Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-09-08T15:13:43Zhttps://gitlab.com/sympl.io/sympl/-/issues/263LetsEncrypt certificates not renewed early enough2019-09-08T15:13:43ZPaul CammishLetsEncrypt certificates not renewed early enough# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
...# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
# What is the current bug behavior?
Certificates are not renewed until 2 weeks before expiry, causing a warning.email to be received
# What is the expected correct behavior?
Certificate should be removed 30 days before expiry.
See: https://letsencrypt.org/docs/integration-guide/
for more info.
/cc @kelduumPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/260Extra content in /root/.ssh/authorized_keys is copied also2019-08-16T12:20:27ZPaul CammishExtra content in /root/.ssh/authorized_keys is copied alsoIn the event `/root/.ssh/authorized_keys` contains other content (such as a "command=" entry for the key [ref](https://forum.sympl.host/t/dont-login-as-root-warning/39)), then the Sympl user will be similarly restricted on first logging ...In the event `/root/.ssh/authorized_keys` contains other content (such as a "command=" entry for the key [ref](https://forum.sympl.host/t/dont-login-as-root-warning/39)), then the Sympl user will be similarly restricted on first logging in.
Not necessarily a bug, but we may want to think about excluding these entries or handling them differently.https://gitlab.com/sympl.io/sympl/-/issues/252GitLab CI Improvements2019-07-09T18:44:33ZPaul CammishGitLab CI ImprovementsWhat should be happening is the runner should strategically install the previous version (if it exists) from the relevant public repo, then install the version from the local repo. Instead, theres a common race condition meaning the publ...What should be happening is the runner should strategically install the previous version (if it exists) from the relevant public repo, then install the version from the local repo. Instead, theres a common race condition meaning the public versions are the same as the newly pushed versions.
We should also have separate upgrade tests from the stable and the testing branches, so we can be certain that we won't break stable before deploying, but we can also pre-download the dependency packages needed in the images to save time and bandwidth, negating the need for a separate image.
* [x] Versions older than the local repo installed for upgrade tests.
* [x] Upgrade tests for stable and testing.
* [x] Pre-downloaded packages in clean install.
* [x] CI tidyup, ideally both major branches from the same version.
* [x] Tests for mangled changelog entries in the build CIFuture PlansPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/251Dovecot doesn't reload after cert changes if config hasn't changed.2019-07-07T00:28:05ZPaul CammishDovecot doesn't reload after cert changes if config hasn't changed.In the situation where no new domains are created, but SSL certs update automatically, Dovecot would eventually expire the cached certs, so a reload is needed, as well as a check for when there are literally no certs (ie: first cert atte...In the situation where no new domains are created, but SSL certs update automatically, Dovecot would eventually expire the cached certs, so a reload is needed, as well as a check for when there are literally no certs (ie: first cert attempt fails).
In progress: sympl/sympl!76Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/250Apache config template changes from Buster need to be backported to Stretch2019-07-06T19:10:34ZPaul CammishApache config template changes from Buster need to be backported to StretchIn progress: !77In progress: !77Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/248sympl-mail: Debian-exim user should be added to sympl group.2019-07-02T16:36:27ZPaul Cammishsympl-mail: Debian-exim user should be added to sympl group.As is, the Debian-exim user already has access to the ssl-certs and other things, so giving it access to the config directory shouldn't be a problem now things are properly partitioned and will allow users to still configure things via S...As is, the Debian-exim user already has access to the ssl-certs and other things, so giving it access to the config directory shouldn't be a problem now things are properly partitioned and will allow users to still configure things via SFTP.
`sympl-filesystem-security` will need adjusting for this also.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/245Job Failed #83802019-07-02T16:38:11ZPaul CammishJob Failed #8380This is breaking phpMyAdmin, which should be split into a separate config as it's being retired.
Job [#8380](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/8380) failed for 477a89553e5662f5d77f15a5ba1739cdb60ebbf8:This is breaking phpMyAdmin, which should be split into a separate config as it's being retired.
Job [#8380](https://gitlab.mythic-beasts.com/sympl/sympl/-/jobs/8380) failed for 477a89553e5662f5d77f15a5ba1739cdb60ebbf8:Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/243Buster: zz-mass-hosting doesn't appear to work.2019-08-16T17:54:56ZPaul CammishBuster: zz-mass-hosting doesn't appear to work.On boot, it's sending traffic to /var/www/html, and then after reconfiguring it seems to be only sending traffic to /srv/$localhost/public/htdocs.
It may be due to changes in the newer Apache breaking dynamic vhost configurations in gen...On boot, it's sending traffic to /var/www/html, and then after reconfiguring it seems to be only sending traffic to /srv/$localhost/public/htdocs.
It may be due to changes in the newer Apache breaking dynamic vhost configurations in general, or something else like the custom module not working right any more.Backloghttps://gitlab.com/sympl.io/sympl/-/issues/224Web: `sympl-web-* --manual` requires sympl-common package2019-06-28T15:08:51ZPaul CammishWeb: `sympl-web-* --manual` requires sympl-common packageThis isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Opt...This isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Option 2 is the best option here, especially as the libs aren't needed elsewhere.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/221Symbiosis: symbiosis-httpd-logger is run where it's not really needed2019-06-20T13:24:05ZPaul CammishSymbiosis: symbiosis-httpd-logger is run where it's not really neededThe HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then w...The HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then writes logs to the relevant locations, but it's wasted resources when you have a lot of sites running.
If #219 happens, then the templates should just write the files directly via the normal apache method.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/213XMPP support is to be retired.2019-06-07T14:25:53ZPaul CammishXMPP support is to be retired.1. It requires backports in Stretch
2. There little to no evidence if it being used1. It requires backports in Stretch
2. There little to no evidence if it being usedSympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/212Finish SNI for Support Exim and Dovecot2019-06-20T13:23:25ZPaul CammishFinish SNI for Support Exim and DovecotIt's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/...It's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/
https://docs.bytemark.co.uk/article/enabling-sni-for-dovecot-on-symbiosis/Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/208There are no build tests for XMPP2019-06-07T10:57:26ZPaul CammishThere are no build tests for XMPPThere aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted runnin...There aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted running your own instance, especially as there's no web front end so you would need to run a local client.Future PlansPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/209Build tests should check upgrading from a current install2019-06-11T12:02:28ZPaul CammishBuild tests should check upgrading from a current installThis should prevent an upgrade breaking all the versions.This should prevent an upgrade breaking all the versions.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/225sympl: sympl-common and sympl-core are seperate packages but have the same pu...2019-06-11T16:40:56ZPaul Cammishsympl: sympl-common and sympl-core are seperate packages but have the same purposeI can't see a reason for this any more, so it may make sense to just merge them into one package - there's no need to have them separate as sympl-core was 'bytemark-symbiosis' and just a metapackage with the recommended packages to insta...I can't see a reason for this any more, so it may make sense to just merge them into one package - there's no need to have them separate as sympl-core was 'bytemark-symbiosis' and just a metapackage with the recommended packages to install and a MOTD.
To cut down on extraneous info, they can probably be merged, retaining the sympl-core name.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/210Packages should be published in a repo2019-06-08T22:06:25ZPaul CammishPackages should be published in a repoThis will include properly signed packages, via the Mythic Beasts repo.This will include properly signed packages, via the Mythic Beasts repo.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/197Publish packages properly ;)2019-06-07T10:49:35ZPaul CammishPublish packages properly ;)The installation instructions smell a little -- getting a proper repo might be a nice touch.
You might find [Bintray](https://bintray.com/signup/oss) one way of doing it. I came across it for TV headend.The installation instructions smell a little -- getting a proper repo might be a nice touch.
You might find [Bintray](https://bintray.com/signup/oss) one way of doing it. I came across it for TV headend.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/187Symbiosis: testing sites don't get DocumentRoot set2019-04-14T21:44:45ZPaul CammishSymbiosis: testing sites don't get DocumentRoot setImported from https://www.github.com/BytemarkHosting/symbiosis/issues/43
testing sites - e.g. example.com.testing.server.group.user.uk0.bigv.io don't have DocumentRoot set. Not being set by mod_rewriteImported from https://www.github.com/BytemarkHosting/symbiosis/issues/43
testing sites - e.g. example.com.testing.server.group.user.uk0.bigv.io don't have DocumentRoot set. Not being set by mod_rewritehttps://gitlab.com/sympl.io/sympl/-/issues/185Symbiosis: symbiosis-ssl can generate SSL config for sites that have no certi...2019-04-17T20:11:54ZPaul CammishSymbiosis: symbiosis-ssl can generate SSL config for sites that have no certificateImported from https://www.github.com/BytemarkHosting/symbiosis/issues/44
symbiosis-ssl can generate SSL config for sites that have no certificate returned by Lets Encrypt. This can lead to invalid configuration, and Apache being unable ...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/44
symbiosis-ssl can generate SSL config for sites that have no certificate returned by Lets Encrypt. This can lead to invalid configuration, and Apache being unable to re-start.
This has been observed both in terms of missing certs that were never returned successfully from Lets Encrypt, or where symbiosis-ssl didn't have permission to write the certificate, but still wrote the SSL config.https://gitlab.com/sympl.io/sympl/-/issues/183Symbiosis: symbiosis-httpd-configure --diff-only option2019-04-17T20:05:54ZPaul CammishSymbiosis: symbiosis-httpd-configure --diff-only optionImported from https://www.github.com/BytemarkHosting/symbiosis/issues/48
Sometimes the configuration has been manually edited but it'd be nice to go back to the factory one, however the only way to see what would change other than check...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/48
Sometimes the configuration has been manually edited but it'd be nice to go back to the factory one, however the only way to see what would change other than checking manually, is to move the old hand-edited configuration out of the way, and then to run the symbiosis-httpd-configure (which reloads the site) and then compare the changes afterwards.
Would be nice if you could ask symbiosis-httpd-configure just to give you a diff of what would change if you asked it to take over the config for a particular site.