1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00

Fixes #17: start services after unattended upgrades

This commit is contained in:
downtownallday 2022-12-02 15:09:29 -05:00
parent 36b5a31e82
commit e0a237c857
6 changed files with 81 additions and 26 deletions

View File

@ -0,0 +1,9 @@
[Unit]
Description=Monitor unattended upgrades and ensure ehdd services are started after upgrades
[Path]
PathModified=/var/lib/apt/periodic/unattended-upgrades-stamp
Unit=ehdd-unattended-upgrades-after.service
[Install]
WantedBy=paths.target

View File

@ -0,0 +1,7 @@
[Unit]
Description=Starts ehdd services
[Service]
Type=oneshot
WorkingDirectory=<INSTALL_ROOT>
ExecStart=<INSTALL_ROOT>/ehdd/run-this-after-reboot.sh --no-mount

View File

@ -50,3 +50,12 @@ is_mounted() {
return 1
fi
}
system_installed_with_encryption_at_rest() {
# must be mounted!
if [ -e "$EHDD_IMG" -a ! -z "$STORAGE_ROOT" -a \
-e "$STORAGE_ROOT/ssl/ssl_private_key.pem" ]; then
return 0
fi
return 1
}

View File

@ -11,28 +11,25 @@
. "ehdd/ehdd_funcs.sh" || exit 1
if [ -e "$EHDD_IMG" ]; then
if [ -s /etc/mailinabox.conf ]; then
echo ""
echo "** Disabling system services **"
systemctl disable --quiet postfix
systemctl disable --quiet dovecot
systemctl disable --quiet postgrey
systemctl disable --quiet cron
systemctl disable --quiet nginx
systemctl disable --quiet php8.0-fpm
systemctl disable --quiet mailinabox
systemctl disable --quiet fail2ban
systemctl disable --quiet miabldap-capture
#systemctl disable nsd
[ -x /usr/sbin/slapd ] && systemctl disable --quiet slapd
if system_installed_with_encryption_at_rest; then
echo ""
echo "** Disabling system services that require encrypted HDD to be mounted **"
systemctl disable --quiet postfix
systemctl disable --quiet dovecot
systemctl disable --quiet postgrey
systemctl disable --quiet cron
systemctl disable --quiet nginx
systemctl disable --quiet php8.0-fpm
systemctl disable --quiet mailinabox
systemctl disable --quiet fail2ban
systemctl disable --quiet miabldap-capture
#systemctl disable nsd
[ -x /usr/sbin/slapd ] && systemctl disable --quiet slapd
echo ""
echo "IMPORTANT:"
echo " Services have been disabled at startup because the encrypted HDD will"
echo " be unavailable. Run ehdd/run-this-after-reboot.sh after a reboot."
fi
echo ""
echo "IMPORTANT:"
echo " Services have been disabled at startup because the encrypted HDD will"
echo " be unavailable. Run ehdd/run-this-after-reboot.sh after a reboot."
fi

View File

@ -8,21 +8,25 @@
##### details.
#####
ehdd/mount.sh || exit 1
if [ "${1:-}" != "--no-mount" ]; then
ehdd/mount.sh || exit 1
fi
if [ -s /etc/mailinabox.conf ]; then
. ehdd/ehdd_funcs.sh || exit 1
if system_installed_with_encryption_at_rest; then
[ -x /usr/sbin/slapd ] && systemctl start slapd
systemctl start php8.0-fpm
systemctl start dovecot
systemctl start postfix
# postgrey's main database and local client whitelist are in user-data
systemctl restart postgrey
systemctl start postgrey
systemctl start nginx
systemctl start cron
#systemctl start nsd
systemctl link -f $(pwd)/conf/mailinabox.service
systemctl link -q -f /lib/systemd/system/mailinabox.service
systemctl start fail2ban
systemctl restart mailinabox
systemctl start mailinabox
systemctl start miabldap-capture
fi

View File

@ -410,3 +410,32 @@ EOF
[ -e /var/log/mail.log ] && chown syslog:adm /var/log/mail.log
[ -e /var/log/mail.err ] && chown syslog:adm /var/log/mail.err
restart_service rsyslog
# Encryption-at-rest disables certain services after setup runs (see
# ehdd/postinstall.sh) because the STORAGE_ROOT directory won't be
# mounted after a reboot and those services would fail. This causes a
# problem if one of those services is upgraded by unattended-upgrades.
#
# The issue: when the system is running normally and
# unattended-upgrades updates a disabled (but running) service
# (eg. mariadb), the service is stopped for the upgrade but is
# never re-started.
#
# The fix: have systemd watch unattended-upgrades, then start all
# disabled services that were upgraded after updates have been
# applied.
cp conf/ehdd-unattended-upgrades-after.path \
conf/ehdd-unattended-upgrades-after.service \
/etc/systemd/system
tools/editconf.py \
/etc/systemd/system/ehdd-unattended-upgrades-after.service \
-ini-section Service \
"WorkingDirectory=$(pwd)" \
"ExecStart=$(pwd)/ehdd/run-this-after-reboot.sh --no-mount"
systemctl daemon-reload
systemctl enable -q ehdd-unattended-upgrades-after.path
systemctl start -q ehdd-unattended-upgrades-after.path