The current community release contains the EWS code and many improvements. Unfortunately, there also some issues. Here I provide some tips and tricks to fix these issues.
1. grommunio-sync have a new dependency for php-intl
Commit: https://github.com/grommunio/grommunio-sync/commit/2a3ca65b623b3ae920afbe12853c996f183b9ad9 added the new dependency for php-intl.
Unfortunately, this dependency is not hard coded in the grommunio-sync package. On some systems the php-intl is already installed and grommunio-sync works as expected. Some systems miss the php-intl and grommunio-sync stops working after the update.
The simple solution is: manually install the php-intl package.
- Open SuSE 15.5
zypper in php8-intl
- Debian 11
apt install php7.4-intl
- Debian 12
apt install php8.2-intl
2. grommunio log files, stored in a new location
The grommunio nginx log files change their locations from /var/log/grommunio/ to /var/log/nginx/. With this change, there is no need for a separate grommunio logrotate command grommunio-nginx.lr, the nginx logrotate will also rotate the grommunio logs. The following command shows, which logs stored in /var/log/grommunio/: nginx -T | grep /var/log/grommunio/
the returned list, depends on the installed features and migration status.
The transition to the new location, is on the way but not finished. Some logs are now stored in /var/log/nginx/ but some logs are still in the old location /var/log/grommunio/.
This is not an issue, unfortunately the developers removed the logrotate command /etc/logrotate.d/grommunio-nginx.lr. Without of the logrotate command, the logs in /var/log/grommunio/ grow and grow and grow and fill the root volume until the system fails.
Test if the file /etc/logrotate.d/grommunio-nginx.lr exists:
cat /etc/logrotate.d/grommunio-nginx.lr
If you see the content of the file, nothing have to be done. If the file do not exists, the simple solution is, create a new /etc/logrotate.d/grommunio-nginx.lr file with this content:
/var/log/grommunio/*.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
missingok
notifempty
delaycompress
# next line is for Open SuSE
su nginx root
# for Debian use
#su www-data root
lastaction
# -s reopen will use the pid file passed in the config file or the compiled in default path
/usr/sbin/nginx -s reopen
endscript
}
I have seen this issue only on SuSE systems. The difference between SuSE and Debian are the system user for nginx. The SuSE specific line is su nginx root
and the Debian specific line is: su www-data root
in /etc/logrotate.d/grommunio-nginx.lr.
I assume every grommunio update will remove the grommunio-nginx.lr, so create a copy in a save place and restore the grommunio-nginx.lr after every update.
A future update will move all logs to the new location /var/log/nginx/ than we may remove the logrotate file and the directory /var/log/grommunio/.
Today's community update (08.11.2023) finished the log file migration
Test if all logs are no longer in /var/log/grommunio: nginx -T | grep /var/log/grommunio/
This command should not return any log files. If this command returns one or more log files, something strange happend on your system, do not continue with Clean Up!
The changes in detail:
Clean Up the system
1. If you use fail2ban, you need to update the /etc/fail2ban/jail.local!
Missing the fail2ban update, presents outdated log files to faile2ban and fail2ban will not block intruders as expected or can't start.
- Switch the log location in jail.local
sed -i 's: /var/log/grommunio/: /var/log/nginx/:g' /etc/fail2ban/jail.local
- Restart fail2ban
systemctl restart fail2ban
- Verity if fail2ban is running
systemctl status fail2ban
- If fail2ban is not running, fix the error.
2. Remove the old log directory, logrotate and logrotate fix
- Remove the old log directory
rm -r /var/log/grommunio
- Remove the logrotate command - if it exist
rm /etc/logrotate.d/grommunio-nginx.lr
- Remove the logrotate fix - if it exist
rm /etc/cron.d/logrotate_failed
3. Set the correct owner for the log files in /var/log/nginx/
Some times the owner is incorrect for the log files in /var/log/nginx/, simply reset the owner to nginx:root for Open SuSE or www-data:adm on Debian.
- Open Suse
chown nginx:root /var/log/nginx/*
- Debian
chown www-data:adm /var/log/nginx/*
3. EWS is disabled - how to enable
Currently EWS is disabled, I assume there is a parameter in an configuration file, unfortunately I did not have enough time to read the EWS code. So I can't answer the question how to enable EWS.
This commit clarifies how to enable EWS: https://github.com/grommunio/gromox/commit/6e623631ccc32226fd1019add12e08aba2eb8e17 for testing.
To enable EWS set the parameter: ews_beta = 1
in configuration file: /et/gromox/ews.cfg
If the ews.cfg
file contains this parameter: ews_experimental = 1
, remove this line, it is outdated.
Now update your system and test EWS.
As the parameter name suggests, please remember EWS is a beta release.
4. Future updates
I will update this post when I have more information about the update
a. Modifications
20231108 added: Today's community update (08.11.2023) finished the log file migration.
20231108 added: If you use fail2ban, you need to update the /etc/fail2ban/jail.local!
20231109 added: EWS is disabled
20231110 modified: EWS is disabled - how to enable