On container reboot mysql failing to login

[GemzzK]

After rebooting the container i`m getting the below error. Checked all scripts and unable to find any settings which have these passwords saved. Also, if its randomly generated then not passed properly before authentication is occurring.

ERROR: SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: YES), ERROR: Failed to connect to database,

[iredmail]

How did you run this container? Does it read correct config file (the iredmail.conf)?

[GemzzK]

How did you run this container? Does it read correct config file (the iredmail.conf)?

I run the container as per below instructions it does read .conf file because when it runs for very first time im able to login into Iredadmin and roundcube. After rebooting it stops working and shows the above mentioned error in logs.

I do remove '--rm' because i dont want container to be wiped out on shutdown.

docker run \ --name iredmail \ --env-file iredmail-docker.conf \ --hostname mail.mydomain.com \ -p 80:80 \ -p 443:443 \ -p 110:110 \ -p 995:995 \ -p 143:143 \ -p 993:993 \ -p 25:25 \ -p 465:465 \ -p 587:587 \ -v /iredmail/data/backup:/var/vmail/backup \ -v /iredmail/data/mailboxes:/var/vmail/vmail1 \ -v /iredmail/data/mlmmj:/var/vmail/mlmmj \ -v /iredmail/data/mlmmj-archive:/var/vmail/mlmmj-archive \ -v /iredmail/data/imapsieve_copy:/var/vmail/imapsieve_copy \ -v /iredmail/data/custom:/opt/iredmail/custom \ -v /iredmail/data/ssl:/opt/iredmail/ssl \ -v /iredmail/data/mysql:/var/lib/mysql \ -v /iredmail/data/clamav:/var/lib/clamav \ -v /iredmail/data/sa_rules:/var/lib/spamassassin \ -v /iredmail/data/postfix_queue:/var/spool/postfix \ iredmail/mariadb:nightly

[iredmail]

Please paste full console output of the docker run command (remove password before pasting).

[GemzzK]

[iRedMail] [Entrypoint] /docker/entrypoints/mariadb.sh , [iRedMail] Starting temporary MariaDB instance., 2020-09-03 15:30:56 0 [Note] mysqld (mysqld 10.4.13-MariaDB-log) starting as process 380 ..., [iRedMail] Reset password for SQL user 'root'., [iRedMail] [Run] /docker/mariadb/pre_start/0-vmail_db.sh, [iRedMail] Grant privileges to SQL user 'vmail' and 'vmailadmin'., [iRedMail] Make sure postmaster@*** is a global admin., [iRedMail] [Run] /docker/mariadb/pre_start/amavisd_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/fail2ban_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/iredadmin_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/iredapd_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/roundcube.sh, ERROR: SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: YES), ERROR: Failed to connect to database, [iRedMail] [Run] /docker/mariadb/pre_start/sa_bayes.sh, [iRedMail] [Entrypoint] /docker/entrypoints/dovecot.sh , ln: /etc/dovecot/conf-enabled/service-imap-hibernate.conf: File exists, ln: /etc/dovecot/conf-enabled/stats.conf: File exists, [iRedMail] [Entrypoint] /docker/entrypoints/postfix.sh , [iRedMail] [Entrypoint] /docker/entrypoints/mlmmj.sh , [iRedMail] [Entrypoint] /docker/entrypoints/mlmmjadmin.sh , [iRedMail] [Entrypoint] /docker/entrypoints/iredapd.sh , [iRedMail] [Entrypoint] /docker/entrypoints/antispam.sh , [iRedMail] Run 'sa-update' (required by Amavisd)., Update finished, no fresh updates were available, [iRedMail] [Entrypoint] /docker/entrypoints/nginx.sh , [iRedMail] [Entrypoint] /docker/entrypoints/phpfpm.sh , [iRedMail] [Entrypoint] /docker/entrypoints/roundcube.sh , [iRedMail] [Entrypoint] /docker/entrypoints/fail2ban.sh , [iRedMail] [Entrypoint] /docker/entrypoints/iredadmin.sh , [iRedMail] CMD: /usr/bin/supervisord -c /etc/supervisord.conf, 2020-09-03 15:31:04,681 INFO Included extra file "/etc/supervisor.d/amavisd.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/clamav.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/cron.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/dovecot.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/fail2ban.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/iredadmin.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/iredapd.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/mariadb.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/mlmmjadmin.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/nginx.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/phpfpm.conf" during parsing, 2020-09-03 15:31:04,683 INFO Included extra file "/etc/supervisor.d/postfix.conf" during parsing, 2020-09-03 15:31:04,683 INFO Included extra file "/etc/supervisor.d/rsyslog.conf" during parsing,

[iredmail]

I tried with Ubuntu 20.04 and Docker 19.03.8-0ubuntu1.20.04, cannot reproduce this issue with or without --rm --name iredmail command line arguments.

Since all data are stored under /iredmail/data/ (or docker volumes), why don't you use --rm?

[GemzzK]

I tried with Ubuntu 20.04 and Docker 19.03.8-0ubuntu1.20.04, cannot reproduce this issue with or without --rm --name iredmail command line arguments.

Since all data are stored under /iredmail/data/ (or docker volumes), why don't you use --rm?

So, as i mentioned in very start it works first time. Just remove --rm and then run container, then reboot it. After rebooting try to access iredadmin or roundcube. You will be able to see the error. Using --rm means that on reboot container will wipe itself and need to execute again manually.

[iredmail]

I don't understand the procedure.

Just remove --rm and then run container, then reboot it.

• Did you remove --name iredmail (no matter what the name is, my point is the --name argument)?
• What do you mean "reboot it"? Reboot server OS?

[GemzzK]

1. --name argument was never removed and i never mentioned about removing it.
2. reboot container not server OS.

Also, i have seen that when starting container for first time its stucks on "157 INFO success: fail2ban entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)". It is supposed to do this and never finish installation completely.

[iredmail]

I can not reproduce this issue. Could you please show me a step-by-step tutorial to reproduce this issue with detailed shell commands? starting from scratch

[GemzzK]

I can not reproduce this issue. Could you please show me a step-by-step tutorial to reproduce this issue with detailed shell commands? starting from scratch

I`ve compiled video of my steps for better understanding. Follow the link below.

Never had fail2ban failed to initialize but this time it did for some reason. Might be due to recently pushed updates.

https://1drv.ms/v/s!AhuxBdMke87KnDmokwVmR99J5BPj?e=t9ssgP

[iredmail]

Anyway to share this video without OneDrive? I don't have an account... (expired). Dropbox? Google Drive? Youtube? Other third-party service?

[GemzzK]

should

Anyway to share this video without OneDrive? I don't have an account... (expired). Dropbox? Google Drive? Youtube? Other third-party service?

Should be able to access it without account login. just make sure to completely log out of previous account then try the link it should work.

[GemzzK]

Let me know if there is any issue accessing this video.

[iredmail]

• I see only one text file in the video, no sound (?), no explanation. Did i miss something?
• I expect you to run commands step-by-step from scratch, so that i can reproduce this issue, or figure out possible mistakes in your steps.
• Please simply copy commands and outputs and paste here, it's much faster for me to check text than watching a video. Thanks. :)

[GemzzK]

• I see only one text file in the video, no sound (?), no explanation. Did i miss something?
• I expect you to run commands step-by-step from scratch, so that i can reproduce this issue, or figure out possible mistakes in your steps.
• Please simply copy commands and outputs and paste here, it's much faster for me to check text than watching a video. Thanks. :)

Ok. here we go with other link hope this one will work. I`m not sure why other video stuck on notepad. Regarding commands i already shared them in the beginning but that didn't worked.

https://drive.google.com/file/d/1xOKWmVMdBRmhHbOb72tP0bkSLVz36z84/view?usp=sharing

[iredmail]

It's clear now.

After restarted with Portainer, the container doesn't use iredmail-docker.conf, and try to use random SQL passwords for all SQL users (defined in container script). Seems SQL password for Roundcube db is incorrect in this case.

Will check and fix it shortly. Stay tuned.

Thanks for the feedback. :)

[GemzzK]

It's clear now.

After restarted with Portainer, the container doesn't use iredmail-docker.conf, and try to use random SQL passwords for all SQL users (defined in container script). Seems SQL password for Roundcube db is incorrect in this case.

Will check and fix it shortly. Stay tuned.

Thanks for the feedback. :)

No prob. Hope this fix will help alot of people who faced this issue and either they didn't reported or they didn't bothered to.

[iredmail]

Could you check file /docker/entrypoints/settings.conf inside the running container? Is variable ROUNDCUBE_DB_PASSWORD set with a (random) password? Also IREDADMIN_DB_PASSWORD.

[GemzzK]

Could you check file /docker/entrypoints/settings.conf inside the running container? Is variable ROUNDCUBE_DB_PASSWORD set with a (random) password? Also IREDADMIN_DB_PASSWORD.

Yes they are

ROUNDCUBE_DB_PASSWORD=0RZVl9ZsMrCaebnXnwdoY5lXdiR3Cw

IREDADMIN_DB_PASSWORD=P3TxjJ8LCh9PHhCBkX82oNbWJuNbXV

[iredmail]

• Does file /root/.my.cnf-roundcube contain same password as the one defined in /docker/entrypoints/settings.conf (variable ROUNDCUBE_DB_PASSWORD)?
• Same to /root/.my.cnf-iredadmin and IREDADMIN_DB_PASSWORD.

[GemzzK]

• Does file /root/.my.cnf-roundcube contain same password as the one defined in /docker/entrypoints/settings.conf (variable ROUNDCUBE_DB_PASSWORD)?
• Same to /root/.my.cnf-iredadmin and IREDADMIN_DB_PASSWORD.

Nops its different

/root/.my.cnf-roundcube

[client] host=127.0.0.1 port=3306 user="roundcube" password="qkmgO66wIugQ4UAx35HQFWM4O1UNT7"

/root/.my.cnf-iredadmin

[client] host=127.0.0.1 port=3306 user="iredadmin" password="G7GrDIrVEHfuXzKf3gCFIYzxN04mXO"

[iredmail]

Thanks for helping. I'm testing this issue locally, stay tuned.

[iredmail]

hi @GemzzK

Issue has been fixed in latest commit, please wait for few minutes until Docker Hub built a new image and try again. let me know if there's any issue left.

Thank you very much for helping. 👍

[GemzzK]

hi @GemzzK

Issue has been fixed in latest commit, please wait for few minutes until Docker Hub built a new image and try again. let me know if there's any issue left.

Thank you very much for helping. 👍

Sure. Let me try and inform you. 👍

[iredmail]

New image is ready on Docker Hub. Please make sure you're running the latest version. :) https://hub.docker.com/r/iredmail/mariadb

Don't forget to give this repo a star.

[GemzzK]

New image is ready on Docker Hub. Please make sure you're running the latest version. :) https://hub.docker.com/r/iredmail/mariadb

Don't forget to give this repo a star.

Tried and it did worked perfectly even after reboot. Thanks for your hardwork.

[iredmail]

@GemzzK Thanks for the feedback. :)

[bi7jta]

Hi @iredmail , I still got this problem after docker stop ,start iRedMail . How can I replace the correct MySQL password? by not reinstall iRedMail docker version.

[iredmail]

Hi @bi7jta

Could you please give me a step-by-step instruction to reproduce the issue?

[bi7jta]

Hi @iredmail thank you for you quickly reply , I have found the answer from your website, thank you very much! https://hub.docker.com/r/iredmail/mariadb

• All SQL passwords are randomly set/reset by default each time you launch or relaunch the container. If you don't like this, please set fixed passwords in iredmail-docker.conf, e.g. MYSQL_ROOT_PASSWORD=.

I also got an another Possible BUG ,about "FIRST_MAIL_DOMAIN_ADMIN_PASSWORD is only set/reset on first run, not each run. " If I add more than one domain name , use web admin, and I have change one of these account password, and the other accounts still use the default password ,such as 123456 , this made my iRedMail SMTP server have been hack by bad man, sent more than 10,000 spam.

THANK YOU!