search

VojtechMyslivec / letsencrypt-zimbra

Files to automate the deployment process of Let's Encrypt certificates to Zimbra Collaboration Suite
GNU General Public License v3.0
171 stars 92 forks source link

Strange restart problem on Zimbra 8.8.5/Ubuntu16 #40

Closed mvhconsult closed 6 years ago

mvhconsult commented 6 years ago

Hey,

I installed a fresh Zimbra 8.8.5 and this letsencrypt set. Using the git versions. Zimbra is working, and restart works fine. Certificate is created, but the restart of zimbra does not work/finalise. Strangely enough, doing a manual zmcontrol restart right after the letsencrypt request, the restart is executed fine.

The error I am able to find is in zmwatch.out:

Can't locate Swatchdog/Actions.pm in @INC (you may need to install the Swatchdog::Actions module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /opt/zimbra/data/tmp/.swatchdog_script.16404 line 29. BEGIN failed--compilation aborted at /opt/zimbra/data/tmp/.swatchdog_script.16404 line 29.

The first per module reported 'missing' (in another error message was Date::Parse which I could solve with installing it:

root@mailer3:~# cpan install Date::Parse Loading internal null logger. Install Log::Log4perl for logging messages Reading '/root/.cpan/Metadata'

...

online-stuff commented 6 years ago

I am seeing the same..

Brand new install of CentOS 6.9 minimal with Zimbra 8.8.5.

I modified the /etc/cron.d/letsencrypt-zimbra file a little bit, hoping to work around the issue.. Also don't need this running every day taking down the server.

Hopefully this will help.

Sanitized SSH-Session.txt

con-d-letsencrypt-zimbra.txt

VojtechMyslivec commented 6 years ago

Thanks @online-stuff for the workaroud but it won't be probably acceptable solution for many, so I don't want to include it as recommended one at this time.

VojtechMyslivec commented 6 years ago

@mvhconsult do you run zmcontrol restart manually as root or zimbra user afterwards?

8ryder commented 6 years ago

Had the same problem.

[root@zimbraserver letsencrypt-zimbra-perm-fix]# uname -a Linux zimbraserver.local 2.6.32-504.8.1.el6.x86_64 #1 SMP Wed Jan 28 21:11:36 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Zimbra 8.7.11 freshly installed.

Manual stop and start as zimbra user worked.

Maybe the problem is in restart? Because of some services not running it can't restart?

obtain-and-deploy-letsencrypt-cert.sh: error: Restarting zimbra failed.
[root@zimbraserver letsencrypt-zimbra-perm-fix]# su - zimbra
[zimbra@zimbraserver ~]$ zmcontrol status
Host asg.beevoip.it
        amavis                  Running
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Stopped
                **zmlogswatchctl is not running**
        mailbox                 Running
        memcached               Running
        mta                     Running
        opendkim                Running
        proxy                   Running
        service webapp          Running
        snmp                    Stopped
                **zmswatch is not running.**
        spell                   Running
        stats                   Running
        zimbra webapp           Running
        zimbraAdmin webapp      Running
        zimlet webapp           Running
        zmconfigd               Running
[zimbra@zimbraserver ~]$ exit
Routhinator commented 6 years ago

Confirming the issue affects me as well. Ubuntu 16.04 and Zimbra 8.7.0GA

obtain-and-deploy-letsencrypt-cert.sh: info: start nginx
obtain-and-deploy-letsencrypt-cert.sh: info: assemble cert files
obtain-and-deploy-letsencrypt-cert.sh: info: test and deploy certificates
obtain-and-deploy-letsencrypt-cert.sh: info: restart zimbra
obtain-and-deploy-letsencrypt-cert.sh: error: Restarting zimbra failed.
root@mx01:/opt/letsencrypt-zimbra# cp configs/cron.conf /etc/cron.d/letsencrypt-zimbra
root@mx01:/opt/letsencrypt-zimbra# su - zimbra
zimbra@mx01:~$ zmcontrol status
Host mx01.mail.routh.io
    amavis                  Running
    antispam                Running
    antivirus               Running
    dnscache                Running
    ldap                    Running
    logger                  Stopped
        zmlogswatchctl is not running
    mailbox                 Running
    memcached               Running
    mta                     Running
    opendkim                Running
    proxy                   Running
    service webapp          Running
    snmp                    Stopped
        zmswatch is not running.
    spell                   Running
    stats                   Running
    zimbra webapp           Running
    zimbraAdmin webapp      Running
    zimlet webapp           Running
    zmconfigd               Running
zimbra@mx01:~$

And zmcontrol stop; zmcontrol start (as the zimbra user of course) fixes it:

zimbra@mx01:~$ zmcontrol stop   
Host mx01.mail.routh.io
    Stopping zmconfigd...Done.
    Stopping zimlet webapp...Done.
    Stopping zimbraAdmin webapp...Done.
    Stopping zimbra webapp...Done.
    Stopping service webapp...Done.
    Stopping stats...Done.
    Stopping mta...Done.
    Stopping spell...Done.
    Stopping snmp...Done.
    Stopping cbpolicyd...Done.
    Stopping archiving...Done.
    Stopping opendkim...Done.
    Stopping amavis...Done.
    Stopping antivirus...Done.
    Stopping antispam...Done.
    Stopping proxy...Done.
    Stopping memcached...Done.
    Stopping mailbox...Done.
    Stopping logger...Done.
    Stopping dnscache...Done.
    Stopping ldap...Done.
zimbra@mx01:~$ zmcontrol start
Host mx01.mail.routh.io
    Starting ldap...Done.
    Starting zmconfigd...Done.
    Starting dnscache...Done.
    Starting logger...Done.
    Starting mailbox...Done.
    Starting memcached...Done.
    Starting proxy...Done.
    Starting amavis...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting opendkim...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    Starting service webapp...Done.
    Starting zimbra webapp...Done.
    Starting zimbraAdmin webapp...Done.
    Starting zimlet webapp...Done.
zimbra@mx01:~$
mvhconsult commented 6 years ago

I run the zmcontrol restart as zimbra user afterwards.

VojtechMyslivec commented 6 years ago

Well it's really confusing issue. I really don't understand why the same command works in interactive shell but keeps failing in the script. I will take a look on it. Stay tuned 🙂

ghost commented 6 years ago

Try setup cron as zimbra user.

root@mail:/opt/letsencrypt-zimbra# su zimbra zimbra@mail:/opt/letsencrypt-zimbra$ crontab -e

Select an editor. To change later, run 'select-editor'.

  1. /bin/ed
  2. /bin/nano <---- easiest
  3. /usr/bin/vim.basic
  4. /usr/bin/vim.tiny

42 0 * * * /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh -q

VojtechMyslivec commented 6 years ago

I see, maybe some differences in environment. I will focus on that

8ryder commented 6 years ago

Maybe restarting it as root will help?

/etc/init.d/zmcontrol restart

VojtechMyslivec commented 6 years ago

I am sorry for the delay.

Finally I found that zmwatch missing modules is due to lack of PERLLIB env variable. So i set it before restarting the services.

Thank you all for the tips, specially @mvhconsult

Can anyone test the zmrestart branch please? Try to renew the cert with -f option. I.E.:

git fetch
git checkout zmwatch
sudo -Hu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh -vf
mvhconsult commented 6 years ago

Tested the branch on a system, and restart seems fine now :) Good work. Will test next week with auto renew, and try to remember to report here.

VojtechMyslivec commented 6 years ago

thank you for testing it. I will merge it. Feel free to reopen the issue if something is still wrong.