Closed sschols closed 6 months ago
Hello! Thanks for the detailed report! However, I'm unable to reproduce such issue. I have just launched a docker-compose adding mailhog as extra service and I see emails going, meaning the cron is running.
This seems to be something specific to your host OS. Could you provide it to see if we can reproduce the issue?
We're on an older version of Photon OS in this case
# cat /etc/os-release
NAME="VMware Photon OS"
VERSION="3.0"
ID=photon
VERSION_ID=3.0
PRETTY_NAME="VMware Photon OS/Linux"
ANSI_COLOR="1;34"
HOME_URL="https://vmware.github.io/photon/"
BUG_REPORT_URL="https://github.com/vmware/photon/issues"
# uname -a
Linux photon-machine 4.19.269-2.ph3 #1-photon SMP Sat Jan 7 02:22:22 UTC 2023 x86_64 GNU/Linux
This is likely due for an upgrade, maybe I can try to reproduce this on another machine.
Hello! Thanks for the info!
I just launched a vagrant machine using vmwre/photon:
vagrant@photon-minimal [ ~/docker ]$ cat /etc/os-release
NAME="VMware Photon OS"
VERSION="4.0"
ID=photon
VERSION_ID=4.0
PRETTY_NAME="VMware Photon OS/Linux"
ANSI_COLOR="1;34"
HOME_URL="https://vmware.github.io/photon/"
BUG_REPORT_URL="https://github.com/vmware/photon/issues"
Launched the docker-compose-ce.yaml from this repo with a dev mail server (mailhog) and I see emails being processed every minute. So no luck reproducing your specific issue. It could be though that my vagrant machine comes with some specific pam config/version that is allowing the cron to work?
A quick search about loginuid:
vagrant@photon-minimal [ ~/docker ]$ grep loginuid /etc/pam.d/*
/etc/pam.d/system-session:session optional pam_loginuid.so
The problem seems to be pam_loginuid being in use in the container, not on the host. From my understanding, it's related to the capabilities docker passes through to the container, or the lack thereof (see https://github.com/moby/moby/issues/8244#issuecomment-1294507124).
Do you have a good automated way of validating this, or is the setup for the test mostly manual? I'm having a hard time testing in different setups, but if you have a script to share that would be very helpful.
No, we don't have tests for this specific issue at the moment :( For my previous test I just started the docker-compose-ce.yaml and added mailhog. Here is the composer I have used:
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
mailhog:
image: mailhog/mailhog:latest
container_name: mailhog
restart: always
# Mailhog logs are noisy so not logging it
logging:
driver: none
ports:
- "1025:1025" # SMTP server
- "9502:8025" # Web UI
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://passbolt.local
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
EMAIL_TRANSPORT_DEFAULT_URL="smtp://:@mailhog:1025"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
ports:
- 80:80
- 443:443
#Alternatively for non-root images:
# - 80:8080
# - 443:4433
volumes:
database_volume:
gpg_volume:
jwt_volume:
hello! any news on this issue?
@dlen no, sorry. We've been running this with the cron job scheduled on the host system, which works fine, and I don't have the time to dive deeper into this at the moment :-/
I'm closing as stale and I can't reproduce. Feel free to reopen if needed
Note: this is likely the same issue as #96 and #183.
We're having the same issue of the cron job not firing as it's supposed to. Basically, emails just don't get send out.
Our current workaround without modifying the image is to trigger the cronjob from the host system via "docker exec", but this shouldn't be the final solution.
Research shows this has happened to other users as well: https://community.passbolt.com/t/email-cron-job-is-never-executed-docker-passbolt-2-11-0-debian/2211
The solution seems to be as described in the two issues mentioned above, to comment out the pam_loginuid.so line in the pam configuration. There is a StackOverflow post on this: https://stackoverflow.com/questions/43323754/cannot-make-remove-an-entry-for-the-specified-session-cron, which also refers to the underlying debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726661
To fix this somewhat permanently, we could comment out the pam configuration line as described in the SO post:
(not sure if the spaces are correct, this can probably use some optimization)