How to properly set Connection Security through env variable?


#1

Hi everyone,

yesterday I’ve noticed in the manual that you can also force some settings through environment variables.

I"m maintaining an app for Mattermost in the Univention app center, since I’ve had it happen already that an admin has set connectionsecurity to tls and then complain that he cannot access Mattermost anymore I want to prevent users from changing this setting.

Unfortunately when setting the env for it to empty (see https://stash.z-hub.io/projects/K4U/repos/mattermost/browse/Dockerfile?at=refs%2Fheads%2Fenv-readonly-settings#12 for my current state) will not pick up the setting in Mattermost:

Do you have a proposal how to set this setting though an env variable? Why isn’t this way of setting up Mattermost used in the official Docker images (at least I did not spot it there)?

PS: the technical workaround I would see for this is modifying Mattermost to accept "ConnectionSecurity": "None", in addition to "ConnectionSecurity": "",


#2

Hi @fbartels! Thank you for reporting this.

Just to confirm, what Mattermost server version are you using and are you seeing any errors in logs or the console?


#3

Hi @amy.blais,

I’m running the current release, e.g. 4.10.0. No apparent errors in the Mattermost output (apart from the sandboxing error since I’m not running a privileged container):

{"level":"info","ts":1527602917.1925097,"caller":"utils/i18n.go:83","msg":"Loaded system translations for 'en' from '/opt/mattermost/i18n/en.json'"}
{"level":"info","ts":1527602917.1937377,"caller":"app/app.go:181","msg":"Server is initializing..."}
{"level":"info","ts":1527602917.202806,"caller":"sqlstore/supplier.go:198","msg":"Pinging SQL master database"}
{"level":"info","ts":1527602920.138553,"caller":"sqlstore/upgrade.go:89","msg":"The database schema has been set to version 4.10.0"}
{"level":"info","ts":1527602927.2814572,"caller":"commands/server.go:73","msg":"Current version is 4.10.0 (4.10.0/Wed May 16 00:31:32 UTC 2018/9301e575c880970dc5642605adcc37903d176227/fac85cb7ec5d2ae21e925db4fd5ec27859e19cb0)"}
{"level":"info","ts":1527602927.2817714,"caller":"commands/server.go:74","msg":"Enterprise Enabled: true"}
{"level":"info","ts":1527602927.2818253,"caller":"commands/server.go:75","msg":"Current working directory is /opt/mattermost"}
{"level":"info","ts":1527602927.2819023,"caller":"commands/server.go:76","msg":"Loaded config file from /etc/mattermost/config.json"}
{"level":"info","ts":1527602927.282239,"caller":"utils/file_backend_local.go:30","msg":"Able to write files to local storage."}
{"level":"info","ts":1527602927.2955668,"caller":"app/license.go:44","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1527602927.297827,"caller":"app/app.go:527","msg":"Migrating roles to database."}
{"level":"info","ts":1527602927.4109747,"caller":"sqlstore/post_store.go:1243","msg":"Post.Message supports at most 16383 characters (65535 bytes)"}
{"level":"info","ts":1527602927.4777496,"caller":"app/plugin.go:374","msg":"Starting up plugins"}
{"level":"warn","ts":1527602927.5337932,"caller":"app/plugin.go:404","msg":"plugin sandboxing is not supported. plugins will run with the same access level as the server. See documentation to learn more: https://developers.mattermost.com/extend/plugins/security/","error":"unable to prepare namespace: unable to make root private: permission denied","errorVerbose":"unable to make root private: permission denied\nunable to prepare namespace\ngithub.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox.checkSupport\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox/sandbox_linux.go:482\ngithub.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox.CheckSupport\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox/sandbox.go:33\ngithub.com/mattermost/mattermost-server/app.(*App).InitPlugins\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/app/plugin.go:403\ngithub.com/mattermost/mattermost-server/cmd/commands.runServer\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/commands/server.go:92\ngithub.com/mattermost/mattermost-server/cmd/commands.serverCmdF\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/commands/server.go:54\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).execute\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:756\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).ExecuteC\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:846\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).Execute\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:794\ngithub.com/mattermost/mattermost-server/cmd.Run\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/cmd.go:14\nmain.main\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/main.go:31\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:198\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2361"}
{"level":"info","ts":1527602928.0766299,"caller":"app/plugin.go:113","msg":"Activated plugin","plugin_id":"jira"}
{"level":"info","ts":1527602928.6196475,"caller":"app/server.go:100","msg":"Starting Server..."}
{"level":"info","ts":1527602928.6199677,"caller":"app/server.go:139","msg":"Server is listening on [::]:8065"}
{"level":"info","ts":1527602928.6606016,"caller":"app/web_hub.go:67","msg":"Starting 8 websocket hubs"}
{"level":"info","ts":1527602928.8260381,"caller":"jobs/workers.go:57","msg":"Starting workers"}
{"level":"info","ts":1527602928.8270597,"caller":"jobs/schedulers.go:62","msg":"Starting schedulers."}


#4

@amy.blais coincidentally this Github issues is exactly the same problem I am having as well. just with a different configuration setting: https://github.com/mattermost/mattermost-server/issues/8857


#5

Funny how that happens. I’ve filed a Jira ticket to look into this with some more details

https://mattermost.atlassian.net/browse/MM-10730