Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: holck on May 21, 2022, 10:30:18 PM

Title: mailman and fail2ban services becoming disabled
Post by: holck on May 21, 2022, 10:30:18 PM: When I do a signal-event post-upgrade, my mailman and fail2ban services seem to become disabled even though they are marked enabled in the configuration db.

I guess it has to do with the script /etc/e-smith/events/actions/fix-startup, see the fragment below. The script goes through all the services, and if, e.g. for mailman, the file /lib/systemd/system/multi-user.target.wants/mailman.service exists, runs the command
Code: [Select]
# systemctl disable mailman.serviceOn my server, I have both /lib/systemd/system/multi-user.target.wants/mailman.service and /lib/systemd/system/multi-user.target.wants/fail2ban.service

/etc/e-smith/events/actions/fix-startup
Code: [Select]
foreach my $service (@d) { my $sv=$service->{'name'}; next if $sv eq 'bootstrap-console'; $sv= $equivalent->{$sv} || $sv; foreach (qw(multi-user sme-server)) { if (-e "/lib/systemd/system/$_.target.wants/$sv.service") { system(qw(systemctl disable), $sv); } elsif (-e "/etc/systemd/system/$_.target.wants/$sv.service") { system(qw(systemctl disable), $sv); } elsif (-e "/etc/init.d/$sv") { my $dropoutput = `/usr/sbin/chkconfig $sv off 2>/dev/null`; } } }
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 22, 2022, 01:07:00 AM: are those manual installation or from contribs?

as usual
/sbin/e-smith/audittools/templates

also might be interesting to get output of

# /etc/e-smith/events/actions/systemd-default

we do not use multi-user target on SME so the wants link you point are unrelated to your issue. we use our own target sme-server.target
Title: Re: mailman and fail2ban services becoming disabled
Post by: holck on May 22, 2022, 08:49:23 AM: Hello, thanks for helping with this

Both mailman and fail2ban are installed as contribs:
Code: [Select]
# rpm -V mailman S.5....T. c /etc/mailman/templates/da/subscribeack.txt .M....G.. c /usr/lib/mailman/Mailman/mm_cfg.py ......G.. /usr/lib/mailman/Mailman/mm_cfg.pyc ..5....T. /usr/lib/mailman/messages/da/LC_MESSAGES/mailman.po warning: Duplicate username or UID for user apache .M....... /var/lock/mailman .M....... /var/run/mailman # rpm -V smeserver-mailman # rpm -V fail2ban-server S.5....T. c /etc/fail2ban/fail2ban.conf S.5....T. c /etc/fail2ban/jail.conf S.5....T. c /etc/logrotate.d/fail2ban # rpm -V smeserver-fail2ban S.5....T. c /var/log/fail2ban/daemon. # /etc/e-smith/events/actions/systemd-default Removed symlink /etc/systemd/system/multi-user.target.wants/mailman.service.
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 22, 2022, 11:49:55 AM: i assume Sme is up to date

config getprop mailman status
config getprop fail2ban status

systemctl cat mailman

systemctl status mailman

systemctl cat fail2ban

systemctl status fail2ban
Title: Re: mailman and fail2ban services becoming disabled
Post by: holck on May 22, 2022, 12:21:58 PM: Code: [Select]
# yum update Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver Loading mirror speeds from cached hostfile * base: mirror.one.com * smeaddons: ibsgaarden.dk * smeextras: ibsgaarden.dk * smeos: ibsgaarden.dk * smeupdates: ibsgaarden.dk * updates: mirror.one.com base | 3.6 kB 00:00:00 remi-safe | 3.0 kB 00:00:00 smeaddons | 2.9 kB 00:00:00 smeextras | 3.1 kB 00:00:00 smeos | 3.1 kB 00:00:00 smeupdates | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 No packages marked for updateBoth my mailman and fail2ban are enabled in the configuration database now, because I set it manually yesterday.
Code: [Select]
# /sbin/e-smith/config getprop mailman status enabled # /sbin/e-smith/config getprop fail2ban status enabled
Code: [Select]
# systemctl cat mailman # /usr/lib/systemd/system/mailman.service [Unit] Description=GNU Mailing List Manager After=syslog.target network.target [Service] ExecStartPre=/usr/lib/mailman/bin/mailman-update-cfg ExecStartPre=/usr/bin/install -m644 -o root -g root /usr/lib/mailman/cron/cronta ExecStartPre=/bin/touch /var/log/mailman/error ExecStartPre=/bin/chown mailman:mailman /var/log/mailman/error ExecStartPre=/bin/chmod 660 /var/log/mailman/error ExecStart=/usr/lib/mailman/bin/mailmanctl -s start ExecReload=/usr/lib/mailman/bin/mailmanctl restart ExecStop=/usr/lib/mailman/bin/mailman-update-cfg ExecStop=/usr/lib/mailman/bin/mailmanctl stop ExecStop=/bin/sh -c 'echo -e "# DO NOT EDIT THIS FILE!\n#\n# Contents of this fi Type=forking [Install] WantedBy=multi-user.target
Code: [Select]
# systemctl status mailman ● mailman.service - GNU Mailing List Manager Loaded: loaded (/usr/lib/systemd/system/mailman.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2022-05-21 20:38:32 CEST; 15h ago Main PID: 19301 (mailmanctl) CGroup: /system.slice/mailman.service ├─19301 /usr/bin/python2 /usr/lib/mailman/bin/mailmanctl -s start ├─19302 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Arc... ├─19303 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Bou... ├─19304 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Com... ├─19305 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Inc... ├─19306 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=New... ├─19307 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Out... ├─19308 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Vir... └─19309 /usr/bin/python2 /usr/lib/mailman/bin/qrunner --runner=Ret... May 21 20:38:31 sme10.ibsgaarden.dk systemd[1]: Starting GNU Mailing List Ma.... May 21 20:38:32 sme10.ibsgaarden.dk mailmanctl[19299]: Starting Mailman's mas... May 21 20:38:32 sme10.ibsgaarden.dk systemd[1]: Started GNU Mailing List Man.... Hint: Some lines were ellipsized, use -l to show in full.
Code: [Select]
# systemctl cat fail2ban # /usr/lib/systemd/system/fail2ban.service [Unit] Description=Fail2Ban Service Documentation=man:fail2ban(1) After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service PartOf=firewalld.service [Service] Type=simple Environment="PYTHONNOUSERSITE=1" ExecStartPre=/bin/mkdir -p /run/fail2ban ExecStart=/usr/bin/fail2ban-server -xf start # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local # ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start ExecStop=/usr/bin/fail2ban-client stop ExecReload=/usr/bin/fail2ban-client reload PIDFile=/run/fail2ban/fail2ban.pid Restart=on-failure RestartPreventExitStatus=0 255 [Install] WantedBy=multi-user.target
Code: [Select]
# systemctl status fail2ban ● fail2ban.service - Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-05-21 10:07:22 CEST; 1 day 2h ago Docs: man:fail2ban(1) Main PID: 9459 (fail2ban-server) CGroup: /system.slice/fail2ban.service └─9459 /usr/bin/python2 -s /usr/bin/fail2ban-server -xf start May 21 10:07:22 sme10.ibsgaarden.dk systemd[1]: Starting Fail2Ban Service... May 21 10:07:22 sme10.ibsgaarden.dk systemd[1]: Started Fail2Ban Service. May 21 10:07:23 sme10.ibsgaarden.dk fail2ban-server[9459]: Server ready
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 22, 2022, 03:20:18 PM: you are missing dropin files for both contribs to add WantedBy=sme-server.target

what says

rpm -q smeserver-fail2ban
rpm -q smeserver-mailman
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 22, 2022, 03:52:20 PM: /etc/e-smith/events/actions/fix-startup is not related, it is for services still using legacy sysvinit. mostly contribs that have not been correctly migrated to systemd.

it only act on services listed in rc7.d
Title: Re: mailman and fail2ban services becoming disabled
Post by: holck on May 23, 2022, 08:33:03 AM: Code: [Select]
$ rpm -q smeserver-fail2ban smeserver-fail2ban-0.1.18-25.el7.sme.noarch $ rpm -q smeserver-mailman smeserver-mailman-1.5.0-11.el7.sme.noarch
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 23, 2022, 08:29:37 PM: while they should have this dropin file, i do not have it neither on my installs and it is shown as enabled.

so things to check would be :
systemctl get-default

and
ll /etc/rc.d/rc7.d/

example from one of my install

however i had the fail2ban 13 release. updated it.post upgrade and rebooted. still enabled.

also to note your mailman is not up todate. should be 15

Code: [Select]
# systemctl status fail2ban.service ● fail2ban.service - Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-05-21 21:50:28 EDT; 1 day 11h ago Docs: man:fail2ban(1) Main PID: 1784 (f2b/server) Memory: 19.3M CGroup: /system.slice/fail2ban.service └─1784 /usr/bin/python2 -s /usr/bin/fail2ban-server -xf start
Title: Re: mailman and fail2ban services becoming disabled
Post by: holck on May 23, 2022, 09:16:34 PM: Thanks again for all the effort you've put into SME, and still continuing :-)

Code: [Select]
# systemctl get-default sme-server.target # ll /etc/rc.d/rc7.d total 0 lrwxrwxrwx 1 root root 28 Jul 6 2021 S80squeezeboxserver -> /etc/init.d/squeezeboxserver (broken link) lrwxrwxrwx 1 root root 32 Apr 12 09:42 S98mailman -> /etc/rc.d/init.d/e-smith-service
My mailman version comes from the rpm versioned "mailman-2.1.15-30.el7_9.2.x86_64".
Title: Re: mailman and fail2ban services becoming disabled
Post by: Jean-Philippe Pialasse on May 24, 2022, 12:24:28 AM: update smeserver-mailman to release 15 should fix your issue because of the old rc7.d link

delete the dead link S80squeezeboxserver as you are there too