Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cron email notifications not working in VyOS #183

Closed
desultory opened this issue Nov 30, 2022 · 21 comments
Closed

Cron email notifications not working in VyOS #183

desultory opened this issue Nov 30, 2022 · 21 comments
Assignees
@stripthis @cedricalfonsi
Labels
bug

Comments

@desultory
Copy link

Crosspost from forums: https://community.passbolt.com/t/server-unable-to-send-emails-other-than-the-test-email/6126

I have the latest version of passbolt-ce running in docker. I’m able to send test emails, but no other emails seem to be going through. I’m not seeing any activity in the docker logs when the registration emails are requested, and nothing is being dropped in my firewall. I’m really not sure why it can send the test emails to any address, but it’s unable to send any of the other emails. It displays the page saying the emails were sent, and they aren’t going to spam.


     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.33.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.local
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 [HELP] fopen(): Peer certificate CN=`www.passbolt.local' did not match expected CN=`passbolt.local'
fopen(): Failed to enable crypto
fopen(https://passbolt.local/healthcheck/status.json): failed to open stream: operation failed

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [FAIL] Could not connect to passbolt repository to check versions It is not possible check if your version is up to date.
 [HELP] Check the network configuration to allow this script to check for updates.
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.

 [FAIL] 3 error(s) found. Hang in there!

Running tcpdump and looking for activity to that mail server, I can see activity instantly when I send a test email, but never see anything for the other emails.

I’m using VyOS for the container environment, is there a chance it’s not interfacing with cron correctly?
I’m seeing this in dmesg:

/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928196.739920] audit: type=1326 audit(1669745282.000:4457): auid=1003 uid=0 gid=0 ses=2046 pid=1102261 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928196.741192] audit: type=1326 audit(1669745282.001:4458): auid=1003 uid=0 gid=0 ses=2046 pid=1102261 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928196.741206] audit: type=1326 audit(1669745282.001:4459): auid=1003 uid=0 gid=0 ses=2046 pid=1102262 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928196.741212] audit: type=1326 audit(1669745282.001:4460): auid=1003 uid=0 gid=0 ses=2046 pid=1102261 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928196.741218] audit: type=1326 audit(1669745282.001:4461): auid=1003 uid=0 gid=0 ses=2046 pid=1102262 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928231.326076] device eth0 entered promiscuous mode
[4928255.743698] audit: type=1326 audit(1669745341.006:4463): auid=1003 uid=0 gid=0 ses=2046 pid=1102288 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.743712] audit: type=1326 audit(1669745341.006:4462): auid=1003 uid=0 gid=0 ses=2046 pid=1102287 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.743720] audit: type=1326 audit(1669745341.006:4464): auid=1003 uid=0 gid=0 ses=2046 pid=1102289 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.743726] audit: type=1326 audit(1669745341.006:4465): auid=1003 uid=0 gid=0 ses=2046 pid=1102288 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.743732] audit: type=1326 audit(1669745341.006:4466): auid=1003 uid=0 gid=0 ses=2046 pid=1102287 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.743739] audit: type=1326 audit(1669745341.006:4467): auid=1003 uid=0 gid=0 ses=2046 pid=1102289 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.744983] audit: type=1326 audit(1669745341.007:4468): auid=1003 uid=0 gid=0 ses=2046 pid=1102287 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.744997] audit: type=1326 audit(1669745341.007:4469): auid=1003 uid=0 gid=0 ses=2046 pid=1102288 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.745004] audit: type=1326 audit(1669745341.007:4470): auid=1003 uid=0 gid=0 ses=2046 pid=1102289 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928255.745010] audit: type=1326 audit(1669745341.007:4471): auid=1003 uid=0 gid=0 ses=2046 pid=1102289 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.747401] kauditd_printk_skb: 2 callbacks suppressed
[4928315.747408] audit: type=1326 audit(1669745401.011:4474): auid=1003 uid=0 gid=0 ses=2046 pid=1102326 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.747418] audit: type=1326 audit(1669745401.011:4475): auid=1003 uid=0 gid=0 ses=2046 pid=1102325 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.747426] audit: type=1326 audit(1669745401.011:4476): auid=1003 uid=0 gid=0 ses=2046 pid=1102326 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.747432] audit: type=1326 audit(1669745401.011:4477): auid=1003 uid=0 gid=0 ses=2046 pid=1102325 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.748714] audit: type=1326 audit(1669745401.013:4478): auid=1003 uid=0 gid=0 ses=2046 pid=1102326 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.748728] audit: type=1326 audit(1669745401.013:4479): auid=1003 uid=0 gid=0 ses=2046 pid=1102325 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.748735] audit: type=1326 audit(1669745401.013:4480): auid=1003 uid=0 gid=0 ses=2046 pid=1102325 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928315.748741] audit: type=1326 audit(1669745401.013:4481): auid=1003 uid=0 gid=0 ses=2046 pid=1102326 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.751242] audit: type=1326 audit(1669745461.017:4483): auid=1003 uid=0 gid=0 ses=2046 pid=1102327 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.751256] audit: type=1326 audit(1669745461.017:4482): auid=1003 uid=0 gid=0 ses=2046 pid=1102328 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.751264] audit: type=1326 audit(1669745461.017:4484): auid=1003 uid=0 gid=0 ses=2046 pid=1102328 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.751270] audit: type=1326 audit(1669745461.017:4485): auid=1003 uid=0 gid=0 ses=2046 pid=1102327 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.752497] audit: type=1326 audit(1669745461.018:4486): auid=1003 uid=0 gid=0 ses=2046 pid=1102328 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.752511] audit: type=1326 audit(1669745461.018:4487): auid=1003 uid=0 gid=0 ses=2046 pid=1102327 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.752518] audit: type=1326 audit(1669745461.018:4488): auid=1003 uid=0 gid=0 ses=2046 pid=1102328 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928375.752524] audit: type=1326 audit(1669745461.018:4489): auid=1003 uid=0 gid=0 ses=2046 pid=1102327 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.754611] audit: type=1326 audit(1669745521.022:4491): auid=1003 uid=0 gid=0 ses=2046 pid=1102329 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.754625] audit: type=1326 audit(1669745521.022:4490): auid=1003 uid=0 gid=0 ses=2046 pid=1102330 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.754632] audit: type=1326 audit(1669745521.022:4492): auid=1003 uid=0 gid=0 ses=2046 pid=1102330 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.754639] audit: type=1326 audit(1669745521.022:4493): auid=1003 uid=0 gid=0 ses=2046 pid=1102329 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.755829] audit: type=1326 audit(1669745521.023:4494): auid=1003 uid=0 gid=0 ses=2046 pid=1102330 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.755844] audit: type=1326 audit(1669745521.023:4495): auid=1003 uid=0 gid=0 ses=2046 pid=1102329 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.755851] audit: type=1326 audit(1669745521.023:4496): auid=1003 uid=0 gid=0 ses=2046 pid=1102329 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000
[4928435.755857] audit: type=1326 audit(1669745521.023:4497): auid=1003 uid=0 gid=0 ses=2046 pid=1102330 comm="cron" exe="/usr/sbin/cron" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faef34db0b7 code=0x50000

I’m not too familiar with this container environment, but it seems cron is running:

root@d37b33edd86e:/usr/share/php/passbolt# supervisorctl
cron                             RUNNING   pid 132, uptime 1:09:53
nginx                            RUNNING   pid 131, uptime 1:09:53
php-fpm                          RUNNING   pid 130, uptime 1:09:53
supervisor> help

default commands (type help <topic>):
=====================================
add    exit      open  reload  restart   start   tail
avail  fg        pid   remove  shutdown  status  update
clear  maintail  quit  reread  signal    stop    version

supervisor> status cron
cron                             RUNNING   pid 132, uptime 1:10:02
supervisor> fg cron
==> Press Ctrl-C to exit <==
Exiting foreground
supervisor>
@stripthis stripthis added the bug label Nov 30, 2022
@stripthis
Copy link
Member

https://community.passbolt.com/t/issue-with-gnupg-decryption-in-cron-job-emails-not-sent/6130/2

@desultory
Copy link
Author

https://community.passbolt.com/t/issue-with-gnupg-decryption-in-cron-job-emails-not-sent/6130/2

Do you need any help reproducing this, or any more information about my environment?

@stripthis
Copy link
Member

stripthis commented Nov 30, 2022
edited

If you can, please try to:

  1. Get the output of the cron job logs and give them here (to confirm it's the decryption of the configuration stored in DB that fails and not something else)
  2. If it's a decryption issue: Create a new cron job that runs as www-data (or nginx depending on your setup), e.g. same than the current cron job, and do a gpg --list-keys --no-tty to see if the server key is available for the cron.

@desultory
Copy link
Author

This is the closest thing I'm able to get to a cron log with my docker install, I don't see any dedicated cron logs:

2022-11-29 17:24:09,198 WARN received SIGTERM indicating exit request
2022-11-29 17:24:09,198 INFO waiting for php-fpm, nginx, cron to die
2022-11-29 17:24:09,199 INFO stopped: cron (terminated by SIGTERM)
2022-11-29 17:24:09,208 INFO stopped: nginx (exit status 0)
2022-11-29 17:24:09,221 INFO stopped: php-fpm (exit status 0)
2022-11-29 17:24:19,475 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2022-11-29 17:24:19,475 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2022-11-29 17:24:19,476 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2022-11-29 17:24:19,476 INFO Included extra file "/etc/supervisor/conf.d/php.conf" during parsing
2022-11-29 17:24:19,479 INFO RPC interface 'supervisor' initialized
2022-11-29 17:24:19,479 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2022-11-29 17:24:19,479 INFO supervisord started with pid 1
2022-11-29 17:24:20,482 INFO spawned: 'php-fpm' with pid 130
2022-11-29 17:24:20,483 INFO spawned: 'nginx' with pid 131
2022-11-29 17:24:20,485 INFO spawned: 'cron' with pid 132
2022-11-29 17:24:21,526 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:24:21,527 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:24:21,527 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:24:59,138 INFO reaped unknown pid 178 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 180 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 182 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 184 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 186 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 188 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 190 (exit status 0)
2022-11-29 17:24:59,139 INFO reaped unknown pid 193 (exit status 2)
2022-11-29 17:25:37,860 INFO reaped unknown pid 197 (exit status 0)
2022-11-29 17:25:37,860 INFO reaped unknown pid 199 (exit status 0)
2022-11-29 17:25:37,860 INFO reaped unknown pid 201 (exit status 0)
2022-11-29 17:25:37,860 INFO reaped unknown pid 203 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 205 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 207 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 209 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 212 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 214 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 216 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 218 (exit status 0)
2022-11-29 17:25:37,861 INFO reaped unknown pid 220 (exit status 0)
2022-11-29 17:25:37,862 INFO reaped unknown pid 222 (exit status 0)
2022-11-29 17:25:37,862 INFO reaped unknown pid 225 (exit status 0)
2022-11-29 17:25:40,865 INFO reaped unknown pid 228 (exit status 0)
2022-11-29 17:25:40,866 INFO reaped unknown pid 230 (exit status 0)
2022-11-29 17:25:40,866 INFO reaped unknown pid 233 (exit status 0)
2022-11-29 17:28:33,145 WARN received SIGTERM indicating exit request
2022-11-29 17:28:33,145 INFO waiting for php-fpm, nginx, cron to die
2022-11-29 17:28:33,146 INFO stopped: cron (terminated by SIGTERM)
2022-11-29 17:28:33,156 INFO stopped: nginx (exit status 0)
2022-11-29 17:28:33,165 INFO stopped: php-fpm (exit status 0)
2022-11-29 17:28:41,761 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2022-11-29 17:28:41,761 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2022-11-29 17:28:41,761 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2022-11-29 17:28:41,762 INFO Included extra file "/etc/supervisor/conf.d/php.conf" during parsing
2022-11-29 17:28:41,765 INFO RPC interface 'supervisor' initialized
2022-11-29 17:28:41,765 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2022-11-29 17:28:41,765 INFO supervisord started with pid 1
2022-11-29 17:28:42,768 INFO spawned: 'php-fpm' with pid 130
2022-11-29 17:28:42,770 INFO spawned: 'nginx' with pid 131
2022-11-29 17:28:42,772 INFO spawned: 'cron' with pid 132
2022-11-29 17:28:43,813 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:28:43,813 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:28:43,813 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-29 17:31:15,067 INFO reaped unknown pid 184 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 186 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 188 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 190 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 192 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 194 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 196 (exit status 0)
2022-11-29 17:31:15,067 INFO reaped unknown pid 199 (exit status 0)
2022-11-29 17:31:21,769 INFO reaped unknown pid 202 (exit status 0)
2022-11-29 17:31:21,769 INFO reaped unknown pid 204 (exit status 0)
2022-11-29 17:31:21,769 INFO reaped unknown pid 206 (exit status 0)
2022-11-29 17:31:21,769 INFO reaped unknown pid 208 (exit status 0)
2022-11-29 17:31:21,770 INFO reaped unknown pid 210 (exit status 0)
2022-11-29 17:31:21,770 INFO reaped unknown pid 212 (exit status 0)
2022-11-29 17:31:21,770 INFO reaped unknown pid 214 (exit status 0)
2022-11-29 17:31:21,770 INFO reaped unknown pid 217 (exit status 0)
2022-11-29 17:33:40,978 INFO reaped unknown pid 224 (exit status 0)
2022-11-29 17:33:40,979 INFO reaped unknown pid 226 (exit status 0)
2022-11-29 17:33:40,979 INFO reaped unknown pid 229 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 234 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 236 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 239 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 241 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 243 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 245 (exit status 0)
2022-11-29 17:34:18,971 INFO reaped unknown pid 247 (exit status 0)
2022-11-29 17:34:18,972 INFO reaped unknown pid 249 (exit status 0)
2022-11-29 17:34:18,972 INFO reaped unknown pid 252 (exit status 0)
2022-11-29 17:34:20,974 INFO reaped unknown pid 255 (exit status 0)
2022-11-29 17:34:20,974 INFO reaped unknown pid 257 (exit status 0)
2022-11-29 17:34:20,975 INFO reaped unknown pid 260 (exit status 0)
2022-11-29 17:35:35,985 INFO reaped unknown pid 265 (exit status 0)
2022-11-29 17:35:35,985 INFO reaped unknown pid 267 (exit status 0)
2022-11-29 17:35:35,985 INFO reaped unknown pid 270 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 272 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 274 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 276 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 278 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 280 (exit status 0)
2022-11-29 17:35:35,986 INFO reaped unknown pid 283 (exit status 0)
2022-11-29 17:35:37,988 INFO reaped unknown pid 286 (exit status 0)
2022-11-29 17:35:37,989 INFO reaped unknown pid 288 (exit status 0)
2022-11-29 17:35:37,989 INFO reaped unknown pid 291 (exit status 0)
2022-11-29 17:35:59,950 INFO reaped unknown pid 294 (exit status 0)
2022-11-29 17:35:59,951 INFO reaped unknown pid 296 (exit status 0)
2022-11-29 17:36:00,082 INFO reaped unknown pid 299 (exit status 0)
2022-11-29 17:36:00,096 INFO reaped unknown pid 301 (exit status 0)
2022-11-29 17:36:04,578 INFO reaped unknown pid 306 (exit status 0)
2022-11-29 17:36:04,578 INFO reaped unknown pid 308 (exit status 0)
2022-11-29 17:36:55,292 INFO reaped unknown pid 325 (exit status 0)
2022-11-29 17:36:55,292 INFO reaped unknown pid 327 (exit status 0)
2022-11-29 17:36:56,399 INFO reaped unknown pid 330 (exit status 0)
2022-11-29 17:36:56,399 INFO reaped unknown pid 332 (exit status 0)
2022-11-29 17:36:56,399 INFO reaped unknown pid 334 (exit status 0)
2022-11-29 17:36:56,399 INFO reaped unknown pid 336 (exit status 0)
2022-11-29 17:36:56,399 INFO reaped unknown pid 338 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 340 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 342 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 344 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 347 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 350 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 352 (exit status 0)
2022-11-29 17:36:56,400 INFO reaped unknown pid 354 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 356 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 358 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 360 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 362 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 364 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 366 (exit status 0)
2022-11-29 17:36:56,401 INFO reaped unknown pid 369 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 372 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 374 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 376 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 378 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 380 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 382 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 385 (exit status 0)
2022-11-29 17:36:56,402 INFO reaped unknown pid 388 (exit status 0)
2022-11-29 17:36:56,403 INFO reaped unknown pid 390 (exit status 0)
2022-11-29 17:36:56,403 INFO reaped unknown pid 392 (exit status 0)
2022-11-29 17:36:56,403 INFO reaped unknown pid 394 (exit status 0)
2022-11-29 17:36:56,403 INFO reaped unknown pid 396 (exit status 0)
2022-11-29 17:36:56,403 INFO reaped unknown pid 399 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 402 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 404 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 407 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 410 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 412 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 415 (exit status 0)
2022-11-29 17:36:56,404 INFO reaped unknown pid 418 (exit status 0)
2022-11-29 17:37:26,309 INFO reaped unknown pid 422 (exit status 0)
2022-11-29 17:37:26,309 INFO reaped unknown pid 424 (exit status 0)
2022-11-29 17:37:26,309 INFO reaped unknown pid 427 (exit status 0)
2022-11-29 17:45:42,186 INFO reaped unknown pid 447 (exit status 0)
2022-11-29 17:45:42,187 INFO reaped unknown pid 449 (exit status 0)
2022-11-29 17:45:42,298 INFO reaped unknown pid 452 (exit status 0)
2022-11-29 17:45:42,298 INFO reaped unknown pid 454 (exit status 0)
2022-11-29 17:45:48,126 INFO reaped unknown pid 457 (exit status 0)
2022-11-29 17:45:48,127 INFO reaped unknown pid 459 (exit status 0)
2022-11-29 18:02:19,183 INFO reaped unknown pid 496 (exit status 0)
2022-11-29 18:02:19,183 INFO reaped unknown pid 498 (exit status 0)
2022-11-29 18:02:19,246 INFO reaped unknown pid 501 (exit status 0)
2022-11-29 18:02:19,246 INFO reaped unknown pid 503 (exit status 0)
2022-11-29 18:02:21,985 INFO reaped unknown pid 506 (exit status 0)
2022-11-29 18:02:21,986 INFO reaped unknown pid 508 (exit status 0)
2022-11-29 18:02:37,155 INFO reaped unknown pid 511 (exit status 0)
2022-11-29 18:02:37,155 INFO reaped unknown pid 513 (exit status 0)
2022-11-29 18:08:42,221 INFO reaped unknown pid 528 (exit status 0)
2022-11-29 18:08:42,222 INFO reaped unknown pid 530 (exit status 0)
2022-11-29 18:08:42,320 INFO reaped unknown pid 533 (exit status 0)
2022-11-29 18:08:42,320 INFO reaped unknown pid 535 (exit status 0)
2022-11-29 18:08:49,296 INFO reaped unknown pid 538 (exit status 0)
2022-11-29 18:08:49,296 INFO reaped unknown pid 540 (exit status 0)
2022-11-29 18:09:21,778 INFO reaped unknown pid 546 (exit status 0)
2022-11-29 18:09:21,778 INFO reaped unknown pid 548 (exit status 0)
2022-11-29 18:09:22,080 INFO reaped unknown pid 551 (exit status 0)
2022-11-29 18:09:22,080 INFO reaped unknown pid 553 (exit status 0)
2022-11-29 18:09:29,104 INFO reaped unknown pid 556 (exit status 0)
2022-11-29 18:09:29,104 INFO reaped unknown pid 558 (exit status 0)
2022-11-29 18:09:35,978 INFO reaped unknown pid 561 (exit status 0)
2022-11-29 18:09:35,979 INFO reaped unknown pid 563 (exit status 0)
2022-11-29 18:09:35,979 INFO reaped unknown pid 566 (exit status 0)
2022-11-29 18:09:47,993 INFO reaped unknown pid 569 (exit status 0)
2022-11-29 18:09:47,994 INFO reaped unknown pid 571 (exit status 0)
2022-11-29 18:09:47,994 INFO reaped unknown pid 574 (exit status 0)
2022-11-29 18:40:42,017 INFO reaped unknown pid 650 (exit status 0)
2022-11-29 18:40:42,018 INFO reaped unknown pid 652 (exit status 0)
2022-11-29 18:40:42,139 INFO reaped unknown pid 655 (exit status 0)
2022-11-29 18:40:42,154 INFO reaped unknown pid 657 (exit status 0)
2022-11-29 18:40:46,015 INFO reaped unknown pid 660 (exit status 0)
2022-11-29 18:40:46,015 INFO reaped unknown pid 662 (exit status 0)
2022-11-30 12:21:10,859 INFO reaped unknown pid 2841 (exit status 0)
2022-11-30 12:21:10,859 INFO reaped unknown pid 2843 (exit status 0)
2022-11-30 12:21:11,000 INFO reaped unknown pid 2846 (exit status 0)
2022-11-30 12:21:11,000 INFO reaped unknown pid 2848 (exit status 0)
2022-11-30 12:21:14,727 INFO reaped unknown pid 2851 (exit status 0)
2022-11-30 12:21:14,728 INFO reaped unknown pid 2853 (exit status 0)

I may need to change some config

@desultory
Copy link
Author

desultory commented Nov 30, 2022
edited

This is the supervisor configuration for cron, I'm not entirely sure how the supervisor system works, but this suggests it's dropping cron logs?

root@d37b33edd86e:/etc/supervisor/conf.d# cat cron.conf
[program:cron]
command=/bin/bash -c "declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /etc/environment; cron -f -l"
autostart=true
priority=20
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

Unless maxbytes=0 means infinite, but I'm not seeing much output in the supervisor logs for this, and I believe the supervisor logs match what podman displays when I show the container logs.

I do see nginx logs, and that is also set to maxbytes=0, so I feel cron is logging nothing here? it says it is running, supervisor shows it and I'm able to see it in top.

I'm not very familiar with this container environment, is there an editor I can use to create a cron file to test? I se this passbolt-ce-server script is set to run every minute, I'm thinking of making one that touches a file or spits something to the logs so I can be sure it's even running

@desultory
Copy link
Author

desultory commented Nov 30, 2022
edited

gpg --list-keys --no-tty

gpg: WARNING: unsafe ownership on homedir '/var/lib/passbolt/.gnupg'
/var/lib/passbolt/.gnupg/pubring.kbx
------------------------------------
pub   ed25519 2022-11-29 [SC]
      CC8FF36D80BA4842C294A47E862A013311EF5ECE
uid           [ unknown] passbolt (passbolt service gpg key) <passbolt@my.domain>
sub   cv25519 2022-11-29 [E]

@stripthis
Copy link
Member

Can you confirm you're running this as www-data/nginx inside the cronjob?
What are the rights on the /var/lib/passbolt/.gnupg directory?

@desultory
Copy link
Author

I'm not able to create or meaningfully modify the cron jobs because I don't know of an editor that exists in this container, I guess I could make one using echo or something, but I'd prefer to do this more cleanly if that is an option.

root@d37b33edd86e:/etc/cron.d# cd /var/lib/passbolt/
root@d37b33edd86e:/var/lib/passbolt# ls -la
total 16
drwxr-xr-x  4 www-data www-data 4096 Nov 18 07:15 .
drwxr-xr-x 12 root     root     4096 Nov 18 07:15 ..
drwx------  3 www-data www-data 4096 Nov 30 14:03 .gnupg
drwxr-xr-x  4 www-data www-data 4096 Nov 29 17:08 tmp
root@d37b33edd86e:/var/lib/passbolt#

@desultory
Copy link
Author

root@d37b33edd86e:/var/lib/passbolt# su -s /bin/bash -c 'gpg --list-keys --no-tty' www-data

/var/lib/passbolt/.gnupg/pubring.kbx
------------------------------------
pub   ed25519 2022-11-29 [SC]
      CC8FF36D80BA4842C294A47E862A013311EF5ECE
uid           [ unknown] passbolt (passbolt service gpg key) <passbolt@my.domain>
sub   cv25519 2022-11-29 [E]

@cedricalfonsi
Copy link
Member

Could you also provide the permission for the files inside the .gnupg folder. If one file does not have the right permissions inside this folder, it could also be the problem.
ls -al /var/lib/passbolt/.gnupg

@desultory
Copy link
Author

root@d37b33edd86e:/var/lib/passbolt/.gnupg# ls -la

total 28
drwx------ 3 www-data www-data 4096 Nov 30 14:37 .
drwxr-xr-x 4 www-data www-data 4096 Nov 18 07:15 ..
srwx------ 1 www-data www-data    0 Nov 29 17:28 S.gpg-agent
srwx------ 1 www-data www-data    0 Nov 29 17:28 S.gpg-agent.browser
srwx------ 1 www-data www-data    0 Nov 29 17:28 S.gpg-agent.extra
srwx------ 1 www-data www-data    0 Nov 29 17:28 S.gpg-agent.ssh
drwx------ 2 www-data www-data 4096 Nov 29 17:00 private-keys-v1.d
-rw-r--r-- 1 www-data www-data 2599 Nov 29 17:09 pubring.kbx
-rw-r--r-- 1 www-data www-data  668 Nov 29 17:00 pubring.kbx~
-rw------- 1 www-data www-data  600 Nov 29 17:36 random_seed
-rw------- 1 www-data www-data 1200 Nov 29 17:00 trustdb.gpg

@desultory
Copy link
Author

I don't think this is related, and I still can't get cron to log anything, I would like to be able to just edit files in this environment without making new mounts or doing anything like that, do you know if any simple editor is included in this docker image?

@cedricalfonsi
Copy link
Member

This image does not ship with an editor. But you can install one temporarily using apt.
apt update; apt install -y vim

Note that a fix is on its way to be shipped very soon, it will also include additional debug to help us understand issues relative to gpg.

@desultory
Copy link
Author

I have most internet traffic blocked to this container, it's mostly being used internally so I can't easily download packages. Should I be able to pull that image to my container environment soon? I may just wait to do that, I'm not in a particular rush to change lots of things if a fix is coming

@stripthis
Copy link
Member

stripthis commented Nov 30, 2022
edited

We have had call with a user, it was not related to SMTP settings, and the cron was not working. It was solved by commenting the module pam_loginuid.so inside /etc/pam.d/cron. We’re not sure about the conditions that led them to this scenario, we’ll investigate further. Can you check on your side?

@desultory
Copy link
Author

I'll check this now

@desultory
Copy link
Author

I've updated the file to contain the following:

root@d37b33edd86e:/etc/pam.d# cat cron
# The PAM configuration file for the cron daemon

@include common-auth

# Read environment variables from pam_env's default files, /etc/environment
# and /etc/security/pam_env.conf.
session       required   pam_env.so

# In addition, read system locale information
session       required   pam_env.so envfile=/etc/default/locale

@include common-account
@include common-session-noninteractive

# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session    required   pam_limits.so

@desultory
Copy link
Author

I think that worked!

@desultory
Copy link
Author

I'd really like to know why this issue occurred, I'm not that familiar with PAM and have only messed around with it much. I'm assuming this modification is going to be applied to future images?

@stripthis
Copy link
Member

We also do not know. We're trying to get to the bottom of this, we never had to touch pam before.

@dlen
Copy link
Member

dlen commented Dec 12, 2022

Closing feel free to reopen if needed

@dlen dlen closed this as completed Dec 12, 2022
@sschols sschols mentioned this issue Nov 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stripthis stripthis

@cedricalfonsi cedricalfonsi

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stripthis @dlen @cedricalfonsi @desultory