Univention Bugzilla – Full Text Bug Listing |
Summary: | univention-upgrade to 4.3-2 aborts in docker container because stunnel4 configure fails | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Docker | Assignee: | Dirk Wiesenthal <wiesenthal> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | damrose |
Version: | UCS 4.3 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=48225 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 6: Setup Problem: Issue for the setup process |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.103 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 49799 | ||
Bug Blocks: |
Description
Arvid Requate
2019-07-04 20:36:30 CEST
Output of journalctl -xe ========================================================================= -- Unit stunnel4.service has begun starting up. Jul 04 18:38:45 master systemd[1]: systemd-journald.service: Failed to add fd to store: Operation not permitted Jul 04 18:38:45 master stunnel4[11516]: Starting TLS tunnels: /etc/stunnel/univention_saml.conf: [ ] Clients allowed=512000 Jul 04 18:38:45 master stunnel4[11516]: [.] stunnel 5.39 on x86_64-pc-linux-gnu platform Jul 04 18:38:45 master stunnel4[11516]: [.] Compiled with OpenSSL 1.1.0f 25 May 2017 Jul 04 18:38:45 master stunnel4[11516]: [.] Running with OpenSSL 1.1.0j 20 Nov 2018 Jul 04 18:38:45 master stunnel4[11516]: [.] Update OpenSSL shared libraries or rebuild stunnel Jul 04 18:38:45 master stunnel4[11516]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP Jul 04 18:38:45 master stunnel4[11516]: [ ] errno: (*__errno_location ()) Jul 04 18:38:45 master stunnel4[11516]: [.] Reading configuration from file /etc/stunnel/univention_saml.conf Jul 04 18:38:45 master stunnel4[11516]: [.] UTF-8 byte order mark not detected Jul 04 18:38:45 master stunnel4[11516]: [.] FIPS mode disabled Jul 04 18:38:45 master stunnel4[11516]: [ ] Compression disabled Jul 04 18:38:45 master stunnel4[11516]: [ ] Snagged 64 random bytes from /dev/urandom Jul 04 18:38:45 master stunnel4[11516]: [ ] PRNG seeded successfully Jul 04 18:38:45 master stunnel4[11516]: [ ] Initializing service [memcached] Jul 04 18:38:45 master stunnel4[11516]: [ ] Loading certificate from file: Jul 04 18:38:45 master stunnel4[11516]: [!] error queue: 140DC002: error:140DC002:SSL routines:use_certificate_chain_file:system lib Jul 04 18:38:45 master stunnel4[11516]: [!] error queue: 20074002: error:20074002:BIO routines:file_ctrl:system lib Jul 04 18:38:45 master stunnel4[11516]: [!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory Jul 04 18:38:45 master stunnel4[11516]: [!] Service [memcached]: Failed to initialize TLS context Jul 04 18:38:45 master stunnel4[11516]: failed Jul 04 18:38:45 master stunnel4[11516]: You should check that you have specified the pid= in you configuration file Jul 04 18:38:45 master systemd[1]: stunnel4.service: Control process exited, code=exited status=1 Jul 04 18:38:45 master systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons). -- Subject: Unit stunnel4.service has failed -- Defined-By: systemd ========================================================================= That's simmilar to Bug #48225. After disabling stunnel4 via /etc/default/stunnel4 the package configures. But I apt-get issues this warning: root@master:/# apt-get -f install [...] stunnel4.service is not a native service, redirecting to systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install is-enabled stunnel4 Job for stunnel4.service failed because the control process exited with error code. See "systemctl status stunnel4.service" and "journalctl -xe" for details. stunnel4.service couldn't restart. stunnel4.service couldn't restart. Site univention-saml already enabled Module headers already enabled Module actions already enabled Module suexec already enabled Module cgi already enabled W: APT had planned for dpkg to do more than it reported back (3 vs 7). Affected packages: stunnel4:amd64 root@master:/# dpkg -C ## everything ok root@master:/# root@master:/# univention-upgrade --ignoreterm --n </dev/null Starting univention-upgrade. Current UCS version is 4.3-2 errata407 [...] And the update contrinues. Actually it is Bug #48225, because my univention/ucs-master-amd64:4.3-2 container was not joined before updating. I'm not closing this yet as duplicate, because we may want to fix this separately in the Docker containers. Images built tagged and pushed. Ok, /etc/apt/sources.list.d/*.list show ============================================================ # The online repository is disabled and can be enabled with: # univention-config-registry set repository/online=true ============================================================ |