Bug 3904 - Ошибка при старте сервиса stunnel
: Ошибка при старте сервиса stunnel
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-31 17:20 MSD by Eugene Shatokhin
Modified: 2014-04-04 15:47 MSD (History)
3 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
alex.burmashev: published+


Attachments
journalctl (321.99 KB, application/zip)
2014-04-02 15:37 MSD, Vladimir Potapov
Details
journalctl (44.79 KB, application/zip)
2014-04-03 18:11 MSD, Vladimir Potapov
Details
journalctl (305.44 KB, application/zip)
2014-04-03 18:46 MSD, Vladimir Potapov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Shatokhin 2014-03-31 17:20:49 MSD
Пакет: stunnel-4.56-2-rosa2012.1.x86_64

systemctl start stunnel.service отработала с ошибкой.

Из системного журнала:
--------------------
sudo[5819]: autotest : TTY=pts/1 ; PWD=/home/autotest ; USER=root ; COMMAND=/bin/systemctl start stunnel.service
systemd[1]: Starting SSL tunnel for network daemons...
stunnel[5822]: stunnel 4.56 on x86_64-unknown-linux-gnu platform
stunnel[5822]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
stunnel[5822]: Threading:FORK Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
stunnel[5822]: Reading configuration from file /etc/stunnel/stunnel.conf
stunnel[5822]: FIPS mode is disabled
stunnel[5822]: Compression not enabled
stunnel[5822]: Snagged 64 random bytes from /dev/urandom
stunnel[5822]: PRNG seeded successfully
stunnel[5822]: Initializing service [pop3s]
stunnel[5822]: Certificate: /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Certificate loaded
stunnel[5822]: Key file: /etc/pki/tls/private//stunnel.pem
stunnel[5822]: Private key loaded
stunnel[5822]: Could not load DH parameters from /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Using hardcoded DH parameters
stunnel[5822]: DH initialized with 2048-bit key
stunnel[5822]: ECDH initialized with curve prime256v1
stunnel[5822]: SSL options set: 0x01000004
stunnel[5822]: Initializing service [imaps]
stunnel[5822]: Certificate: /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Certificate loaded
stunnel[5822]: Key file: /etc/pki/tls/private//stunnel.pem
stunnel[5822]: Private key loaded
stunnel[5822]: Could not load DH parameters from /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Using hardcoded DH parameters
stunnel[5822]: DH initialized with 2048-bit key
stunnel[5822]: ECDH initialized with curve prime256v1
stunnel[5822]: SSL options set: 0x01000004
stunnel[5822]: Initializing service [ssmtp]
stunnel[5822]: Certificate: /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Certificate loaded
stunnel[5822]: Key file: /etc/pki/tls/private//stunnel.pem
stunnel[5822]: Private key loaded
stunnel[5822]: Could not load DH parameters from /etc/pki/tls/certs/stunnel.pem
stunnel[5822]: Using hardcoded DH parameters
stunnel[5822]: DH initialized with 2048-bit key
stunnel[5822]: ECDH initialized with curve prime256v1
stunnel[5822]: SSL options set: 0x01000004
stunnel[5822]: Configuration successful
stunnel[5822]: Service [pop3s] (FD=7) bound to 0.0.0.0:995
stunnel[5822]: Service [imaps] (FD=8) bound to 0.0.0.0:993
stunnel[5822]: Service [ssmtp] (FD=9) bound to 0.0.0.0:465
stunnel[5822]: chroot: No such file or directory (2)
stunnel[5822]: Closing service [pop3s]
stunnel[5822]: Service [pop3s] closed (FD=7)
stunnel[5822]: Sessions cached before flush: 0
stunnel[5822]: Sessions cached after flush: 0
stunnel[5822]: Service [pop3s] closed
stunnel[5822]: Closing service [imaps]
stunnel[5822]: Service [imaps] closed (FD=8)
stunnel[5822]: Sessions cached before flush: 0
stunnel[5822]: Sessions cached after flush: 0
stunnel[5822]: Service [imaps] closed
stunnel[5822]: Closing service [ssmtp]
stunnel[5822]: Service [ssmtp] closed (FD=9)
stunnel[5822]: Sessions cached before flush: 0
stunnel[5822]: Sessions cached after flush: 0
stunnel[5822]: Service [ssmtp] closed
stunnel[5822]: str_stats: 21 block(s), 2851 data byte(s), 1218 control byte(s)
systemd-journal[377]: Forwarding to syslog missed 6 messages.
systemd[1]: stunnel.service: control process exited, code=exited status=1
systemd[1]: Failed to start SSL tunnel for network daemons.
systemd[1]: Unit stunnel.service entered failed state.
--------------------
Comment 1 Denis Silakov 2014-04-01 16:55:23 MSD
Advisory:

Updated stunnel to version 5.00, fixed issue with stunnel service startup.

Build lists:
https://abf.rosalinux.ru/build_lists/1731604
https://abf.rosalinux.ru/build_lists/1731603
Comment 2 Vladimir Potapov 2014-04-02 07:18:47 MSD
systemctl start stunnel.service
Job for stunnel.service failed. See 'systemctl status stunnel.service' and 'journalctl -xn' for details.
[root@keleg-H61N-USB3 keleg]# systemctl status stunnel.service
stunnel.service - SSL tunnel for network daemons
   Loaded: loaded (/lib/systemd/system/stunnel.service; disabled)
   Active: failed (Result: exit-code) since Ср. 2014-04-02 12:14:24 IRKT; 5s ago
  Process: 6489 ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf (code=exited, status=1/FAILURE)

апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Sessions cached before flush: 0
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Sessions cached after flush: 0
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Service [imaps] closed
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Closing service [ssmtp]
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Sessions cached before flush: 0
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Sessions cached after flush: 0
апр. 02 12:14:24 keleg-H61N-USB3 stunnel[6489]: [ ] Service [ssmtp] closed
апр. 02 12:14:24 keleg-H61N-USB3 systemd[1]: stunnel.service: control process exited, code=exited status=1
апр. 02 12:14:24 keleg-H61N-USB3 systemd[1]: Failed to start SSL tunnel for network daemons.
апр. 02 12:14:24 keleg-H61N-USB3 systemd[1]: Unit stunnel.service entered failed state.
Comment 3 Denis Silakov 2014-04-02 08:51:39 MSD
Did you have old stunnel installed? if yes, then you should likely go to /etc/stunnel folder and check of it contains stunnel.conf.rpmnew file. If yes, rename it to stunnel.conf (replace old stunnel.conf).

If this helps, I will rebuild the package to replace config automatically (and save old as stunnel.conf.rpmsave).
Comment 4 Vladimir Potapov 2014-04-02 14:45:01 MSD
(In reply to comment #3)
> Did you have old stunnel installed? if yes, then you should likely go to
> /etc/stunnel folder and check of it contains stunnel.conf.rpmnew file. If
> yes, rename it to stunnel.conf (replace old stunnel.conf).
> 
> If this helps, I will rebuild the package to replace config automatically
> (and save old as stunnel.conf.rpmsave).
In my folder /etc/stunnel only one file - stunnel.conf

I don't setup any manual settings, only set up rpm and attempted to start the daemon
Comment 5 Denis Silakov 2014-04-02 14:48:37 MSD
Ok, then provide please output of 'journalctl -a'.
Comment 6 Vladimir Potapov 2014-04-02 15:37:54 MSD
Created attachment 2753 [details]
journalctl
Comment 7 Denis Silakov 2014-04-02 15:59:08 MSD
Are you sure you really installed stunnel from container? It should be stunnel-5.00, while I cam see the following line in the log:

stunnel 4.56 on x86_64-unknown-linux-gnu platform

?
Comment 8 Vladimir Potapov 2014-04-03 18:11:12 MSD
Created attachment 2768 [details]
journalctl

sorry, the log from another system
Comment 9 Denis Silakov 2014-04-03 18:17:55 MSD
Hm, these logs don't contain 'stunnel' word at all and they are dated November, 21...
Comment 10 Vladimir Potapov 2014-04-03 18:46:02 MSD
Created attachment 2769 [details]
journalctl

Try again
Comment 11 Denis Silakov 2014-04-04 13:21:54 MSD
Some process has already occupied port 995 on your system (maybe some mail server with ssl enabled?). What does

netstat -lnptu | grep 995

say?
Comment 12 Denis Silakov 2014-04-04 13:26:08 MSD
Meanwhile, slightly updated build lists:

https://abf.io/build_lists/1743397
https://abf.io/build_lists/1743398
Comment 13 Vladimir Potapov 2014-04-04 14:28:24 MSD
(In reply to comment #11)
> Some process has already occupied port 995 on your system (maybe some mail
> server with ssl enabled?). What does
> 
> netstat -lnptu | grep 995
> 
> say?

tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      5653/dovecot        
tcp6       0      0 :::995                  :::*                    LISTEN      5653/dovecot
Comment 14 Denis Silakov 2014-04-04 14:29:42 MSD
Heh, then stop dovecot before launching stunnel, they can't occupy the same port together.
Comment 15 Vladimir Potapov 2014-04-04 14:56:59 MSD
stunnel-5.00-2
http://abf-downloads.rosalinux.ru/rosa2012.1/container/1743397/i586/main/release/
http://abf-downloads.rosalinux.ru/rosa2012.1/container/1743398/x86_64/main/release/
************************** Advisory ***************************
Updated stunnel to version 5.00, fixed issue with stunnel service startup.
***************************************************************
QA Verified