search

jakeswenson / BitBetter

Modify bit warden to provide my own licensing for self hosting
510 stars 115 forks source link

Bitwarden Unified - API and Identity entering fatal state #204

Closed Jgigantino31 closed 3 months ago

Jgigantino31 commented 3 months ago

I am using the BitBetter unified branch. After running build.sh and starting bitwarden with the bitwarden-patch image using docker compose, the API and Identity services are entering a fatal state.

Docker container logs:

2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,015 INFO success: sso entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,014 INFO success: notifications entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,014 INFO success: nginx entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,014 INFO success: icons entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,014 INFO success: events entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:05 | stdout | 2024-07-26 16:05:05,014 INFO success: admin entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:05:04 | stdout | 2024-07-26 16:05:04,013 INFO gave up: identity entered FATAL state, too many start retries too quickly
2024/07/26 12:05:03 | stdout | 2024-07-26 16:05:03,012 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:05:02 | stdout | 2024-07-26 16:05:02,237 INFO gave up: api entered FATAL state, too many start retries too quickly
2024/07/26 12:05:02 | stdout | 2024-07-26 16:05:01,877 WARN exited: api (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:05:01 | stdout | 2024-07-26 16:05:01,876 INFO spawned: 'identity' with pid 213
2024/07/26 12:05:01 | stdout | 2024-07-26 16:05:01,122 INFO spawned: 'api' with pid 204
2024/07/26 12:04:58 | stdout | 2024-07-26 16:04:58,818 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:57 | stdout | 2024-07-26 16:04:57,915 WARN exited: api (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:57 | stdout | 2024-07-26 16:04:57,177 INFO spawned: 'identity' with pid 180
2024/07/26 12:04:56 | stdout | 2024-07-26 16:04:56,593 INFO spawned: 'api' with pid 176
2024/07/26 12:04:54 | stdout | 2024-07-26 16:04:54,883 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:54 | stdout | 2024-07-26 16:04:54,035 WARN exited: api (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:53 | stdout | 2024-07-26 16:04:53,215 INFO spawned: 'api' with pid 147
2024/07/26 12:04:53 | stdout | 2024-07-26 16:04:53,213 INFO spawned: 'identity' with pid 146
2024/07/26 12:04:52 | stdout | 2024-07-26 16:04:52,211 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:51 | stdout | 2024-07-26 16:04:51,460 WARN exited: api (terminated by SIGABRT (core dumped); not expected)
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,940 INFO spawned: 'sso' with pid 67
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,938 INFO spawned: 'notifications' with pid 66
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,935 INFO spawned: 'nginx' with pid 65
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,928 INFO spawned: 'icons' with pid 64
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,926 INFO spawned: 'events' with pid 63
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,924 INFO spawned: 'api' with pid 62
2024/07/26 12:04:50 | stdout | 2024-07-26 16:04:49,922 INFO spawned: 'admin' with pid 61
2024/07/26 12:04:49 | stdout | 2024-07-26 16:04:49,920 INFO spawned: 'identity' with pid 60
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,917 INFO supervisord started with pid 1
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,916 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,916 INFO RPC interface 'supervisor' initialized
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/sso.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/scim.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/notifications.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/nginx.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/identity.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/icons.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/events.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,873 INFO Included extra file "/etc/supervisor.d/api.ini" during parsing
2024/07/26 12:04:48 | stdout | 2024-07-26 16:04:48,872 INFO Included extra file "/etc/supervisor.d/admin.ini" during parsing
2024/07/26 12:04:44 | stdout | Adding user `bitwarden' to group `users' ...
2024/07/26 12:04:44 | stdout | Adding new user `bitwarden' to supplemental / extra groups `users' ...
2024/07/26 12:04:43 | stdout | Not creating home directory `/home/bitwarden'.
2024/07/26 12:04:41 | stdout | Adding new user `bitwarden' (1031) with group `users (100)' ...
2024/07/26 12:04:41 | stdout | Adding user `bitwarden' ...
2024/07/26 12:04:41 | stderr | addgroup: The GID `100' is already in use.

api.log file:

Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'

identity.log file:

Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
   at Bit.Identity.Program.CreateHostBuilder(String[] args)
   at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
   at Bit.Identity.Program.CreateHostBuilder(String[] args)
   at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
   at Bit.Identity.Program.CreateHostBuilder(String[] args)
   at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10
Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.

File name: 'Core, Version=2024.7.2.0, Culture=neutral, PublicKeyToken=null'
   at Bit.Identity.Program.CreateHostBuilder(String[] args)
   at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10

If I down the docker compose stack and change the image back to bitwarden/self-host:beta all the services start up just fine.

Docker container logs (unmodified bitwarden/self-host:beta image):

2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: sso entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: notifications entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: nginx entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: icons entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: events entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: api entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: admin entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:19 | stdout | 2024-07-26 16:15:19,458 INFO success: identity entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,365 INFO spawned: 'sso' with pid 67
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,363 INFO spawned: 'notifications' with pid 66
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,361 INFO spawned: 'nginx' with pid 65
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,359 INFO spawned: 'icons' with pid 64
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,357 INFO spawned: 'events' with pid 63
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,355 INFO spawned: 'api' with pid 62
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,354 INFO spawned: 'admin' with pid 61
2024/07/26 12:15:04 | stdout | 2024-07-26 16:15:04,352 INFO spawned: 'identity' with pid 60
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,349 INFO supervisord started with pid 1
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,348 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,345 INFO RPC interface 'supervisor' initialized
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,337 INFO Included extra file "/etc/supervisor.d/sso.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,337 INFO Included extra file "/etc/supervisor.d/scim.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,337 INFO Included extra file "/etc/supervisor.d/notifications.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,336 INFO Included extra file "/etc/supervisor.d/nginx.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,336 INFO Included extra file "/etc/supervisor.d/identity.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,336 INFO Included extra file "/etc/supervisor.d/icons.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,336 INFO Included extra file "/etc/supervisor.d/events.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,336 INFO Included extra file "/etc/supervisor.d/api.ini" during parsing
2024/07/26 12:15:03 | stdout | 2024-07-26 16:15:03,335 INFO Included extra file "/etc/supervisor.d/admin.ini" during parsing
2024/07/26 12:14:58 | stdout | Adding user `bitwarden' to group `users' ...
2024/07/26 12:14:58 | stdout | Adding new user `bitwarden' to supplemental / extra groups `users' ...
2024/07/26 12:14:57 | stdout | Not creating home directory `/home/bitwarden'.
2024/07/26 12:14:54 | stdout | Adding new user `bitwarden' (1031) with group `users (100)' ...
2024/07/26 12:14:54 | stdout | Adding user `bitwarden' ...
2024/07/26 12:14:54 | stderr | addgroup: The GID `100' is already in use.

Bitwarden Dashboard (unmodified bitwarden/self-host:beta image):

image

Jgigantino31 commented 3 months ago

It appears I might have a permissions issue. Setting PUID and GUID to 0 in my docker compose file allows all the services to start. The permissions of the modified Core.dll in API and Identity appear to be off compared to an unmodified Core.dll.

Docker container logs:

2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,795 INFO success: sso entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,795 INFO success: notifications entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,795 INFO success: nginx entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,795 INFO success: icons entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,794 INFO success: events entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,794 INFO success: api entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,794 INFO success: admin entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:50:14 | stdout | 2024-07-26 18:50:14,793 INFO success: identity entered RUNNING state, process has stayed up for > than 15 seconds (startsecs)
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,723 INFO spawned: 'sso' with pid 48
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,721 INFO spawned: 'notifications' with pid 47
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,715 INFO spawned: 'nginx' with pid 46
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,711 INFO spawned: 'icons' with pid 45
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,709 INFO spawned: 'events' with pid 44
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,707 INFO spawned: 'api' with pid 43
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,705 INFO spawned: 'admin' with pid 42
2024/07/26 14:49:59 | stdout | 2024-07-26 18:49:59,702 INFO spawned: 'identity' with pid 41
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,699 INFO supervisord started with pid 1
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,699 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,699 INFO RPC interface 'supervisor' initialized
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/sso.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/scim.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/notifications.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/nginx.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/identity.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/icons.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/events.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/api.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 INFO Included extra file "/etc/supervisor.d/admin.ini" during parsing
2024/07/26 14:49:58 | stdout | 2024-07-26 18:49:58,693 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2024/07/26 14:49:58 | stderr | self.warnings.warn(
2024/07/26 14:49:58 | stderr | /usr/lib/python3/dist-packages/supervisor/options.py:474: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
2024/07/26 14:49:54 | stderr | adduser: The UID 0 is already in use.
2024/07/26 14:49:54 | stderr | addgroup: The GID `0' is already in use.

Screenshot from ls -al in /app/Api

image

Screenshot from ls -al in /app/Identity

image

Screenshot from ls -al in /app/Sso

image

Jgigantino31 commented 3 months ago

Not sure why but it appears that for me when docker builds the patched image bitwarden-patch from bitwarden/self-host:beta the file permissions are messed up and are set to 000 when they are supposed to be set to 644 (Core.dll of unmodified services have 644 permissions). If I open a terminal in the modified image I can run the following command to fix the permissions:

chmod 644 /app/Api/Core.dll
chmod 644 /app/Identity/Core.dll

Restarting the container then allows all services to start up without issue with PUID and GUID set to non-zero values.

To run those commands when the image is built I modified "src/bitBetter/Dockerfile-bitwarden-patch".

Original:

FROM bitwarden/self-host:beta

COPY ./temp/Api/Core.dll /app/Api/Core.dll
COPY ./temp/Identity/Core.dll /app/Identity/Core.dll

Modified:

FROM bitwarden/self-host:beta

COPY ./temp/Api/Core.dll /app/Api/Core.dll
COPY ./temp/Identity/Core.dll /app/Identity/Core.dll
RUN chmod 644 /app/Api/Core.dll
RUN chmod 644 /app/Identity/Core.dll

The permissions are now forcibly set to 644 after coping the modified Core.dll files into the patched image during the build process. The resulting image now has the correct permissions.