dockerized icon indicating copy to clipboard operation
dockerized copied to clipboard
verified publisher icon iredmail

On container reboot mysql failing to login

Open GemzzK opened this issue 5 years ago • 30 comments

After rebooting the container i`m getting the below error. Checked all scripts and unable to find any settings which have these passwords saved. Also, if its randomly generated then not passed properly before authentication is occurring.

ERROR: SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: YES), ERROR: Failed to connect to database,

GemzzK avatar Sep 03 '20 16:09 GemzzK

How did you run this container? Does it read correct config file (the iredmail.conf)?

iredmail avatar Sep 04 '20 03:09 iredmail

How did you run this container? Does it read correct config file (the iredmail.conf)?

I run the container as per below instructions it does read .conf file because when it runs for very first time im able to login into Iredadmin and roundcube. After rebooting it stops working and shows the above mentioned error in logs.

I do remove '--rm' because i dont want container to be wiped out on shutdown.

docker run
--name iredmail
--env-file iredmail-docker.conf
--hostname mail.mydomain.com
-p 80:80
-p 443:443
-p 110:110
-p 995:995
-p 143:143
-p 993:993
-p 25:25
-p 465:465
-p 587:587
-v /iredmail/data/backup:/var/vmail/backup
-v /iredmail/data/mailboxes:/var/vmail/vmail1
-v /iredmail/data/mlmmj:/var/vmail/mlmmj
-v /iredmail/data/mlmmj-archive:/var/vmail/mlmmj-archive
-v /iredmail/data/imapsieve_copy:/var/vmail/imapsieve_copy
-v /iredmail/data/custom:/opt/iredmail/custom
-v /iredmail/data/ssl:/opt/iredmail/ssl
-v /iredmail/data/mysql:/var/lib/mysql
-v /iredmail/data/clamav:/var/lib/clamav
-v /iredmail/data/sa_rules:/var/lib/spamassassin
-v /iredmail/data/postfix_queue:/var/spool/postfix
iredmail/mariadb:nightly

GemzzK avatar Sep 04 '20 04:09 GemzzK

Please paste full console output of the docker run command (remove password before pasting).

iredmail avatar Sep 04 '20 04:09 iredmail

[iRedMail] [Entrypoint] /docker/entrypoints/mariadb.sh , [iRedMail] Starting temporary MariaDB instance., 2020-09-03 15:30:56 0 [Note] mysqld (mysqld 10.4.13-MariaDB-log) starting as process 380 ..., [iRedMail] Reset password for SQL user 'root'., [iRedMail] [Run] /docker/mariadb/pre_start/0-vmail_db.sh, [iRedMail] Grant privileges to SQL user 'vmail' and 'vmailadmin'., [iRedMail] Make sure postmaster@*********** is a global admin., [iRedMail] [Run] /docker/mariadb/pre_start/amavisd_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/fail2ban_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/iredadmin_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/iredapd_db.sh, [iRedMail] [Run] /docker/mariadb/pre_start/roundcube.sh, ERROR: SQLSTATE[HY000] [1045] Access denied for user 'roundcube'@'localhost' (using password: YES), ERROR: Failed to connect to database, [iRedMail] [Run] /docker/mariadb/pre_start/sa_bayes.sh, [iRedMail] [Entrypoint] /docker/entrypoints/dovecot.sh , ln: /etc/dovecot/conf-enabled/service-imap-hibernate.conf: File exists, ln: /etc/dovecot/conf-enabled/stats.conf: File exists, [iRedMail] [Entrypoint] /docker/entrypoints/postfix.sh , [iRedMail] [Entrypoint] /docker/entrypoints/mlmmj.sh , [iRedMail] [Entrypoint] /docker/entrypoints/mlmmjadmin.sh , [iRedMail] [Entrypoint] /docker/entrypoints/iredapd.sh , [iRedMail] [Entrypoint] /docker/entrypoints/antispam.sh , [iRedMail] Run 'sa-update' (required by Amavisd)., Update finished, no fresh updates were available, [iRedMail] [Entrypoint] /docker/entrypoints/nginx.sh , [iRedMail] [Entrypoint] /docker/entrypoints/phpfpm.sh , [iRedMail] [Entrypoint] /docker/entrypoints/roundcube.sh , [iRedMail] [Entrypoint] /docker/entrypoints/fail2ban.sh , [iRedMail] [Entrypoint] /docker/entrypoints/iredadmin.sh , [iRedMail] CMD: /usr/bin/supervisord -c /etc/supervisord.conf, 2020-09-03 15:31:04,681 INFO Included extra file "/etc/supervisor.d/amavisd.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/clamav.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/cron.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/dovecot.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/fail2ban.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/iredadmin.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/iredapd.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/mariadb.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/mlmmjadmin.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/nginx.conf" during parsing, 2020-09-03 15:31:04,682 INFO Included extra file "/etc/supervisor.d/phpfpm.conf" during parsing, 2020-09-03 15:31:04,683 INFO Included extra file "/etc/supervisor.d/postfix.conf" during parsing, 2020-09-03 15:31:04,683 INFO Included extra file "/etc/supervisor.d/rsyslog.conf" during parsing,

GemzzK avatar Sep 04 '20 04:09 GemzzK

I tried with Ubuntu 20.04 and Docker 19.03.8-0ubuntu1.20.04, cannot reproduce this issue with or without --rm --name iredmail command line arguments.

Since all data are stored under /iredmail/data/ (or docker volumes), why don't you use --rm?

iredmail avatar Sep 04 '20 06:09 iredmail

I tried with Ubuntu 20.04 and Docker 19.03.8-0ubuntu1.20.04, cannot reproduce this issue with or without --rm --name iredmail command line arguments.

Since all data are stored under /iredmail/data/ (or docker volumes), why don't you use --rm?

So, as i mentioned in very start it works first time. Just remove --rm and then run container, then reboot it. After rebooting try to access iredadmin or roundcube. You will be able to see the error. Using --rm means that on reboot container will wipe itself and need to execute again manually.

GemzzK avatar Sep 04 '20 13:09 GemzzK

I don't understand the procedure.

Just remove --rm and then run container, then reboot it.

  • Did you remove --name iredmail (no matter what the name is, my point is the --name argument)?
  • What do you mean "reboot it"? Reboot server OS?

iredmail avatar Sep 04 '20 13:09 iredmail

  1. --name argument was never removed and i never mentioned about removing it.
  2. reboot container not server OS.

Also, i have seen that when starting container for first time its stucks on "157 INFO success: fail2ban entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)". It is supposed to do this and never finish installation completely.

GemzzK avatar Sep 04 '20 14:09 GemzzK

I can not reproduce this issue. Could you please show me a step-by-step tutorial to reproduce this issue with detailed shell commands? starting from scratch

iredmail avatar Sep 06 '20 10:09 iredmail

I can not reproduce this issue. Could you please show me a step-by-step tutorial to reproduce this issue with detailed shell commands? starting from scratch

I`ve compiled video of my steps for better understanding. Follow the link below.

Never had fail2ban failed to initialize but this time it did for some reason. Might be due to recently pushed updates.

https://1drv.ms/v/s!AhuxBdMke87KnDmokwVmR99J5BPj?e=t9ssgP

GemzzK avatar Sep 06 '20 11:09 GemzzK

Anyway to share this video without OneDrive? I don't have an account... (expired). Dropbox? Google Drive? Youtube? Other third-party service?

iredmail avatar Sep 06 '20 11:09 iredmail

should

Anyway to share this video without OneDrive? I don't have an account... (expired). Dropbox? Google Drive? Youtube? Other third-party service?

Should be able to access it without account login. just make sure to completely log out of previous account then try the link it should work.

GemzzK avatar Sep 06 '20 11:09 GemzzK

Let me know if there is any issue accessing this video.

GemzzK avatar Sep 06 '20 12:09 GemzzK

  • I see only one text file in the video, no sound (?), no explanation. Did i miss something?
  • I expect you to run commands step-by-step from scratch, so that i can reproduce this issue, or figure out possible mistakes in your steps.
  • Please simply copy commands and outputs and paste here, it's much faster for me to check text than watching a video. Thanks. :)

iredmail avatar Sep 07 '20 03:09 iredmail

  • I see only one text file in the video, no sound (?), no explanation. Did i miss something?
  • I expect you to run commands step-by-step from scratch, so that i can reproduce this issue, or figure out possible mistakes in your steps.
  • Please simply copy commands and outputs and paste here, it's much faster for me to check text than watching a video. Thanks. :)

Ok. here we go with other link hope this one will work. I`m not sure why other video stuck on notepad. Regarding commands i already shared them in the beginning but that didn't worked.

https://drive.google.com/file/d/1xOKWmVMdBRmhHbOb72tP0bkSLVz36z84/view?usp=sharing

GemzzK avatar Sep 07 '20 04:09 GemzzK

It's clear now.

After restarted with Portainer, the container doesn't use iredmail-docker.conf, and try to use random SQL passwords for all SQL users (defined in container script). Seems SQL password for Roundcube db is incorrect in this case.

Will check and fix it shortly. Stay tuned.

Thanks for the feedback. :)

iredmail avatar Sep 07 '20 04:09 iredmail

It's clear now.

After restarted with Portainer, the container doesn't use iredmail-docker.conf, and try to use random SQL passwords for all SQL users (defined in container script). Seems SQL password for Roundcube db is incorrect in this case.

Will check and fix it shortly. Stay tuned.

Thanks for the feedback. :)

No prob. Hope this fix will help alot of people who faced this issue and either they didn't reported or they didn't bothered to.

GemzzK avatar Sep 07 '20 04:09 GemzzK

Could you check file /docker/entrypoints/settings.conf inside the running container? Is variable ROUNDCUBE_DB_PASSWORD set with a (random) password? Also IREDADMIN_DB_PASSWORD.

iredmail avatar Sep 07 '20 04:09 iredmail

Could you check file /docker/entrypoints/settings.conf inside the running container? Is variable ROUNDCUBE_DB_PASSWORD set with a (random) password? Also IREDADMIN_DB_PASSWORD.

Yes they are

ROUNDCUBE_DB_PASSWORD=0RZVl9ZsMrCaebnXnwdoY5lXdiR3Cw

IREDADMIN_DB_PASSWORD=P3TxjJ8LCh9PHhCBkX82oNbWJuNbXV

GemzzK avatar Sep 07 '20 04:09 GemzzK

  • Does file /root/.my.cnf-roundcube contain same password as the one defined in /docker/entrypoints/settings.conf (variable ROUNDCUBE_DB_PASSWORD)?
  • Same to /root/.my.cnf-iredadmin and IREDADMIN_DB_PASSWORD.

iredmail avatar Sep 07 '20 04:09 iredmail

  • Does file /root/.my.cnf-roundcube contain same password as the one defined in /docker/entrypoints/settings.conf (variable ROUNDCUBE_DB_PASSWORD)?
  • Same to /root/.my.cnf-iredadmin and IREDADMIN_DB_PASSWORD.

Nops its different

/root/.my.cnf-roundcube

[client] host=127.0.0.1 port=3306 user="roundcube" password="qkmgO66wIugQ4UAx35HQFWM4O1UNT7"

/root/.my.cnf-iredadmin

[client] host=127.0.0.1 port=3306 user="iredadmin" password="G7GrDIrVEHfuXzKf3gCFIYzxN04mXO"

GemzzK avatar Sep 07 '20 04:09 GemzzK

Thanks for helping. I'm testing this issue locally, stay tuned.

iredmail avatar Sep 07 '20 04:09 iredmail

hi @GemzzK

Issue has been fixed in latest commit, please wait for few minutes until Docker Hub built a new image and try again. let me know if there's any issue left.

Thank you very much for helping. 👍

iredmail avatar Sep 07 '20 08:09 iredmail

hi @GemzzK

Issue has been fixed in latest commit, please wait for few minutes until Docker Hub built a new image and try again. let me know if there's any issue left.

Thank you very much for helping. 👍

Sure. Let me try and inform you. 👍

GemzzK avatar Sep 07 '20 08:09 GemzzK

New image is ready on Docker Hub. Please make sure you're running the latest version. :) https://hub.docker.com/r/iredmail/mariadb

Don't forget to give this repo a star.

iredmail avatar Sep 07 '20 08:09 iredmail

New image is ready on Docker Hub. Please make sure you're running the latest version. :) https://hub.docker.com/r/iredmail/mariadb

Don't forget to give this repo a star.

Tried and it did worked perfectly even after reboot. Thanks for your hardwork.

GemzzK avatar Sep 07 '20 08:09 GemzzK

@GemzzK Thanks for the feedback. :)

iredmail avatar Sep 07 '20 08:09 iredmail

Hi @iredmail , I still got this problem after docker stop ,start iRedMail . How can I replace the correct MySQL password? by not reinstall iRedMail docker version.

bi7jta avatar Sep 02 '22 11:09 bi7jta

Hi @bi7jta

Could you please give me a step-by-step instruction to reproduce the issue?

iredmail avatar Sep 02 '22 11:09 iredmail

Hi @iredmail thank you for you quickly reply , I have found the answer from your website, thank you very much! https://hub.docker.com/r/iredmail/mariadb

  • All SQL passwords are randomly set/reset by default each time you launch or relaunch the container. If you don't like this, please set fixed passwords in iredmail-docker.conf, e.g. MYSQL_ROOT_PASSWORD=.

I also got an another Possible BUG ,about "FIRST_MAIL_DOMAIN_ADMIN_PASSWORD is only set/reset on first run, not each run. " If I add more than one domain name , use web admin, and I have change one of these account password, and the other accounts still use the default password ,such as 123456 , this made my iRedMail SMTP server have been hack by bad man, sent more than 10,000 spam.

THANK YOU!

bi7jta avatar Sep 02 '22 11:09 bi7jta