search

passbolt / passbolt_docker

Get started with Passbolt CE using docker!
https://passbolt.com
GNU Affero General Public License v3.0
876 stars 192 forks source link

Cron job is not running #217

Closed sschols closed 6 months ago

sschols commented 11 months ago

Note: this is likely the same issue as #96 and #183.

We're having the same issue of the cron job not firing as it's supposed to. Basically, emails just don't get send out.

Our current workaround without modifying the image is to trigger the cronjob from the host system via "docker exec", but this shouldn't be the final solution.

Research shows this has happened to other users as well: https://community.passbolt.com/t/email-cron-job-is-never-executed-docker-passbolt-2-11-0-debian/2211

The solution seems to be as described in the two issues mentioned above, to comment out the pam_loginuid.so line in the pam configuration. There is a StackOverflow post on this: https://stackoverflow.com/questions/43323754/cannot-make-remove-an-entry-for-the-specified-session-cron, which also refers to the underlying debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726661

To fix this somewhat permanently, we could comment out the pam configuration line as described in the SO post:

RUN sed -i '/session    required     pam_loginuid.so/c\#session    required   pam_loginuid.so' /etc/pam.d/cron

(not sure if the spaces are correct, this can probably use some optimization)

dlen commented 11 months ago

Hello! Thanks for the detailed report! However, I'm unable to reproduce such issue. I have just launched a docker-compose adding mailhog as extra service and I see emails going, meaning the cron is running.

This seems to be something specific to your host OS. Could you provide it to see if we can reproduce the issue?

sschols commented 11 months ago

We're on an older version of Photon OS in this case

# cat /etc/os-release
NAME="VMware Photon OS"
VERSION="3.0"
ID=photon
VERSION_ID=3.0
PRETTY_NAME="VMware Photon OS/Linux"
ANSI_COLOR="1;34"
HOME_URL="https://vmware.github.io/photon/"
BUG_REPORT_URL="https://github.com/vmware/photon/issues"

# uname -a
Linux photon-machine 4.19.269-2.ph3 #1-photon SMP Sat Jan 7 02:22:22 UTC 2023 x86_64 GNU/Linux

This is likely due for an upgrade, maybe I can try to reproduce this on another machine.

dlen commented 11 months ago

Hello! Thanks for the info!

I just launched a vagrant machine using vmwre/photon:

vagrant@photon-minimal [ ~/docker ]$ cat /etc/os-release
NAME="VMware Photon OS"
VERSION="4.0"
ID=photon
VERSION_ID=4.0
PRETTY_NAME="VMware Photon OS/Linux"
ANSI_COLOR="1;34"
HOME_URL="https://vmware.github.io/photon/"
BUG_REPORT_URL="https://github.com/vmware/photon/issues"

Launched the docker-compose-ce.yaml from this repo with a dev mail server (mailhog) and I see emails being processed every minute. So no luck reproducing your specific issue. It could be though that my vagrant machine comes with some specific pam config/version that is allowing the cron to work?

A quick search about loginuid:

vagrant@photon-minimal [ ~/docker ]$ grep loginuid /etc/pam.d/*
/etc/pam.d/system-session:session   optional    pam_loginuid.so
sschols commented 11 months ago

The problem seems to be pam_loginuid being in use in the container, not on the host. From my understanding, it's related to the capabilities docker passes through to the container, or the lack thereof (see https://github.com/moby/moby/issues/8244#issuecomment-1294507124).

Do you have a good automated way of validating this, or is the setup for the test mostly manual? I'm having a hard time testing in different setups, but if you have a script to share that would be very helpful.

dlen commented 11 months ago

No, we don't have tests for this specific issue at the moment :( For my previous test I just started the docker-compose-ce.yaml and added mailhog. Here is the composer I have used:

version: "3.9"
services:
  db:
    image: mariadb:10.11
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql

  mailhog:
    image: mailhog/mailhog:latest
    container_name: mailhog
    restart: always
    # Mailhog logs are noisy so not logging it
    logging:
      driver: none
    ports:
      - "1025:1025" # SMTP server
      - "9502:8025" # Web UI

  passbolt:
    image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_FULL_BASE_URL: https://passbolt.local
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      EMAIL_TRANSPORT_DEFAULT_URL="smtp://:@mailhog:1025"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command:
      [
        "/usr/bin/wait-for.sh",
        "-t",
        "0",
        "db:3306",
        "--",
        "/docker-entrypoint.sh",
      ]
    ports:
      - 80:80
      - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:
dlen commented 10 months ago

hello! any news on this issue?

sschols commented 9 months ago

@dlen no, sorry. We've been running this with the cron job scheduled on the host system, which works fine, and I don't have the time to dive deeper into this at the moment :-/

dlen commented 6 months ago

I'm closing as stale and I can't reproduce. Feel free to reopen if needed