Univention Bugzilla – Bug 49800
univention-upgrade to 4.3-2 aborts in docker container because stunnel4 configure fails
Last modified: 2023-03-25 06:54:48 CET
After working around Bug 49799 by adjusting /etc/apt/apt.conf.d/docker-gzip-indexes the next run of univention-upgrade fails becasue the package update fo stunnel4 fails: ====================================================================== root@master:/# univention-upgrade --ignoreterm --n </dev/null Starting univention-upgrade. Current UCS version is 4.3-1 errata282 Checking for local repository: none Checking for package updates: none Checking for app updates: none Checking for release updates: found: UCS 4.3-2 Starting update to UCS version 4.3-2 [...] Starting package upgrade ERROR: update failed. Please check /var/log/univention/updater.log ====================================================================== updater.log shows: ====================================================================== Setting up stunnel4 (3:5.39-2A~4.3.0.201809101414) ... Installing new version of config file /etc/init.d/stunnel4 ... Job for stunnel4.service failed because the control process exited with error code. See "systemctl status stunnel4.service" and "journalctl -xe" for details. invoke-rc.d: initscript stunnel4, action "restart" failed. ESC[0;1;31m●ESC[0m stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons) Loaded: loaded (/etc/init.d/stunnel4; generated; vendor preset: enabled) Active: ESC[0;1;31mfailedESC[0m (Result: exit-code) since Thu 2019-07-04 18:12:54 UTC; 12ms ago Docs: man:systemd-sysv-generator(8) Process: 32361 ExecStart=/etc/init.d/stunnel4 start ESC[0;1;31m(code=exited, status=1/FAILURE)ESC[0m Jul 04 18:12:54 master stunnel4[32361]: [!] error queue: 140DC002: error:140…lib Jul 04 18:12:54 master stunnel4[32361]: [!] error queue: 20074002: error:200…lib Jul 04 18:12:54 master stunnel4[32361]: [!] SSL_CTX_use_certificate_chain_fi…ory Jul 04 18:12:54 master stunnel4[32361]: [!] Service [memcached]: Failed to i…ext Jul 04 18:12:54 master stunnel4[32361]: failed Jul 04 18:12:54 master stunnel4[32361]: You should check that you have speci…ile Jul 04 18:12:54 master systemd[1]: ESC[0;1;39mstunnel4.service: Control process exited…us=1ESC[0m Jul 04 18:12:54 master systemd[1]: ESC[0;1;31mFailed to start LSB: Start or stop stunn…ns).ESC[0m Jul 04 18:12:54 master systemd[1]: ESC[0;1;39mstunnel4.service: Unit entered failed state.ESC[0m Jul 04 18:12:54 master systemd[1]: ESC[0;1;39mstunnel4.service: Failed with result 'ex…de'.ESC[0m Hint: Some lines were ellipsized, use -l to show in full. dpkg: error processing package stunnel4 (--configure): subprocess installed post-installation script returned error exit status 1 Setting up libssl1.0.2:amd64 (1.0.2q-1~deb9u1) ... Setting up libx11-xcb1:amd64 (2:1.6.4-3+deb9u1) ... Setting up python-univention-directory-manager-uvmm (8.0.0-3A~4.3.0.201810172013) ... Setting up smbclient (2:4.7.8-1A~4.3.0.201811201337) ... Processing triggers for libc-bin (2.24-11+deb9u3) ... dpkg: dependency problems prevent configuration of univention-saml: univention-saml depends on stunnel4 (>= 3:5.18-1); however: Package stunnel4 is not configured yet. ======================================================================
Output of journalctl -xe ========================================================================= -- Unit stunnel4.service has begun starting up. Jul 04 18:38:45 master systemd[1]: systemd-journald.service: Failed to add fd to store: Operation not permitted Jul 04 18:38:45 master stunnel4[11516]: Starting TLS tunnels: /etc/stunnel/univention_saml.conf: [ ] Clients allowed=512000 Jul 04 18:38:45 master stunnel4[11516]: [.] stunnel 5.39 on x86_64-pc-linux-gnu platform Jul 04 18:38:45 master stunnel4[11516]: [.] Compiled with OpenSSL 1.1.0f 25 May 2017 Jul 04 18:38:45 master stunnel4[11516]: [.] Running with OpenSSL 1.1.0j 20 Nov 2018 Jul 04 18:38:45 master stunnel4[11516]: [.] Update OpenSSL shared libraries or rebuild stunnel Jul 04 18:38:45 master stunnel4[11516]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP Jul 04 18:38:45 master stunnel4[11516]: [ ] errno: (*__errno_location ()) Jul 04 18:38:45 master stunnel4[11516]: [.] Reading configuration from file /etc/stunnel/univention_saml.conf Jul 04 18:38:45 master stunnel4[11516]: [.] UTF-8 byte order mark not detected Jul 04 18:38:45 master stunnel4[11516]: [.] FIPS mode disabled Jul 04 18:38:45 master stunnel4[11516]: [ ] Compression disabled Jul 04 18:38:45 master stunnel4[11516]: [ ] Snagged 64 random bytes from /dev/urandom Jul 04 18:38:45 master stunnel4[11516]: [ ] PRNG seeded successfully Jul 04 18:38:45 master stunnel4[11516]: [ ] Initializing service [memcached] Jul 04 18:38:45 master stunnel4[11516]: [ ] Loading certificate from file: Jul 04 18:38:45 master stunnel4[11516]: [!] error queue: 140DC002: error:140DC002:SSL routines:use_certificate_chain_file:system lib Jul 04 18:38:45 master stunnel4[11516]: [!] error queue: 20074002: error:20074002:BIO routines:file_ctrl:system lib Jul 04 18:38:45 master stunnel4[11516]: [!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory Jul 04 18:38:45 master stunnel4[11516]: [!] Service [memcached]: Failed to initialize TLS context Jul 04 18:38:45 master stunnel4[11516]: failed Jul 04 18:38:45 master stunnel4[11516]: You should check that you have specified the pid= in you configuration file Jul 04 18:38:45 master systemd[1]: stunnel4.service: Control process exited, code=exited status=1 Jul 04 18:38:45 master systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons). -- Subject: Unit stunnel4.service has failed -- Defined-By: systemd =========================================================================
That's simmilar to Bug #48225. After disabling stunnel4 via /etc/default/stunnel4 the package configures.
But I apt-get issues this warning: root@master:/# apt-get -f install [...] stunnel4.service is not a native service, redirecting to systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install is-enabled stunnel4 Job for stunnel4.service failed because the control process exited with error code. See "systemctl status stunnel4.service" and "journalctl -xe" for details. stunnel4.service couldn't restart. stunnel4.service couldn't restart. Site univention-saml already enabled Module headers already enabled Module actions already enabled Module suexec already enabled Module cgi already enabled W: APT had planned for dpkg to do more than it reported back (3 vs 7). Affected packages: stunnel4:amd64 root@master:/# dpkg -C ## everything ok root@master:/# root@master:/# univention-upgrade --ignoreterm --n </dev/null Starting univention-upgrade. Current UCS version is 4.3-2 errata407 [...] And the update contrinues.
Actually it is Bug #48225, because my univention/ucs-master-amd64:4.3-2 container was not joined before updating. I'm not closing this yet as duplicate, because we may want to fix this separately in the Docker containers.
Images built tagged and pushed.
https://hub.docker.com/r/univention/ucs-master-amd64/tags
Ok, /etc/apt/sources.list.d/*.list show ============================================================ # The online repository is disabled and can be enabled with: # univention-config-registry set repository/online=true ============================================================