Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-06-10T14:29:22Zhttps://gitlab.com/sympl.io/sympl/-/issues/226common: Check new passwords against https://haveibeenpwned.com/API/v2#PwnedPa...2019-06-10T14:29:22ZPaul Cammishcommon: Check new passwords against https://haveibeenpwned.com/API/v2#PwnedPasswordsThe API at https://haveibeenpwned.com/API/v2#PwnedPasswords provides an API of compromised passwords.
This would be a good thing to check against when a user changes their password along with cracklib.The API at https://haveibeenpwned.com/API/v2#PwnedPasswords provides an API of compromised passwords.
This would be a good thing to check against when a user changes their password along with cracklib.Backloghttps://gitlab.com/sympl.io/sympl/-/issues/224Web: `sympl-web-* --manual` requires sympl-common package2019-06-28T15:08:51ZPaul CammishWeb: `sympl-web-* --manual` requires sympl-common packageThis isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Opt...This isn't a problem when building in gitlab-ci, but breaks otherwise.
Option 1: Add sympl-common as a build dependency. (quick but untidy!)
Option 2: Make them work like the others and output the man page without any dependencies.
Option 2 is the best option here, especially as the libs aren't needed elsewhere.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/222A new 'theres no site here yet' page is needed2019-06-07T10:37:50ZPaul CammishA new 'theres no site here yet' page is neededThe old one had 2012-eta Bytemark branding, but I should be able to do something better - just need a proper logo for Sympl created.The old one had 2012-eta Bytemark branding, but I should be able to do something better - just need a proper logo for Sympl created.Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/221Symbiosis: symbiosis-httpd-logger is run where it's not really needed2019-06-20T13:24:05ZPaul CammishSymbiosis: symbiosis-httpd-logger is run where it's not really neededThe HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then w...The HTTP and HTTPS templates for sites both run the symbiosis-httpd-logger process (aka sypl-web-logger) which does little other than write logs owned by the admin user.
This is useful for the zz-mass-hosting configuration, as it then writes logs to the relevant locations, but it's wasted resources when you have a lot of sites running.
If #219 happens, then the templates should just write the files directly via the normal apache method.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/218sympl-all-crontabs.c should be rewritten in something more portable2019-07-17T15:48:41ZPaul Cammishsympl-all-crontabs.c should be rewritten in something more portable```text
* A wrapper script which will do some simple permission and file-presence
* checks, then launch the sympl-crontab command for each domain which
* is present.
*
* The way this script works is pretty simple:
*
* 1. Iterate over e...```text
* A wrapper script which will do some simple permission and file-presence
* checks, then launch the sympl-crontab command for each domain which
* is present.
*
* The way this script works is pretty simple:
*
* 1. Iterate over every entry beneath /srv
* - Ignoring dotfiles.
* - Ignoring entries that do not contain /srv/$name/config/crontab
*
* 2. Once a valid entry has been found ensure that the owner of
* /srv/$name and /srv/$name/config/crontab matches.
*
* 3. Invoke our ruby wrapper as the appropriate user, via /bin/su.
```
This should really be rewritten in something more portable (to ease install on non-amd64 platforms), or simply use bash instead as there's nothing particularly fancy here.Future Planshttps://gitlab.com/sympl.io/sympl/-/issues/216The auth/helper processes don't seem to be running after a reboot2019-06-02T21:18:53ZPaul CammishThe auth/helper processes don't seem to be running after a rebootspecifically:
```
/usr/sbin/pure-authd --run /usr/sbin/symbiosis-ftpd-check-password --socket /var/run/pure-ftpd/pure-authd.sock
/usr/bin/ruby /usr/sbin/symbiosis-email-poppassd
/usr/bin/ruby /usr/sbin/symbiosis-email-dict-proxy
```specifically:
```
/usr/sbin/pure-authd --run /usr/sbin/symbiosis-ftpd-check-password --socket /var/run/pure-ftpd/pure-authd.sock
/usr/bin/ruby /usr/sbin/symbiosis-email-poppassd
/usr/bin/ruby /usr/sbin/symbiosis-email-dict-proxy
```Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/215Command line scripts need to be renamed, references to symbiosis in filesyste...2019-06-06T11:01:27ZPaul CammishCommand line scripts need to be renamed, references to symbiosis in filesystem removedWIP in https://gitlab.mythic-beasts.com/sympl/sympl_stretch/merge_requests/19
Any existing command line scripts should have symlinks/helpers created to them from the old names for compatibility.
Ruby Libraries can stay where they are f...WIP in https://gitlab.mythic-beasts.com/sympl/sympl_stretch/merge_requests/19
Any existing command line scripts should have symlinks/helpers created to them from the old names for compatibility.
Ruby Libraries can stay where they are for now (this can be tackled later), but things like /etc/symbiosis and dpkg copies need to be moved/renamed (and symlinks created).
* [x] package:core
* [x] package:backup
* [x] package:common
* [x] package:cron
* [x] package:dns
* [x] package:email
* [x] package:firewall
* [x] package:ftpd
* [x] package:httpd
* [x] package:monit
* [x] package:mysql
* [x] package:phpmyadmin
* [x] package:updater
* [x] package:webmail
----
* [x] update all version numbers
* [x] double-check all copyright filesRebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/214Packages needed to be renamed2019-05-31T17:05:57ZPaul CammishPackages needed to be renamedbytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*bytemark-symbiosis, symbiosis-* packages needed to be renamed to match the new sympl naming.
bytemark-symbiosis -> sympl-core
symbiosis-* -> sympl-*Rebranding Symbiosis to SymplPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/213XMPP support is to be retired.2019-06-07T14:25:53ZPaul CammishXMPP support is to be retired.1. It requires backports in Stretch
2. There little to no evidence if it being used1. It requires backports in Stretch
2. There little to no evidence if it being usedSympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/212Finish SNI for Support Exim and Dovecot2019-06-20T13:23:25ZPaul CammishFinish SNI for Support Exim and DovecotIt's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/...It's possible to do this in Symbiosis with some changes, and a legacy branch included the change for Exim, however, the dovecot change will need a little more work.
https://docs.bytemark.co.uk/article/enabling-sni-for-exim-on-symbiosis/
https://docs.bytemark.co.uk/article/enabling-sni-for-dovecot-on-symbiosis/Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/208There are no build tests for XMPP2019-06-07T10:57:26ZPaul CammishThere are no build tests for XMPPThere aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted runnin...There aren't currently any tests to ensure XMPP is functional.
However, it's unclear if anyone uses this functionality in Symbiosis at present, as it mostly looks like other chat systems (Slack and its companions) have supplanted running your own instance, especially as there's no web front end so you would need to run a local client.Future PlansPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/207There are no build tests for webmail2019-05-28T11:23:23ZPaul CammishThere are no build tests for webmailThere aren't currently any tests to ensure webmail (ie: roundcube) is functional.
This is less of an issue at the moment as IMAP is tested, so this can be put off for now.
We should however create a test to ensure webmail can be logged...There aren't currently any tests to ensure webmail (ie: roundcube) is functional.
This is less of an issue at the moment as IMAP is tested, so this can be put off for now.
We should however create a test to ensure webmail can be logged into (via cURLing the local site, etc.Future Planshttps://gitlab.com/sympl.io/sympl/-/issues/206symbiosis-test skips phpmyadmin tests2019-05-28T11:58:10ZPaul Cammishsymbiosis-test skips phpmyadmin testsIt looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth tes...It looks like due to the changes to MariaDB, the tests which expect to log in to phpmyadmin as root/debian-sys-maint are failing.
```
Skipping phpmyadmin debian-sys-maint auth test - password not found.
Skipping phpmyadmin root auth test - password not found.
```
This should be fairly simple to fix to use the generated 'admin' username/password, and ensure the passwordless logins fail.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/205"Quota exceeded (mailbox for user is full)"2019-05-28T11:58:11ZPaul Cammish"Quota exceeded (mailbox for user is full)"Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Symbiosis-test outputs `Quota exceeded (mailbox for user is full)` twice while running. This may be a bug, or it may be operating normally. Either way it should be fixed or supressed.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/204"Not running MySQL backup tests, since not all the requirements are in place."2019-05-28T11:58:08ZPaul Cammish"Not running MySQL backup tests, since not all the requirements are in place."It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can proba...It looks like the relevant ruby libraries are missing for symbiosis-test from the repo/install (and would have been on the build box), but an attempt to track the relevant version down didn't come up with a perfect match.
This can probably just be rewritten in bash, as it's some simple SQL queries.Testing SuitePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/203`symbiosis-test` fails the first antivirus test, but only on first run2019-06-07T10:53:05ZPaul Cammish`symbiosis-test` fails the first antivirus test, but only on first runIt's unclear why this is the case - it doesn't appear to be related to timing, or load or anything similar, but in the first ever run on a machine, the first antivirus test fails as the test mail is apparently let through.
```
=========...It's unclear why this is the case - it doesn't appear to be related to timing, or load or anything similar, but in the first ever run on a machine, the first antivirus test fails as the test mail is apparently let through.
```
===============================================================================
Failure: test_acl_check_antivirus(Exim4ConfigTest)
/etc/symbiosis/test.d/tc_exim4.rb:280:in `block in do_acl_script'
/etc/symbiosis/test.d/tc_exim4.rb:263:in `open'
/etc/symbiosis/test.d/tc_exim4.rb:263:in `do_acl_script'
/etc/symbiosis/test.d/tc_exim4.rb:410:in `test_acl_check_antivirus'
407:
408: FileUtils.touch(File.join(config_dir, "antivirus"))
409: # OK the file is there now, so reject (as per default)
=> 410: do_acl_script('exim4_acl_tests/antivirus_reject')
411:
412: # OK, now the file contains "tag" so accept, and tag
413: File.open(File.join(config_dir, "antivirus"),"w+"){|fh| fh.puts("tag my mail")}
ACL test failed after line 21 of exim4_acl_tests/antivirus_reject (OK id=1hTyWz-0000UI-BT)
<550> expected but was
<250>
diff:
? 550
? 2
===============================================================================
```
On every subsequent run it's fine, and there's no sign of a change caused by the first run.
As a workaround, it's now running twice, and discarding the first run silently.
Commit https://gitlab.mythic-beasts.com/sympl/sympl_stretch/commit/46a6e141f63e2c2ed025e530c7577ee2d97f07e5
Job [#2785](https://gitlab.mythic-beasts.com/sympl/sympl_stretch/-/jobs/2785) failed for 9480193f15793d90448b10ee278404beba37c304Future Planshttps://gitlab.com/sympl.io/sympl/-/issues/202Apache should support the PROXY protocol2021-05-14T14:44:13ZPaul CammishApache should support the PROXY protocolTo support reverse proxies passing through the originating source IP (for things like diagnostic logging, anti abuse and so on) Sympl should ideally support the PROXY protocol.
See https://www.haproxy.org/download/1.8/doc/proxy-protocol...To support reverse proxies passing through the originating source IP (for things like diagnostic logging, anti abuse and so on) Sympl should ideally support the PROXY protocol.
See https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt and mod_remoteip.
This may have to be a per-IP configuration looking at the Apache docs, or an overall system configuration. It would be nice however if it could be transparently configured.Future Planshttps://gitlab.com/sympl.io/sympl/-/issues/227Sympl parser2019-07-05T12:19:35ZPaul CammishSympl parserA basic version of the Sympl parser should be created, covering the most common things:
Creating domains, sites, mailboxes, ftp accounts, etc.
This can then be used in the new documentation, and expanded on further.A basic version of the Sympl parser should be created, covering the most common things:
Creating domains, sites, mailboxes, ftp accounts, etc.
This can then be used in the new documentation, and expanded on further.BacklogPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/229sympl-webmail: Roundcube configuration is broken2019-06-13T18:38:57ZPaul Cammishsympl-webmail: Roundcube configuration is brokenIt's unclear why, but it may be due to the defaults being misapplied on install, but it reports a problem connecting to the database.
This will need tests created also, as they are missing at present.It's unclear why, but it may be due to the defaults being misapplied on install, but it reports a problem connecting to the database.
This will need tests created also, as they are missing at present.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/217sympl-backup: Pre/post backup scripts need updating2019-06-13T23:36:45ZPaul Cammishsympl-backup: Pre/post backup scripts need updatingThey do 3 things:
1. Sync a copy of any existing backups from the backup space.
2. Dump MySQL and Postgres(!?) databases, although not particularly well.
3. Sync the result of the backups to the backup space once complete.
This uses the...They do 3 things:
1. Sync a copy of any existing backups from the backup space.
2. Dump MySQL and Postgres(!?) databases, although not particularly well.
3. Sync the result of the backups to the backup space once complete.
This uses the old deprecated Bytemark backup space, determining the destination server via the hostname of the local server, although this can be configured.
It's probably worth replacing the backup sync functionality with a couple of popular options and replacing the SQL dump script with something more modern which doesn't lock tables when dumping.Sympl v9.0 (for Debian Stretch)Paul CammishPaul Cammish