external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity

Fixes #17: start services after unattended upgrades

Browse Source
This commit is contained in:
downtownallday 2022-12-02 15:09:29 -05:00
parent 36b5a31e82
commit e0a237c857
6 changed files with 81 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
conf/ehdd-unattended-upgrades-after.path Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Monitor unattended upgrades and ensure ehdd services are started after upgrades
[Path]
PathModified=/var/lib/apt/periodic/unattended-upgrades-stamp
Unit=ehdd-unattended-upgrades-after.service
[Install]
WantedBy=paths.target

7
conf/ehdd-unattended-upgrades-after.service Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Starts ehdd services
[Service]
Type=oneshot
WorkingDirectory=<INSTALL_ROOT>
ExecStart=<INSTALL_ROOT>/ehdd/run-this-after-reboot.sh --no-mount

9
ehdd/ehdd_funcs.sh
View File

@ -50,3 +50,12 @@ is_mounted() {
return 1 return 1
fi fi
} }
system_installed_with_encryption_at_rest() {
# must be mounted!
if [ -e "$EHDD_IMG" -a ! -z "$STORAGE_ROOT" -a \
-e "$STORAGE_ROOT/ssl/ssl_private_key.pem" ]; then
return 0
fi
return 1
}

39
ehdd/postinstall.sh
View File

@ -11,28 +11,25 @@
. "ehdd/ehdd_funcs.sh" || exit 1 . "ehdd/ehdd_funcs.sh" || exit 1
if [ -e "$EHDD_IMG" ]; then if system_installed_with_encryption_at_rest; then
echo ""
if [ -s /etc/mailinabox.conf ]; then echo "** Disabling system services that require encrypted HDD to be mounted **"
echo "" systemctl disable --quiet postfix
echo "** Disabling system services **" systemctl disable --quiet dovecot
systemctl disable --quiet postfix systemctl disable --quiet postgrey
systemctl disable --quiet dovecot systemctl disable --quiet cron
systemctl disable --quiet postgrey systemctl disable --quiet nginx
systemctl disable --quiet cron systemctl disable --quiet php8.0-fpm
systemctl disable --quiet nginx systemctl disable --quiet mailinabox
systemctl disable --quiet php8.0-fpm systemctl disable --quiet fail2ban
systemctl disable --quiet mailinabox systemctl disable --quiet miabldap-capture
systemctl disable --quiet fail2ban #systemctl disable nsd
systemctl disable --quiet miabldap-capture [ -x /usr/sbin/slapd ] && systemctl disable --quiet slapd
#systemctl disable nsd
[ -x /usr/sbin/slapd ] && systemctl disable --quiet slapd
echo "" echo ""
echo "IMPORTANT:" echo "IMPORTANT:"
echo " Services have been disabled at startup because the encrypted HDD will" echo " Services have been disabled at startup because the encrypted HDD will"
echo " be unavailable. Run ehdd/run-this-after-reboot.sh after a reboot." echo " be unavailable. Run ehdd/run-this-after-reboot.sh after a reboot."
fi
fi fi

14
ehdd/run-this-after-reboot.sh
View File

@ -8,21 +8,25 @@
##### details. ##### details.
##### #####
ehdd/mount.sh || exit 1 if [ "${1:-}" != "--no-mount" ]; then
ehdd/mount.sh || exit 1
fi
if [ -s /etc/mailinabox.conf ]; then . ehdd/ehdd_funcs.sh || exit 1
if system_installed_with_encryption_at_rest; then
[ -x /usr/sbin/slapd ] && systemctl start slapd [ -x /usr/sbin/slapd ] && systemctl start slapd
systemctl start php8.0-fpm systemctl start php8.0-fpm
systemctl start dovecot systemctl start dovecot
systemctl start postfix systemctl start postfix
# postgrey's main database and local client whitelist are in user-data # postgrey's main database and local client whitelist are in user-data
systemctl restart postgrey systemctl start postgrey
systemctl start nginx systemctl start nginx
systemctl start cron systemctl start cron
#systemctl start nsd #systemctl start nsd
systemctl link -f $(pwd)/conf/mailinabox.service systemctl link -q -f /lib/systemd/system/mailinabox.service
systemctl start fail2ban systemctl start fail2ban
systemctl restart mailinabox systemctl start mailinabox
systemctl start miabldap-capture systemctl start miabldap-capture
fi fi

29
setup/system.sh
View File

@ -410,3 +410,32 @@ EOF
[ -e /var/log/mail.log ] && chown syslog:adm /var/log/mail.log [ -e /var/log/mail.log ] && chown syslog:adm /var/log/mail.log
[ -e /var/log/mail.err ] && chown syslog:adm /var/log/mail.err [ -e /var/log/mail.err ] && chown syslog:adm /var/log/mail.err
restart_service rsyslog restart_service rsyslog
# Encryption-at-rest disables certain services after setup runs (see
# ehdd/postinstall.sh) because the STORAGE_ROOT directory won't be
# mounted after a reboot and those services would fail. This causes a
# problem if one of those services is upgraded by unattended-upgrades.
#
# The issue: when the system is running normally and
# unattended-upgrades updates a disabled (but running) service
# (eg. mariadb), the service is stopped for the upgrade but is
# never re-started.
#
# The fix: have systemd watch unattended-upgrades, then start all
# disabled services that were upgraded after updates have been
# applied.
cp conf/ehdd-unattended-upgrades-after.path \
conf/ehdd-unattended-upgrades-after.service \
/etc/systemd/system
tools/editconf.py \
/etc/systemd/system/ehdd-unattended-upgrades-after.service \
-ini-section Service \
"WorkingDirectory=$(pwd)" \
"ExecStart=$(pwd)/ehdd/run-this-after-reboot.sh --no-mount"
systemctl daemon-reload
systemctl enable -q ehdd-unattended-upgrades-after.path
systemctl start -q ehdd-unattended-upgrades-after.path