DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422022-08-28T14:08:34ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #779 (Resolved): Upgrade NextCloud (from 23.0.8 to 24.0.4)https://projects.duckcorp.org/issues/7792022-08-28T14:08:34ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p>
<pre>
2022-08-28T15:34:59+00:00 Disabled incompatible app: breezedark
2022-08-28T15:34:59+00:00 Disabled incompatible app: end_to_end_encryption
2022-08-28T15:34:59+00:00 Disabled incompatible app: epubreader
2022-08-28T15:34:59+00:00 Disabled incompatible app: spreed
2022-08-28T15:34:59+00:00 Disabled incompatible app: twofactor_admin
2022-08-28T15:34:59+00:00 Disabled incompatible app: weather
</pre>
Supported apps:
<ul>
<li><a href="https://apps.nextcloud.com/apps/end_to_end_encryption" class="external">end_to_end_encryption</a></li>
<li><a href="https://apps.nextcloud.com/apps/breezedark" class="external">breezedark</a></li>
<li><a href="https://apps.nextcloud.com/apps/spreed" class="external">spreed</a></li>
</ul>
Unsupported/Unmaintained apps:
<ul>
<li>weather (disabled): <a class="external" href="https://github.com/nextcloud/weather/issues/102">https://github.com/nextcloud/weather/issues/102</a></li>
<li>twofactor_admin (enabled but the <code>occ</code> command <code> twofactorauth:admin:generate-code</code> doesn't appears ?): <a class="external" href="https://github.com/ChristophWurst/twofactor_admin/issues/229">https://github.com/ChristophWurst/twofactor_admin/issues/229</a></li>
</ul>
Patch applied:
<ul>
<li>epubreader: <a class="external" href="https://github.com/e-alfred/epubreader/issues/44">https://github.com/e-alfred/epubreader/issues/44</a> (patch attached)</li>
</ul> DuckCorp Infrastructure - Bug #778 (Resolved): Upgrade NextCloud (from 23.0.7 to 23.0.8)https://projects.duckcorp.org/issues/7782022-08-28T12:36:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p> DuckCorp Infrastructure - Bug #776 (Resolved): Users are unable to register to projects.duckcorp.orghttps://projects.duckcorp.org/issues/7762022-07-10T10:42:55ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>There is an issue related to the captcha:<br /><pre>
Oops, we failed to validate your reCAPTCHA response. Please try again.
</pre><br />I tried with firefox and chromium.</p>
<p><code>/var/log/redmine/dc/production.log</code> from the <code>redmine</code> LXC container:<br /><pre>
Started POST "/account/register" for 185.238.6.46 at 2022-07-10 12:53:52 +0000
Processing by AccountController#register as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[REDACTED]", "user"=>{"login"=>"pilou_test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "firstname"=>"pilou", "lastname"=>"pilou_test", "mail"=>"pilou_test@ir5.eu", "language"=>"fr"}, "g-recaptcha-response"=>"[REDACTED]", "commit"=>"Soumettre"}
Current user: anonymous
Rendering plugins/recaptcha/app/views/account/register.html.erb within layouts/base
Rendered plugins/recaptcha/app/views/account/register.html.erb within layouts/base (8.8ms)
Completed 200 OK in 3022ms (Views: 14.7ms | ActiveRecord: 1.4ms)
</pre></p> DuckCorp Infrastructure - Bug #775 (Resolved): Ninjabot doesn't handle unreachable networkhttps://projects.duckcorp.org/issues/7752022-07-10T09:29:08ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Ninjabot was unable to reconnect after encountering a temporarily unreachable network:<br /><pre>
Jul 07 00:40:11 orthos.duckcorp.org ninjabot[1608725]: <= {} None PING ['irc2.duckcorp.org']
Jul 07 00:41:31 orthos.duckcorp.org ninjabot[1608725]: [126B blob data]
Jul 07 00:42:08 orthos.duckcorp.org ninjabot[1608725]: [132B blob data]
Jul 07 00:46:31 orthos.duckcorp.org ninjabot[1608725]: [129B blob data]
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: Traceback (most recent call last):
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/bin/ninjabot", line 8, in <module>
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: sys.exit(ninjabot.cli())
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/lib/python3.9/site-packages/ninjabot/ninjabot.py", line 38, in cli
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: client.start()
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/lib/python3.9/site-packages/py_irc/irc.py", line 99, in start
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: buf = self.socket.recv(4096)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/usr/lib/python3.9/ssl.py", line 1226, in recv
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: return self.read(buflen)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/usr/lib/python3.9/ssl.py", line 1101, in read
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: return self._sslobj.read(len)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: OSError: [Errno 101] Network is unreachable
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: [127B blob data]
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Connection broke up
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Attemting to connect to irc.milkypond.org
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Connected to irc.milkypond.org
</pre><br />The bot wasn't connected at <code>04:56:32</code>, a manual restart of the service was required.</p> DuckCorp Infrastructure - Bug #774 (Resolved): slapd service was stopped on toushirouhttps://projects.duckcorp.org/issues/7742022-06-27T05:22:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>unattended-upgrades restarted slapd process but slapd wasn't able to start due to other slapd being also restarted by unattended-upgrades:<br /><pre>
Log started: 2022-06-27 06:24:52
[...]
Restarting services...
systemctl restart apache2.service clamav-daemon.service clamav-freshclam.service dovecot.service fail2ban.service mariadb.service matrix-appservice-irc.service matrix-synapse.service named.service nslcd.service php7.4-fpm.service postfix-mta-sts-resolver.service postfix@-.service proftpd.service redis-server.service rspamd.service slapd.service smokeping.service spoolinger.service ssh.service stunnel4.service systemd-journald.service systemd-udevd.service thelounge.service tt-rss.service xl2tpd.service
</pre><br /><pre>
Jun 27 06:25:14 Toushirou slapd[51648]: Stopping OpenLDAP: slapd
Jun 27 06:25:14 Toushirou slapd[51914]: failed!
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Failed with result 'exit-code'.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Unit process 3026804 (slapd) remains running after unit stopped.
Jun 27 06:25:14 Toushirou systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Consumed 23min 5.763s CPU time.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Found left-over process 3026804 (slapd) in control group while starting unit. Ignoring.
Jun 27 06:25:14 Toushirou systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 27 06:25:14 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 06:25:14 Toushirou slapd[51915]: Starting OpenLDAP: slapd.
Jun 27 06:25:14 Toushirou systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:26:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:26:16 Toushirou slapd[3026804]: do_syncrepl: rid=103 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:29:16 Toushirou slapd[3026804]: do_syncrepl: rid=003 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: conn=-1 op=0 syncprov_checkpoint: running checkpoint
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: slapd stopped.
Jun 27 06:29:16 Toushirou slapd[52543]: Stopping OpenLDAP: slapd.
Jun 27 06:29:16 Toushirou systemd[1]: slapd.service: Succeeded.
Jun 27 08:55:22 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 08:55:22 Toushirou slapd[117269]: @(#) $OpenLDAP: slapd 2.5.6+dfsg-1~exp1 (Aug 10 2021 03:50:37) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
</pre></p> DuckCorp Infrastructure - Enhancement #773 (New): Investigate Kea usagehttps://projects.duckcorp.org/issues/7732022-06-26T11:59:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>ISC doesn't recommend <a href="https://www.isc.org/dhcp/" class="external">ISC DHCP</a> (for new project):</p>
<blockquote>
<p>We recommend that new implementers use Kea and implement ISC DHCP only if Kea does not meet their needs. The Kea distribution does not currently include either a client or a relay.</p>
</blockquote>
<p>The next Debian release provides a <a href="https://packages.debian.org/bookworm/kea" class="external">Kea package</a>.</p> DuckCorp Infrastructure - Bug #767 (New): mailman3-web internal errorhttps://projects.duckcorp.org/issues/7672022-03-27T19:49:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>I just tried to use mailmain3-web to remove my old email address from the the dc-admins list. I encountered an HTTP 500 (twice).<br /><pre>
ERROR 2022-03-27 21:43:42,082 1507813 postorius Mailman REST API not available
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 718, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 107, in call
response = request(
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 109, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/generic.py", line 74, in dispatch
return super(MailingListView, self).dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 97, in dispatch
return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 183, in post
return self._member_post(request, role)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 135, in _member_post
self.mailing_list.unsubscribe(member)
File "/usr/lib/python3/dist-packages/mailmanclient/restobjects/mailinglist.py", line 414, in unsubscribe
self._connection.call(path, method='DELETE')
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 135, in call
raise MailmanConnectionError(
mailmanclient.restbase.connection.MailmanConnectionError: ('Could not connect to Mailman API: ', "ConnectionError(ProtocolError('Connection aborted.', RemoteDisconnected('Remote end closed connection without response')))")
ERROR 2022-03-27 21:43:42,091 1507813 django.request Service Unavailable: /postorius/lists/dc-admins.lists.duckcorp.org/members/member/
</pre></p> DuckCorp Infrastructure - Bug #759 (In Progress): redmine instances don't send any notificationhttps://projects.duckcorp.org/issues/7592022-03-15T21:29:07ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Since the redmine instances are hosted within a LXC container, email notifications are no longer sent.</p>
<p>It looks like the issue comes from the Redmine configuration and 127.0.0.1:25 being used within the container.</p>
<p>The following configuration update isn't sufficient:<br /><pre>
--- /etc/redmine/dc/configuration.yml 2022-03-15 22:28:00.095274510 +0000
+++ /etc/redmine/dc/configuration.yml.new 2022-03-15 22:27:44.102827009 +0000
@@ -4,8 +4,8 @@
email_delivery:
delivery_method: :smtp
smtp_settings:
- address: 127.0.0.1
- domain: ''
+ address: 10.0.7.1
+ domain: 'projects.duckcorp.org'
enable_starttls_auto: false
port: 25
</pre><br />due to the grey listing configuration:<br /><pre>
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: connect from unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: 4KJ71x5crKz4Bs: client=unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: message-id=<redmine.journal-2400.20220315221237.3bd6c5f55c0c0d17@projects.duckcorp.org>
Mar 15 23:12:38 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: milter-reject: END-OF-MESSAGE from unknown[10.0.7.2]: 4.7.1 Try again later; from=<issues@projects.duckcorp.org> to=<[redacted]@ir5.eu> proto=ESMTP helo=<projects.duckcorp.org>
</pre></p>
<p><a class="user active user-mention" href="https://projects.duckcorp.org/users/3">@Marc Dequènes</a> should the grey listing be disabled for 10.0.7.2 or is there another way ?</p> DuckCorp Infrastructure - Bug #746 (Rejected): unexpected restart of Toushirou hosthttps://projects.duckcorp.org/issues/7462021-12-13T14:16:57ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Today Toushirou was restarted unexpectedly. It seems that this restart wasn't due a command.</p>
<p>The server was restarted after <code>Dec 13 10:07:03</code> (UTC+1). I unlocked the encrypted encryption around 13h15 (UTC+1).</p>
<p><code>syslog</code> contains:<br /><pre>
Dec 13 10:06:52 Toushirou postfix/smtpd[1353160]: disconnect from <redacted> ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Dec 13 10:07:03 Toushirou stunnel: LOG5[8632]: Connection closed: 182 byte(s) sent to TLS, 20 byte(s) sent to socket
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
[...]
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Dec 13 13:18:38 Toushirou systemd-udevd[631]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou systemd-udevd[630]: Using default interface naming scheme 'v247'.
Dec 13 13:18:38 Toushirou lvm[578]: 3 logical volume(s) in volume group "extra" monitored
</pre></p>
<p>The filesystem journals were recovered:<br /><pre>
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0 was not cleanly unmounted, check forced.
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[790]: /dev/mapper/main-ldap: clean, 14/23616 files, 9468/94208 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ldap.
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[787]: /dev/mapper/main-ftp: clean, 1042/1966080 files, 4094072/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-ftp.
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 524490 (uid=0, gid=4, mode=0100640, size=186)
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: Clearing orphaned inode 525136 (uid=0, gid=4, mode=0100640, size=2261619)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[794]: /dev/mapper/main-logs: clean, 3025/915712 files, 701679/3661824 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-logs.
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[797]: /dev/mapper/main-mysql: clean, 1706/305216 files, 302945/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-mysql.
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[801]: /dev/mapper/main-projects: clean, 15384/977280 files, 2501362/3932160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-projects.
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[805]: /dev/mapper/main-stuffcloud: clean, 184647/8519680 files, 22560629/34078720 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-stuffcloud.
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136445 (uid=0, gid=0, mode=0100664, size=11567160)
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: Clearing orphaned inode 136045 (uid=0, gid=0, mode=0100664, size=9253600)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[810]: /dev/mapper/main-var: clean, 43941/305216 files, 677459/1220608 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-var.
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 20 (uid=0, gid=0, mode=0100666, size=0)
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: Clearing orphaned inode 50 (uid=128, gid=136, mode=0100600, size=0)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[811]: /dev/mapper/main-tmp: clean, 3380/121920 files, 20791/487424 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-tmp.
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[814]: /dev/mapper/main-vcs: clean, 62639/183264 files, 334140/732160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vcs.
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: Clearing orphaned inode 1314229 (uid=5111, gid=5111, mode=0100600, size=2543956)
[...]
Dec 13 13:18:38 Toushirou systemd-fsck[817]: /dev/mapper/main-vmail: clean, 38189/1966080 files, 3862291/7864320 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-vmail.
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-lxd.
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[827]: /dev/mapper/extra-home: clean, 576437/19660800 files, 60022856/78643200 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/extra-home.
Dec 13 13:18:38 Toushirou systemd-fsck[791]: /dev/md0: 348/64000 files (23.9% non-contiguous), 63264/255936 blocks
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: recovering journal
Dec 13 13:18:38 Toushirou systemd-fsck[819]: /dev/mapper/main-www: clean, 417149/9175040 files, 7579187/36700160 blocks
Dec 13 13:18:38 Toushirou systemd[1]: Finished File System Check on /dev/mapper/main-www.
</pre></p>
<p>Thanks to GuiHome and Victor for letting me know that the NextCloud service was unavailable.</p>
<p>Once the server has been restarted there was an error with the hivane network link. Hence some service were unavailable. The nerim link worked. <br /><pre>
root@Toushirou:~# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● apache2.service loaded failed failed The Apache HTTP Server
● ifup@eth\x2dwan\x2dhivane.service loaded failed failed ifup for eth-wan-hivane
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
● networking.service loaded failed failed Raise network interfaces
</pre></p>
<pre>
root@Toushirou:~# ifdown --force eth-wan-hivane
RTNETLINK answers: Cannot assign requested address
RTNETLINK answers: Cannot assign requested address
root@Toushirou:~# ifup --force eth-wan-hivane
Waiting for DAD... Timed out
ifup: failed to bring up eth-wan-hivane
</pre>
<p>I remember the timed out issue occurred when the last time the server was moved from a rack to another. I tried the <code>ifdown</code>/<code>ifup</code> commands several times (until the <code>Timed out</code> disappeared).</p>
<p>The logs show that the timed out issue occurred at boot:<br /><pre>
Dec 13 13:18:45 Toushirou sh[1562]: Waiting for DAD... Timed out
Dec 13 13:18:45 Toushirou sh[1496]: ifup: failed to bring up eth-wan-hivane
</pre></p>
<p>Next I restarted <code>apache2.service</code> and <code>matrix-appservice-irc.service</code>, then I updated <code>/lib/systemd/system/lxd.socket</code> in order to fix a typo:<br /><pre>Dec 13 15:48:22 Toushirou systemd[1]: /lib/systemd/system/lxd.socket:8: Unit must be of type service, ignoring: lxd.servcie
</pre><br />After that i ran <code>systemctl daemon-reload</code> and <code>lxc list</code> then the redmine LXC container restarted.</p>
<p>At this time I tried to create this issue using redmine:https://projects.duckcorp.org/ but an issue occurred after i tried to authenticate: the redmine web interface showed an error: <code>"Cannot assign requested address - connect(2) for [2001:67c:1740:9001::c1c8:2ab1]:636"</code>.</p>
<p>The restart of the <code>slapd</code> service (which was listening on IPv6 but not IPv4) fixed this issue.</p> DuckCorp Infrastructure - Enhancement #745 (New): ban IPs that try to authenticate with a nonexis...https://projects.duckcorp.org/issues/7452021-11-24T14:03:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Fail2ban should block the following attemps:<br /><pre>
Nov 24 15:06:46 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:00 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:20 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:30 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:44 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:08:04 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
</pre></p>
<p>Some numbers in order to support the new filter (the oldest entry in the journal is 7 days old):<br /><pre>
root@Toushirou:~# # count all entries
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | wc -l
5032
root@Toushirou:~# # check the regex
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | paste -sd+ | bc
5029
root@Toushirou:~# # display the most used IPs
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | head -n 10
741
566
467
362
307
182
177
174
167
161
# There are 697 different IPs, the twenty most used produce 85% of the login failure.
</pre></p> DuckCorp Infrastructure - Bug #744 (Resolved): Remove obsolete Buster packageshttps://projects.duckcorp.org/issues/7442021-11-24T09:42:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>From a security status mail received today:<br /><pre>
Security report based on the bullseye release
*** Available security updates
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21,...
<https://security-tracker.debian.org/tracker/CVE-2021-25219>
- libdns-export1104, libisc-export1100
</pre></p>
<pre>
root@orthos:~# apt policy libdns-export1104
libdns-export1104:
Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
Version table:
*** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
100 /var/lib/dpkg/status
</pre>
<p>According to the [Debian security tracker](<a class="external" href="https://security-tracker.debian.org/tracker/CVE-2021-25219">https://security-tracker.debian.org/tracker/CVE-2021-25219</a>) <code>1:9.11.5.P4+dfsg-5.1+deb10u5</code> is vulnerable. This package is buster only and should be removed.</p>
I will remove every buster only (thanks to <code>apt-forktracer</code>).
<ul>
<li>✅ Elwing</li>
<li>❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)</li>
<li>✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)</li>
<li>✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)</li>
<li>✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64</li>
<li>✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)</li>
<li>✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)</li>
</ul>
There are some packages not upgraded to bullseyes:
<ul>
<li>molly-guard: ✅ <code>0.7.2.0</code> is now used instead of <code>0.7.2.0~buster</code> on every host</li>
<li>rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks</li>
</ul>
There are some used packages without any bullseyes version:
<ul>
<li>incron: ❔</li>
</ul>
<a class="user active user-mention" href="https://projects.duckcorp.org/users/3">@Marc Dequènes</a> on Jinta, could these packages be removed:
<ul>
<li><a href="https://packages.debian.org/stretch/dict-freedict-all" class="external">dict-freedict-all</a> It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?</li>
<li>dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k</li>
</ul> DuckCorp Infrastructure - Tracking #731 (Resolved): redmine: disable usage of non-free gravatar s...https://projects.duckcorp.org/issues/7312021-09-11T23:29:46ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>The <code>projects.duckcorp.org</code> instance of redmine uses the non-free gravatar service.</p>
<p>Usage of the service should be disabled or another instance backed by a free service should be used.</p>
<p>Note that the <a href="https://www.redmine.org/issues/9112" class="external">next release of redmine</a> will allow to choose another instance than gravatar.</p> DuckCorp Infrastructure - Bug #608 (Resolved): debsecan mail configuration problem (Thorfinn, Jin...https://projects.duckcorp.org/issues/6082017-10-30T23:20:13ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>After <a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Enhancement: Reboot Hivane hosted VMs in order to apply configuration updates (Resolved)" href="https://projects.duckcorp.org/issues/607">#607</a>, I checked logs on <code>Thorfinn</code> and <code>Jinta</code> and discovered that Postfix queue wasn't empty:<br /><pre>
postqueue -p
[...]
68ED2105 85288 Mon Oct 30 01:21:08 daemon@Thorfinn.duckcorp.org
(delivery temporarily suspended: connect to Thorfinn.duckcorp.org[193.200.43.26]:25: Connection refused)
root@Thorfinn.duckcorp.org
[...]
-- 424 Kbytes in 9 Requests.
</pre></p>
<p><code>debsecan</code> is executed in a cron (<code>/etc/cron.d/debsecan</code>), output is send to <code>root</code> due to <code>MAILTO</code> value in <code>/etc/default/debsecan</code> and mails are not sent:<br /><pre>
Oct 31 00:00:27 Thorfinn postfix/smtp[2699]: connect to Thorfinn.duckcorp.org[193.200.43.26]:25: Connection refused
Oct 31 00:00:27 Thorfinn postfix/smtp[2699]: connect to Thorfinn.duckcorp.org[2001:67c:1740:9005::26]:25: Connection refused
Oct 31 00:00:27 Thorfinn postfix/smtp[2698]: connect to Thorfinn.duckcorp.org[193.200.43.26]:25: Connection refused
Oct 31 00:00:27 Thorfinn postfix/smtp[2698]: connect to Thorfinn.duckcorp.org[2001:67c:1740:9005::26]:25: Connection refused
</pre></p>
<p>There is the same configuration problem on Jinta.</p>
<p>On Toushirou it seems there is another problem:</p>
<pre>
Oct 30 02:59:07 toushirou postfix/qmgr[2940]: 3yQHhq1LrRz15SL: from=<daemon@toushirou.duckcorp.org>, size=10467, nrcpt=1 (queue active)
Oct 30 02:59:07 toushirou postfix/smtp[11820]: 3yQHhq1LrRz15SL: to=<root@toushirou.duckcorp.org>, orig_to=<root>, relay=none, delay=0.18, delays=0.16/0.03/0/0, dsn=5.4.6, status=bounced (mail for toushirou.duckcorp.org loops back to myself)
Oct 30 02:59:07 toushirou postfix/cleanup[11818]: 3yQHhq2SKMz15SM: message-id=<3yQHhq2SKMz15SM@toushirou.duckcorp.org>
Oct 30 02:59:07 toushirou postfix/qmgr[2940]: 3yQHhq2SKMz15SM: from=<>, size=12471, nrcpt=1 (queue active)
Oct 30 02:59:07 toushirou postfix/bounce[11821]: 3yQHhq1LrRz15SL: sender non-delivery notification: 3yQHhq2SKMz15SM
Oct 30 02:59:07 toushirou postfix/qmgr[2940]: 3yQHhq1LrRz15SL: removed
Oct 30 02:59:07 toushirou postfix/smtp[11820]: 3yQHhq2SKMz15SM: to=<daemon@toushirou.duckcorp.org>, relay=none, delay=0.1, delays=0.09/0/0/0, dsn=5.4.6, status=bounced (mail for toushirou.duckcorp.org loops back to myself)
</pre> Bip - Bug #481 (In Progress): Fix log level for erroneous messageshttps://projects.duckcorp.org/issues/4812015-10-13T12:54:28ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Bip should display IRC <a href="https://tools.ietf.org/html/rfc1459#section-6" class="external">errors</a> sent by IRC servers using <code>error</code> log level.</p>
<p>The current behaviour is:<br /><pre>
13-10-2015 14:48:14 DEBUG: ":irc.server.local 432 * Pilou :Nickname too long, max. 9 characters
</pre></p> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote>