronImported from https://www.github.com/BytemarkHosting/symbiosis/issues/55
This requires a .timer as well as a .service file](https://wiki.archlinux.org/index.php/Systemd/Timers). It also means that sysvinit isn't really supported, unles...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/55
This requires a .timer as well as a .service file](https://wiki.archlinux.org/index.php/Systemd/Timers). It also means that sysvinit isn't really supported, unless a check is put in place to remove the cron job or otherwise disable it.https://gitlab.com/sympl.io/sympl/-/issues/157Symbiosis: Mysql user of admin with admin password for mysql access2019-06-20T13:21:36ZPaul CammishSymbiosis: Mysql user of admin with admin password for mysql accessImported from https://www.github.com/BytemarkHosting/symbiosis/issues/61
Just had a customer who processed a migration from symb6 to symb8 and managed to overwrite the mysql db in the process.
Wondered if there might be some traction i...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/61
Just had a customer who processed a migration from symb6 to symb8 and managed to overwrite the mysql db in the process.
Wondered if there might be some traction in having an admin user with the admin password as a mysql user that we can control access for a little more, no access to the mysql folder for example...
Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/158Symbiosis: On Stretch, httpd.postinst doesn't correctly preserve `no-stats` s...2019-06-07T10:51:39ZPaul CammishSymbiosis: On Stretch, httpd.postinst doesn't correctly preserve `no-stats` settingsImported from https://www.github.com/BytemarkHosting/symbiosis/issues/124
This is what I think should happen:
1. If `no-stats` is present and not set to `false`: remove, as this is the default now.
2. If `no-stats` is present and set t...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/124
This is what I think should happen:
1. If `no-stats` is present and not set to `false`: remove, as this is the default now.
2. If `no-stats` is present and set to `false`: move to `stats` and truncate, ensuring stats are enabled.
3. If `no-stats` isn't present: create `stats`.
4. Otherwise do nothing.
Patrick advised that we can potentially not do (3) and just put in release notes that the default is now that stats are disabled by default, as we use webalizer which is old and clunky and potentially many customers don't use it.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/159Symbiosis: On Stretch, man pages for symbiosis-common scripts are empty2019-04-14T20:53:51ZPaul CammishSymbiosis: On Stretch, man pages for symbiosis-common scripts are emptyImported from https://www.github.com/BytemarkHosting/symbiosis/issues/117
Looks like a problem finding ruby libraries during generation of the packages.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/117
Looks like a problem finding ruby libraries during generation of the packages.https://gitlab.com/sympl.io/sympl/-/issues/160Symbiosis: Optional symbiosis-httpd-logger package fails under load2019-04-14T20:58:39ZPaul CammishSymbiosis: Optional symbiosis-httpd-logger package fails under loadImported from https://www.github.com/BytemarkHosting/symbiosis/issues/113
Under high loads with a large number of sites (and therefore large number of instances of the logger), the symbiosis-httpd-logger process stalls and fails to writ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/113
Under high loads with a large number of sites (and therefore large number of instances of the logger), the symbiosis-httpd-logger process stalls and fails to write logs, apparently causing Apache to stall and spin up more processes to deal with the incoming traffic.
A workaround for this seems to be to be to adjust the Apache templates for HTTP/HTTPS sites to log directly to disk, saving the extra processor time and RAM, however this means the `logs` directories won't be automatically generated (should be fixable in symbiosis-httpd-configure or elsewhere, and log files will not be owned by admin:admin (which is not a huge problem, as they are cycled automatically, and still readable by admin).https://gitlab.com/sympl.io/sympl/-/issues/161Symbiosis: Package d-push for stretch?2019-06-07T14:35:45ZPaul CammishSymbiosis: Package d-push for stretch?Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/52
d-push was removed from debian before stretch because it wasn't php7 compatible in time. It is now compatible with PHP7, so we could choose to package it ourselves...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/52
d-push was removed from debian before stretch because it wasn't php7 compatible in time. It is now compatible with PHP7, so we could choose to package it ourselves.
We should determine if anyone actually uses d-push to sync emails to their mobile device and how important it is to them - i.e. whether or not they can just use IMAP instead.
I'd be very surprised if anyone was unable to use IMAP. We're talking early 2000s MS stuff here I'd expect.https://gitlab.com/sympl.io/sympl/-/issues/162Symbiosis: PHP 'upload_max_filesize' and 'post_max_size' values default perha...2019-04-14T21:31:36ZPaul CammishSymbiosis: PHP 'upload_max_filesize' and 'post_max_size' values default perhaps too lowImported from https://www.github.com/BytemarkHosting/symbiosis/issues/123
The default values of `2M` for `upload_max_filesize` and `8M` for `post_max_size` are fairly conservative, and can be fairly limiting as larger uploads have becom...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/123
The default values of `2M` for `upload_max_filesize` and `8M` for `post_max_size` are fairly conservative, and can be fairly limiting as larger uploads have become more common etc.
These two variables are often manually increased straight off the bat with a new Symbiosis install, so it would be useful to set these to a higher default value from the get go.https://gitlab.com/sympl.io/sympl/-/issues/164Symbiosis: Plaintext FTP should be disabled by default2019-04-17T20:30:58ZPaul CammishSymbiosis: Plaintext FTP should be disabled by defaultImported from https://www.github.com/BytemarkHosting/symbiosis/issues/50
`/etc/pure-ftpd/conf/TLS` currently appears to be set to 1 which means "Accept both normal sessions and SSL/TLS ones." - my opinion would be that for the next rele...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/50
`/etc/pure-ftpd/conf/TLS` currently appears to be set to 1 which means "Accept both normal sessions and SSL/TLS ones." - my opinion would be that for the next release, we should change this to 2, or even 3. Options are below.
```
-Y tls behavior
-Y 0 (default) disables SSL/TLS security mechanisms.
-Y 1 Accept both normal sessions and SSL/TLS ones.
-Y 2 refuses connections that aren't using SSL/TLS security
mechanisms, including anonymous ones.
-Y 3 refuses connections that aren't using SSL/TLS security
mechanisms, and refuse cleartext data channels as well.
The server must have been compiled with SSL/TLS support and a
valid certificate must be in place to accept encrypted sessions.
```https://gitlab.com/sympl.io/sympl/-/issues/169Symbiosis: Replace the default site .html file with some Symbiosis documentation2019-06-20T13:22:59ZPaul CammishSymbiosis: Replace the default site .html file with some Symbiosis documentationImported from https://www.github.com/BytemarkHosting/symbiosis/issues/63
@jamielinux's good idea;
Replace:
![screen_shot_2017-05-31_at_16 33 05](https://user-images.githubusercontent.com/317667/27084986-c99e5000-5045-11e7-9256-bd9f52c...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/63
@jamielinux's good idea;
Replace:
![screen_shot_2017-05-31_at_16 33 05](https://user-images.githubusercontent.com/317667/27084986-c99e5000-5045-11e7-9256-bd9f52cab638.png)
With help documentation in some form. Maybe full, maybe single page
Would a high level view of the steps required to setup a standard website work?Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/170Symbiosis: Request: Write mysql root credentials to /root/.my.cnf when imaging.2019-06-09T23:33:49ZPaul CammishSymbiosis: Request: Write mysql root credentials to /root/.my.cnf when imaging.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/56
(Note: This may be something for imager, or Stretch, but applied to Symbiosis *images* only)
It's never clear that the `root`, `admin` and mysql `root@localhost` ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/56
(Note: This may be something for imager, or Stretch, but applied to Symbiosis *images* only)
It's never clear that the `root`, `admin` and mysql `root@localhost` users all have the same password in a newly imaged machine, which leads to users likely changing the root/admin passwords like they should, and not making note of the `root@localhost` password we set for mysql.
Simply writing the below to `/root/.my.cnf` (with relevant permissions) would make password recovery simpler, and allow the user to log in directly.
```config
[client]
user=root
password="<example>"
```
There's a small outside risk to this, by keeping it in `/root` would negate most of this, and make things simpler for users.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/171Symbiosis: Roundcube sieve breaks following dist-upgrade from Symbiosis Jessi...2019-06-07T10:51:35ZPaul CammishSymbiosis: Roundcube sieve breaks following dist-upgrade from Symbiosis Jessie to StretchImported from https://www.github.com/BytemarkHosting/symbiosis/issues/118
Roundcube returns an `Unable to connect to managesieve server` warning when attempting to access the `Filters` or `Vacation` setting. This is due to a change in t...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/118
Roundcube returns an `Unable to connect to managesieve server` warning when attempting to access the `Filters` or `Vacation` setting. This is due to a change in the sieve directory structure when moving from Jessie to Stretch.
In Symbiosis Jessie, the structure is as follows:
<pre>
root@symbiosis2:/usr/share/roundcube# ls -al /srv/symbiosis2.default.aladlow.uk0.bigv.io/mailboxes/root/
total 24
drwxr-sr-x 4 admin admin 4096 May 11 11:31 .
drwxr-sr-x 4 admin admin 4096 May 17 12:57 ..
drwx--S--- 9 admin admin 4096 May 27 16:05 Maildir
-rw-r--r-- 1 admin admin 105 May 27 12:51 password
lrwxrwxrwx 1 admin admin 23 May 11 11:30 sieve -> sieve.d/roundcube.sieve
drwx--S--- 3 admin admin 4096 May 11 11:30 sieve.d
</pre>
And in Symbiosis Stretch:
<pre>
root@symbiosis2:/usr/share/roundcube# ls -al /srv/symbiosis2.default.aladlow.uk0.bigv.io/mailboxes/root/
total 20
drwxr-sr-x 4 admin admin 4096 May 27 16:08 .
drwxr-sr-x 4 admin admin 4096 May 17 12:57 ..
lrwxrwxrwx 1 admin admin 21 May 27 16:08 .dovecot.sieve -> sieve/roundcube.sieve
drwx--S--- 9 admin admin 4096 May 27 16:05 Maildir
-rw-r--r-- 1 admin admin 105 May 27 12:51 password
drwx--S--- 3 admin admin 4096 May 27 16:08 sieve
</pre>
To resolve this, the `sieve.d` directory should be renamed to `sieve`, and the `sieve` symlink to `.dovecot.sieve`.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/172Symbiosis: Run-parts when SSL certificates are updated2019-06-20T17:51:21ZPaul CammishSymbiosis: Run-parts when SSL certificates are updatedImported from https://www.github.com/BytemarkHosting/symbiosis/issues/62
Similar to other tools for Lets Encrypt, could Symbiosis do a run-parts on a certain directory if it exists (e.g /etc/symbiosis/ssl-update.d) to allow other servic...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/62
Similar to other tools for Lets Encrypt, could Symbiosis do a run-parts on a certain directory if it exists (e.g /etc/symbiosis/ssl-update.d) to allow other services to act on an automated SSL renewal?
I'm thinking this could hook into HAProxy, but could be useful for mail and stuff too.
Ideally environment variables would be passed to the hook in the same style as https://github.com/hlandau/acme/blob/master/_doc/SCHEMA.md#hooksSympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/174Symbiosis: Skel missing file references2019-06-20T13:24:53ZPaul CammishSymbiosis: Skel missing file referencesImported from https://www.github.com/BytemarkHosting/symbiosis/issues/135
When a new domain directory is created within `/srv/`, Symbiosis Stretch will create appropriate `config`, and `public` sub-directories.
The `/srv/domain.com/pu...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/135
When a new domain directory is created within `/srv/`, Symbiosis Stretch will create appropriate `config`, and `public` sub-directories.
The `/srv/domain.com/public/htdocs/index.html` file generated refers to incorrect file paths, as it looks for `/bytemark/bytemark.css` and `/bytemark/bytemark.png`, but the `bytemark/` directory doesn't exist.
Additionally, the index points to the Jessie Symbiosis docs, where they should be for Stretch.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/177Symbiosis: Stats default to On2019-04-14T21:25:48ZPaul CammishSymbiosis: Stats default to OnImported from https://www.github.com/BytemarkHosting/symbiosis/issues/51
I strongly believe Stats should be disabled OR the stats http page be password protected by default.Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/51
I strongly believe Stats should be disabled OR the stats http page be password protected by default.https://gitlab.com/sympl.io/sympl/-/issues/178Symbiosis: Stretch - Cron warning emails generated by backup2l2019-04-14T21:05:19ZPaul CammishSymbiosis: Stretch - Cron warning emails generated by backup2lImported from https://www.github.com/BytemarkHosting/symbiosis/issues/127
When the cron script `/etc/cron.daily/zz-backup2l` runs, it generates the following warning message:
> WARNING:
>
> Volume is or was locked by another instance ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/127
When the cron script `/etc/cron.daily/zz-backup2l` runs, it generates the following warning message:
> WARNING:
>
> Volume is or was locked by another instance of 'backup2l'.
>
> It appears that another instance of 'backup2l' is or was running concurrently.
> This should not happen, but cannot be avoided completely with the present
> implementation of locking in 'backup2l'. I am sorry!
>
> The following steps should bring everything back into order:
> 1. Stop all instances of 'backup2l'.
> 2. Remove the lock file '/var/backups/localhost/all.lock' manually.
> 3. Re-run the backup.
> 4. Unmount the backup device (if desired).`
A new backup is created despite this warning message, but it could be a cause for concern.https://gitlab.com/sympl.io/sympl/-/issues/179Symbiosis: Symbiosis monit failure emails in Stretch2019-04-14T21:37:56ZPaul CammishSymbiosis: Symbiosis monit failure emails in StretchImported from https://www.github.com/BytemarkHosting/symbiosis/issues/129
The symbiosis-monit script will return an exit code of 75 for a few reasons: if it's been disabled, if the machine is still booting, if the load is higher than th...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/129
The symbiosis-monit script will return an exit code of 75 for a few reasons: if it's been disabled, if the machine is still booting, if the load is higher than the number of CPU cores, or if dpkg is running:
<pre>root@jessie:~# grep -c processor /proc/cpuinfo
root@jessie:~# cat /proc/loadavg
4.00 4.00 3.87 5/130 5696
root@jessie:~# /usr/sbin/symbiosis-monit -t email /etc/symbiosis/monit.d -a
root@jessie:~# echo $?
75
</pre>
In Symbiosis Stretch, this will be printed to syslog:
<pre>upgrade2 systemd[1]: symbiosis-monit.service: Main process exited, code=exited, status=75/n/a
upgrade2 systemd[1]: symbiosis-monit.service: Unit entered failed state.
upgrade2 systemd[1]: symbiosis-monit.service: Failed with result 'exit-code'.
</pre>
And also as an email:
<pre>Subject: Symbiosis monitor detected service failure
root : TTY=unknown ; PWD=/ ; USER=nobody ; COMMAND=/usr/bin/tee /var/tmp/symbiosis-monit.cursor
pam_unix(sudo:session): session opened for user nobody by (uid=0)
Started Symbiosis monitor.
symbiosis-monit.service: Main process exited, code=exited, status=75/n/a
symbiosis-monit.service: Unit entered failed state.
symbiosis-monit.service: Triggering OnFailure= dependencies.
symbiosis-monit.service: Failed with result 'exit-code'.</pre>
Server load will frequently rise above the number of CPU cores on busy servers, generating a large amount of emails. Printing to syslog is useful if there are problems with the `symbiosis-monit` service itself, but we should probably only send a failure email when an individual test has failed (e.g. `apache2`), rather than the entire service.