s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted

[pickworth]

So, all of a sudden my webUI is not accessible and my freePBX container stopped working.

Well, the container starts, kind of...but inside it gets stuck into a startup loop here, printing the following log every second:

**** [zabbix] Starting Zabbix Agent
s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted

**** [zabbix] Starting Zabbix Agent
s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted

**** [zabbix] Starting Zabbix Agent
s6-applyuidgid: fatal: unable to set supplementary group list: Operation not permitted
...etc

It seems to me like a permissions problem, so I've tried manually set chmod -R 777 on the mapped volumes of the host and that didn't help. I even cleared the folders out and started a new installation and I keep getting the same errors now.

I'm using microk8s on ubuntu:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 19.04
Release:    19.04
Codename:   disco

# docker -v
Docker version 18.06.1-ce, build e68fc7a

# kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.1", GitCommit:"d647ddbd755faf07169599a625faf302ffc34458", GitTreeState:"clean", BuildDate:"2019-10-07T14:30:40Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:27:17Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}

Here is my environment config:

            - name: VIRTUAL_PORT
              value: "80"
            - name: ZABBIX_HOSTNAME
              value: "freepbx"
            - name: RTP_START
              value: "10000"
            - name: RTP_FINISH
              value: "10100"
            - name: DB_EMBEDDED
              value: "FALSE"
            - name: DB_HOST
              value: "freepbx-mariadb"
            - name: DB_PORT
              value: "3306"
            - name: DB_NAME
              value: "asterisk"
            - name: DB_USER
              value: "asterisk"
            - name: DB_PASS
              value: "xxx"

            # # temp fix for issue https://github.com/tiredofit/docker-freepbx/issues/94
            # # set to true when resolved
            - name: ENABLE_CRON
              value: "FALSE"
            - name: DEBUG_MODE
              value: "TRUE"

I have no idea what's causing this and have tried pretty hard to resolve but can't find what the problem is. I've got several other containers running in k8s no problem that didn't stop working, so I don't think it's a problem with that, but I might be wrong.

I haven't tried with a fresh database. But I guess that's my last resort, maybe it will help? I also just updated to the latest image release (from 23 days ago) and that didn't help either..

Any tips on how to try to resolve this would be great. Thanks

[pickworth]

In an attempt to fix the issue, an (almost) fresh reinstall (minus the mariadb data) was giving me errors like this:

chown: changing ownership of '/data/var/lib/asterisk': Operation not permitted
chown: changing ownership of '/data/var/lib': Operation not permitted
chown: changing ownership of '/data/var': Operation not permitted
chown: changing ownership of '/data': Operation not permitted
** [freepbx] New Install Detected - Please wait while we fetch FreePBX - Will take 3 to 30 minutes!
+ '[' '!' -f /var/www/html/admin/index.php ']'
+ echo '** [freepbx] New Install Detected - Please wait while we fetch FreePBX - Will take 3 to 30 minutes!'
+ '[' /var/www/html '!=' /var/www/html ']'
+ [[ FALSE = \F\A\L\S\E ]]
+ cat
+ cd /usr/src
+ mkdir -p /usr/src/freepbx
+ curl -ssL https://github.com/FreePBX/framework/archive/release/15.0.16.15.tar.gz
+ tar xfz - --strip 1 -C /usr/src/freepbx
+ silent sudo -u asterisk gpg --refresh-keys --keyserver hkp://keyserver.ubuntu.com:80
+ '[' TRUE = TRUE ']'
+ sudo -u asterisk gpg --refresh-keys --keyserver hkp://keyserver.ubuntu.com:80
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
+ silent sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/9F9169F4B33B4659.key
+ '[' TRUE = TRUE ']'
+ sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/9F9169F4B33B4659.key
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
+ silent sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/3DDB2122FE6D84F7.key
+ '[' TRUE = TRUE ']'
+ sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/3DDB2122FE6D84F7.key
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
+ silent sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/86CE877469D2EAD9.key
+ '[' TRUE = TRUE ']'
+ sudo -u asterisk gpg --import /usr/src/freepbx/amp_conf/htdocs/admin/libraries/BMO/86CE877469D2EAD9.key
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
+ cd /usr/src/freepbx
+ cp -R /etc/odbc.ini /usr/src/freepbx/installlib/files/odbc.ini
+ touch /etc/asterisk/modules.conf /etc/asterisk/cdr.conf
+ echo '** [freepbx] Starting Asterisk for the first time..'
+ silent ./start_asterisk start
+ '[' TRUE = TRUE ']'
+ ./start_asterisk start
** [freepbx] Starting Asterisk for the first time..

STARTING ASTERISK
/usr/sbin/safe_asterisk: 96: ulimit: error setting limit (Operation not permitted)
cat: /var/run/asterisk/asterisk.pid: No such file or directory
cat: /var/run/asterisk/asterisk.pid: No such file or directory
Asterisk Started
** [freepbx] Can't seem to start Asterisk.. Exitting
+ '[' '!' -f /var/run/asterisk/asterisk.pid ']'
+ echo '** [freepbx] Can'\''t seem to start Asterisk.. Exitting'
+ exit 1
[cont-init.d] 10-freepbx: exited 1.
[cont-init.d] 99-container-init: executing...
[cont-init.d] 99-container-init: exited 0.
[cont-init.d] done.

so I tried this on the host, so I have matching gid/uids to the container

groupadd --gid 2600 asterisk
useradd --gid 2600 --uid 2600 asterisk
chown asterisk:asterisk -R <all the mapped vols>

And ran another install.. and seems like the installer is happy with the permissions now! (It might take a while to finish the install.

I did not have to do this the first time I set it up though.. I wonder why..

[pickworth]

It would be awesome if you could pass in GID / UID as environment variables so the freepbx install are initialised with known users from the docker host

[pickworth]

It's kind of working now... The reinstallation finished with this error:

** [freepbx] Starting Asterisk
+ silent fwconsole chown
+ '[' TRUE = TRUE ']'
+ fwconsole chown
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
Setting base permissions...Done
Setting specific permissions...
    0 [>---------------------------]
  100 [---------------->-----------]

Finished setting permissions
  200 [---->-----------------------]+ silent fwconsole start
+ '[' TRUE = TRUE ']'
+ fwconsole start
Asterisk already running
Running FreePBX startup...
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
Setting base permissions...Done
Setting specific permissions...
    0 [>---------------------------]
  100 [---------------->-----------]

Finished setting permissions
Unable to run Pre-Asterisk hooks, because Asterisk is already running on PID 980 and has been running for 11 minutes, 9 seconds
Running Asterisk post from Core module
Starting Core FastAGI Server...

Started Core FastAGI Server. PID is 9556
Running Asterisk post from Ucp module
Starting UCP Node Server...

Started UCP Node Server. PID is 9711
  200 [---->-----------------------][>---------------------------] < 1 sec[>---------------------------] < 1 sec+ silent fwconsole reload
+ '[' TRUE = TRUE ']'
+ fwconsole reload
{"message":"Reload Started"}

In Reload.class.php line 835:

  Unable to connect to Asterisk Manager

I can get to the webUI now at least, but freePBX cannot connect to asterisk, restarting the container doesn't help.

freepbx.log:

[2019-Oct-11 18:44:30] [freepbx.INFO]: [NOTIFICATION]-[freepbx]-[modules_broken] - You have 15 broken modules (The following modules are disabled because they are broken: announcement, calendar, callforward, findmefollow, ivr, miscapps, miscdests, parking, presencestate, queues, ringgroups, setcid, superfecta, tts, ttsengines  You should go to the module admin page to fix these.) [] []
[2019-Oct-11 18:44:42] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:44:43] [freepbx.INFO]: [NOTIFICATION]-[freepbx]-[modules_broken] - You have 15 broken modules (The following modules are disabled because they are broken: announcement, calendar, callforward, findmefollow, ivr, miscapps, miscdests, parking, presencestate, queues, ringgroups, setcid, superfecta, tts, ttsengines  You should go to the module admin page to fix these.) [] []
[2019-Oct-11 18:44:46] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:46:56] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Deprecated way to add Console commands for module certman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Deprecated way to add Console commands for module pm2, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Deprecated way to add Console commands for module soundlang, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Deprecated way to add Console commands for module userman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:46:59] [freepbx.INFO]: Deprecated way to add Console commands for module voicemail, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Deprecated way to add Console commands for module certman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Deprecated way to add Console commands for module pm2, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Deprecated way to add Console commands for module soundlang, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Deprecated way to add Console commands for module userman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:05] [freepbx.INFO]: Deprecated way to add Console commands for module voicemail, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Deprecated way to add Console commands for module certman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Deprecated way to add Console commands for module pm2, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Deprecated way to add Console commands for module soundlang, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Deprecated way to add Console commands for module userman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:47:09] [freepbx.INFO]: Deprecated way to add Console commands for module voicemail, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Deprecated way to add Console commands for module certman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Deprecated way to add Console commands for module pm2, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Deprecated way to add Console commands for module soundlang, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Deprecated way to add Console commands for module userman, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:19] [freepbx.INFO]: Deprecated way to add Console commands for module voicemail, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[2019-Oct-11 18:48:31] [freepbx.INFO]: [NOTIFICATION]-[freepbx]-[RCONFFAIL] - 'fwconsole reload' failed, config not applied (Unable to connect to Asterisk Manager) [] []
[2019-Oct-11 18:48:50] [freepbx.INFO]: Connection attmempt to AMI failed [] []
[2019-Oct-11 18:48:50] [freepbx.INFO]: [NOTIFICATION]-[freepbx]-[modules_broken] - You have 15 broken modules (The following modules are disabled because they are broken: announcement, calendar, callforward, findmefollow, ivr, miscapps, miscdests, parking, presencestate, queues, ringgroups, setcid, superfecta, tts, ttsengines  You should go to the module admin page to fix these.) [] []

I guess last resort would be to wipe the DB ?

[pickworth]

not sure what else to try...

^C
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk#
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk#
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk#
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk#
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk# upgrade-core
No repos specified, using: [unsupported,standard,extended,commercial] from last GUI settings

framework is the same as the online version, unable to upgrade
Updating Hooks...Done
Chowning directories...Done
No repos specified, using: [unsupported,standard,extended,commercial] from last GUI settings

core is the same as the online version, unable to upgrade
Updating Hooks...Done
Chowning directories...Done
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
Setting base permissions...Done
Setting specific permissions...
  248 [============================]
Finished setting permissions
{"message":"Reload Started"}

In Reload.class.php line 835:

  Unable to connect to Asterisk Manager

reload [--json] [--dry-run] [--skip-registry-checks] [--dont-reload-asterisk]

root@freepbx-58777b8bfc-sbck7:/var/log/asterisk# upgrade-ucp
bash: upgrade-ucp: command not found
root@freepbx-58777b8bfc-sbck7:/var/log/asterisk# upgrade-cdr
** [freepbx] Performing Manual Upgrade of CDR Module
No repos specified, using: [unsupported,standard,extended,commercial] from last GUI settings

cdr is the same as the online version, unable to upgrade
Updating Hooks...Done
Chowning directories...Done
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
Setting base permissions...Done
Setting specific permissions...
  248 [============================]
Finished setting permissions
{"message":"Reload Started"}

In Reload.class.php line 835:

  Unable to connect to Asterisk Manager

reload [--json] [--dry-run] [--skip-registry-checks] [--dont-reload-asterisk]

root@freepbx-58777b8bfc-sbck7:/var/log/asterisk#

I would really hate to wipe the DB :(

[tiredofit]

It's a bit hard to find, but if you trace back the Dockerfile I'm using a couple of base images to built this thing, one of them being tiredofit/debian:stretch. We've seen some of this weird activity on filesystems with NFS and then some times on MacOS, and definitely in cases where someone is using user mode Docker. Maybe one of the above is true, but in the meantime you can try this as per the readme in the Debian image:

--

If you enable DEBUG_PERMISSIONS=TRUE all the users and groups have been modified in accordance with Environmental Variables will be displayed in output. e.g. If you add USER_NGINX=1000 it will reset the containers nginx user id from 82 to 1000 - Hint, also change the Group ID to your local development users UID & GID and avoid Docker permission issues when developing.

Parameter	Description
USER_	The user's UID in /etc/passwd will be modified with new UID - Default N/A
GROUP_	The group's GID in /etc/group and /etc/passwd will be modified with new GID - Default N/A
GROUPADD	The username will be added in /etc/group after the group name defined - Default N/A

In this case you'd want to work with the asterisk user.

[pickworth]

Hi Dave

Thanks for your suggestions. I've made the changes to debug permissions as asked, and now it kind of seems worse than before to be honest.. Here is the log output:

** [freepbx] Starting Asterisk
+ echo '** [freepbx] Starting Asterisk'
+ '[' '!' -f /usr/sbin/fwconsole ']'
+ silent fwconsole chown
+ '[' TRUE = TRUE ']'
+ fwconsole chown
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
Setting base permissions...Done
Setting specific permissions...
    0 [>---------------------------]

Finished setting permissions
  100 [---------------->-----------]+ silent fwconsole start
+ '[' TRUE = TRUE ']'
+ fwconsole start
Running FreePBX startup...
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
chown: invalid group: ‘asterisk:asterisk’
Setting base permissions...Done
Setting specific permissions...
    0 [>---------------------------]

Finished setting permissions
Starting Asterisk...
  100 [---------------->-----------][>---------------------------] < 1 sec
[->--------------------------] < 1 sec
[-->-------------------------] < 1 sec
[--->------------------------] < 1 sec
[---->-----------------------] 1 sec
[----->----------------------] 1 sec
...
[--------------->------------] 31 secs
In Start.class.php line 189:

  Unable to connect to Asterisk. Did it start?

start [--pre] [--post] [--skipchown] [--] [<args>]...

+ silent fwconsole reload
+ '[' TRUE = TRUE ']'
+ fwconsole reload
{"message":"Reload Started"}

In Process.php line 239:

  The command "/usr/sbin/asterisk -rx 'core show version'" failed.

  Exit Code: 1(General error)

  Working directory: /

  Output:
  ================

  Error Output:
  ================
  Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl e
  xist?)

reload [--json] [--dry-run] [--skip-registry-checks] [--dont-reload-asterisk]

+ chown -R asterisk /etc/asterisk/asterisk.conf /etc/asterisk/cdr.conf /etc/asterisk/cdr_adaptive_odbc.conf /etc/asterisk/dnsmgr.conf /etc/asterisk/enum.conf /etc/asterisk/freepbx_module_admin.conf /etc/asterisk/indications.conf /etc/asterisk/keys /etc/asterisk/manager.conf /etc/asterisk/manager_additional.conf /etc/asterisk/manager_custom.conf /etc/asterisk/manager_custom.conf.bak /etc/asterisk/meetme.conf /etc/asterisk/meetme_additional.conf /etc/asterisk/meetme_general_additional.conf /etc/asterisk/meetme_general_custom.conf /etc/asterisk/modules.conf /etc/asterisk/musiconhold.conf /etc/asterisk/musiconhold_additional.conf /etc/asterisk/musiconhold_custom.conf /etc/asterisk/phpagi.conf /etc/asterisk/privacy.conf /etc/asterisk/queues.conf /etc/asterisk/queues_additional.conf /etc/asterisk/queues_custom.conf /etc/asterisk/queues_custom_general.conf /etc/asterisk/queues_general_additional.conf /etc/asterisk/queues_post_custom.conf /etc/asterisk/voicemail.conf /etc/asterisk/voicemail.conf.template
+ chown -R asterisk:asterisk /etc/amportal.conf
chown: invalid group: 'asterisk:asterisk'
+ '[' -d /assets/custom ']'
+ '[' TRUE = TRUE ']'
+ '[' '!' -f /usr/local/fop2/fop2_server ']'
+ cat
+ cat
+ '[' TRUE = TRUE ']'
+ echo '    DocumentRoot /var/www/html/ucp'
+ echo '    Alias "/admin" "/var/www/html/admin"'
+ echo '    Alias "/ucp" "/var/www/html/ucp"'
+ '[' TRUE = TRUE ']'
+ echo '    Alias "/fop" "/var/www/html/fop2"'
+ sed -i -e 's#<WEBROOT>#/var/www/html#g' /usr/sbin/upgrade-cdr
+ cat
+ '[' '' = https ']'
+ '[' '' = true ']'
+ '[' '' = TRUE ']'
+ cat
+ silent a2enmod remoteip
+ '[' TRUE = TRUE ']'
+ a2enmod remoteip
Enabling module remoteip.
To activate the new configuration, you need to run:
  service apache2 restart
+ cat
+ silent a2enconf allowoverride
+ '[' TRUE = TRUE ']'
+ a2enconf allowoverride
Enabling conf allowoverride.
To activate the new configuration, you need to run:
  service apache2 reload
+ silent a2enconf remoteip.conf
+ '[' TRUE = TRUE ']'
+ a2enconf remoteip.conf
Enabling conf remoteip.
To activate the new configuration, you need to run:
  service apache2 reload
+ sed -i 's/\(APACHE_RUN_USER=\)\(.*\)/\1asterisk/g' /etc/apache2/envvars
+ sed -i 's/\(APACHE_RUN_GROUP=\)\(.*\)/\1asterisk/g' /etc/apache2/envvars
+ mkdir -p /var/log/apache2
+ chown -R root:adm /var/log/apache2
+ chown asterisk. /run/lock/apache2
+ chown -R asterisk. /usr/local/fop2
+ '[' /var/www/html '!=' /var/www/html ']'
+ '[' TRUE = TRUE ']'
+ echo 'sendmail_path="/usr/bin/msmtp -C /etc/msmtprc -t "'
+ echo 'sendmail_path="/usr/bin/msmtp -C /etc/msmtprc -t "'
+ chown asterisk:asterisk /etc/msmtprc
chown: invalid group: 'asterisk:asterisk'
+ chmod 600 /etc/msmtprc
+ '[' TRUE = TRUE ']'
+ echo '[freepbx] Starting Operator Panel'
+ rm -rf '/var/run/fop2.*'
+ mkdir -p /var/log/fop
[freepbx] Starting Operator Panel
+ chown -R asterisk. /var/log/fop
+ sed -i -e 's#manager_host=.*#manager_host=127.0.0.1#g' /usr/local/fop2/fop2.cfg
+ /usr/local/fop2/fop2_server -d --logdir /var/log/fop
+ silent service apache2 restart
+ '[' TRUE = TRUE ']'
+ service apache2 restart
Output of config test was:
AH00544: apache2: bad group name asterisk
Action 'configtest' failed.
The Apache error log may have more information.
Restarting Apache httpd web server: apache2 failed!
The apache2 configtest failed. ... (warning).
+ echo '** [freepbx] Web Server Started - Container Initialization Complete'
** [freepbx] Web Server Started - Container Initialization Complete
+ mkdir -p /tmp/state
+ touch /tmp/state/10-freepbx-init
[cont-init.d] 10-freepbx: exited 0.
[cont-init.d] 99-container-init: executing...
[cont-init.d] 99-container-init: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

**** [zabbix] Starting Zabbix Agent
2019/10/17 19:00:30 Using in-memory storage
2019/10/17 19:00:30 [SMTP] Binding to address: 0.0.0.0:1025
2019/10/17 19:00:30 Serving under http://0.0.0.0:8025/
[HTTP] Binding to address: 0.0.0.0:8025
Creating API v1 with WebPath:
Creating API v2 with WebPath:
[APIv1] KEEPALIVE /api/v1/events
[APIv1] KEEPALIVE /api/v1/events

Here is what i set the vars to:

            - name: DEBUG_PERMISSIONS
              value: "TRUE"
            - name: USER_asterisk
              value: "2600"
            - name: GROUP_asterisk
              value: "2600"
            - name: GROUP_ADD_asterisk
              value: "asterisk"

I'll keep trying to play around with this when I have time.. Thanks for all your effort with this image by the way, it's great. good job 👍

Edit: I guess you can gather from the logs, but after adding those vars to the env, the webserver doesnt start now :)

[pickworth]

going to give this another stab.

TLDR:

seems that with the environment variables above (with the USER_asterisk, GROUP_asterisk and GROUP_ADD_asterisk with a fresh build, the /etc/group entry created is as follows:

asterisk:x:2600,asterisk

^ there are supposed to be 4 fields, but there are 3 (not enough :)

checking the /etc/passwd file, I have:

asterisk:x:2600:2600:Asterisk:User,,,:/home/asterisk:/bin/bash

^ seems like there is an extra field (too many :s) in the user definition

Symptoms

during setup, chown commands fail with: chown: invalid group: ‘asterisk:asterisk’

testing the user with su, gives the following error: root@freepbx-5788bb7c95-rg949:/# su asterisk Cannot execute /home/asterisk:/bin/bash: No such file or directory

subsequently, apache startup logs say: AH00544: apache2: bad group name asterisk

[tiredofit]

OK - Nice to see you back. The permissions script was written on an Alpine base and that may be the issue right there. I need to wrap something up in the next 18 hours and then I will turn over to that script and make sure its debian compatible.

[pickworth]

Thanks, if it helps the relevant logs for setting the users/groups are as follows:

cont-init.d] 01-permissions: executing...
+ DEBUG_PERMISSIONS=TRUE
+ ENABLE_PERMISSIONS=TRUE
+ '[' TRUE = TRUE ']'
+ varenvusername=(`env | grep USER_ | awk -F= '{print tolower($1)}' | awk -F_ '{print $2}'`)
++ env
++ grep USER_
++ awk -F= '{print tolower($1)}'
++ awk -F_ '{print $2}'
+ varenvuid=(`env | grep USER_ | awk -F= '{print tolower($2)}'`)
++ env
++ awk -F= '{print tolower($2)}'
++ grep USER_
++ echo ''
++ sed 's/ /\\|/g'
+ strusers=
+ [[ ! -z '' ]]
+ '[' TRUE = TRUE ']'
+ echo '**** [permissions] [debug] Users (varenvusername) from Docker env are: '
**** [permissions] [debug] Users (varenvusername) from Docker env are:
**** [permissions] [debug] UIDs (varenvuid) from Docker env are:
+ echo '**** [permissions] [debug] UIDs (varenvuid) from Docker env are: '
+ echo '**** [permissions] [debug] The string (strusers) used to grep the users is: '
+ echo '**** [permissions] [debug] Users (varpassuser) from /etc/passwd are: '
+ echo '**** [permissions] [debug] UIDs (varpassuserid) from /etc/passwd are: '
+ counter=0
**** [permissions] [debug] The string (strusers) used to grep the users is:
**** [permissions] [debug] Users (varpassuser) from /etc/passwd are:
**** [permissions] [debug] UIDs (varpassuserid) from /etc/passwd are:
+ '[' 0 -gt 0 ']'
+ counter=0
+ varenvgroupname=(`env | grep ^GROUP_ | grep -v GROUP_ADD_  | awk -F= '{print tolower($1)}' | awk -F_ '{print $2}'`)
++ env
++ grep -v GROUP_ADD_
++ grep '^GROUP_'
++ awk -F_ '{print $2}'
++ awk -F= '{print tolower($1)}'
+ varenvgid=(`env | grep ^GROUP_ | grep -v GROUP_ADD_ | awk -F= '{print tolower($2)}'`)
++ env
++ grep '^GROUP_'
++ grep -v GROUP_ADD_
++ awk -F= '{print tolower($2)}'
++ echo ''
++ sed 's/ /\\|/g'
+ strgroups=
+ [[ ! -z '' ]]
+ '[' TRUE = TRUE ']'
+ echo '**** [permissions] [debug] Group names (varenvgroupname) from Docker environment settings are: '
+ echo '**** [permissions] [debug] GIDs (grvarenvgid) from Docker environment settings are: '
+ echo '**** [permissions] [debug] The string (strgroup) used to grep the groups is: '
+ echo '**** [permissions] [debug] Group names (vargroupname) from /etc/group are: '
+ echo '**** [permissions] [debug] GIDs (vargroupid) from /etc/group are: '
+ '[' 0 -gt 0 ']'
+ counter=0
+ varenvuser2add=(`env | grep ^GROUP_ADD_ | awk -F= '{print $1}' | awk -F_ '{print tolower($3)}'`)
**** [permissions] [debug] Group names (varenvgroupname) from Docker environment settings are:
**** [permissions] [debug] GIDs (grvarenvgid) from Docker environment settings are:
**** [permissions] [debug] The string (strgroup) used to grep the groups is:
**** [permissions] [debug] Group names (vargroupname) from /etc/group are:
**** [permissions] [debug] GIDs (vargroupid) from /etc/group are:
++ env
++ grep '^GROUP_ADD_'
++ awk -F= '{print $1}'
++ awk -F_ '{print tolower($3)}'
+ varenvdestgroup=(`env | grep ^GROUP_ADD_ | awk -F= '{print tolower($2)}'`)
++ env
++ grep '^GROUP_ADD_'
++ awk -F= '{print tolower($2)}'
+ '[' TRUE = TRUE ']'
+ echo '**** [permissions] [debug] Users (varenvuser2add) to add to groups are: '
+ echo '**** [permissions] [debug] Groups (varenvdestgroup) to add users are: '
**** [permissions] [debug] Users (varenvuser2add) to add to groups are:
**** [permissions] [debug] Groups (varenvdestgroup) to add users are:
+ mkdir -p /tmp/state
++ basename /var/run/s6/etc/cont-init.d/01-permissions
+ touch /tmp/state/01-permissions-init
[cont-init.d] 01-permissions: exited 0.