When I send an email to multiple distribution groups, but in the email tracking, I can only see the recipient's name and cannot view the specific distribution group name. Why is this? How to track which distribution groups users have sent emails to?
I have an ECS cluster (on Fargate 1.4.0) with many tasks and services that all log into Cloudwatch, and everything is fine. I have a couple of ECS scheduled tasks (via EventBridge), and I know they are running at the scheduled time as expected. I know it because a) I can see it in the EventBridge Rule monitoring tab, and b) one of the scheduled tasks job is to send an email, and I receive that email. So it is running but not logging into CloudWatch like the other tasks?
Before I go to my troubleshooting steps, let me give you more insights:
In each task definition, I have this log block:
logConfiguration = {
logDriver = "awslogs"
options = {
awslogs-group = aws_cloudwatch_log_group.ecs_log_group.name
awslogs-region = "us-east-1"
awslogs-stream-prefix = "prod-cron-engage"
}
}
I know everything is correct there because my other tasks that are not scheduled (running via services 24/7) are logging successfully there.
Each task has these two parameters:
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
task_role_arn = aws_iam_role.ecs_task_execution_role.arn
These are:
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecsTaskExecutionRole"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
}
]
})
tags = {
"Name" = "${var.name_prefix}-iam-ecs-role"
}
}
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
In the AmazonECSTaskExecutionRolePolicy, there are essential policies for ECS, including access to CloudWatch.
Also, here is my event bridge rule:
resource "aws_cloudwatch_event_rule" "prod_cron_engage_rule" {
name = "prod-engage-rule"
description = "Run Prod Engage task every 30 minutes."
schedule_expression = "rate(30 minutes)"
}
resource "aws_cloudwatch_event_target" "prod_cron_engage_target" {
target_id = "run-prod-engage-task-every-half-an-hour"
rule = aws_cloudwatch_event_rule.prod_cron_engage_rule.name
arn = aws_ecs_cluster.ecs_cluster.arn
role_arn = aws_iam_role.eventbridge_role.arn
ecs_target {
task_definition_arn = aws_ecs_task_definition.prod_cron_engage_task.arn
task_count = 1
launch_type = "FARGATE"
network_configuration {
subnets = module.vpc.private_subnets
security_groups = [aws_security_group.ecs_sg.id]
assign_public_ip = false
}
tags = {
"Name" = "${var.name_prefix}-ecs-prod-cron-engage"
}
}
}
Here are the EventBridge roles and policies:
resource "aws_iam_role" "eventbridge_role" {
name = "eventbridge-ecs-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Principal = {
Service = "events.amazonaws.com"
}
Effect = "Allow"
Sid = ""
}
]
})
}
resource "aws_iam_role_policy" "eventbridge_policy" {
name = "eventbridge-ecs-policy"
role = aws_iam_role.eventbridge_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "ecs:RunTask"
Effect = "Allow"
Resource = [
aws_ecs_task_definition.prod_cron_engage_task.arn
]
},
{
Action = "iam:PassRole"
Effect = "Allow"
Resource = aws_iam_role.eventbridge_role.arn
}
]
})
}
What did I do so far?
At first, I thought maybe, somehow, there is a restriction rule that denies those scheduled tasks from access to CloudWatch (unlikely, but I thought since they are now scheduled with EventBridge, maybe it is possible), So I give both ECS and EventBridge full CloudWatch access. Doesn't change anything.
I tried to create a new log group with those broad permissions and see if the tasks can create that new log group or not. The new log group wasn't there, so the log groups couldn't be created through task definitions.
I have a local-facing interface on my firewall which has multiple IP addresses (192.168.0.1 and 192.168.0.5) assigned to it. Packets from both of these IPs are forwarded to the WAN interface. However, I want to apply different filtering rules depending on which local IP the packet was received on. (The idea is to use 192.168.0.5 as the gateway for a restricted-access wireless access point, whilst 192.168.0.1 is used as the gateway for all other traffic). I tried doing this using interface aliases, but these don't come through to iptables and are deprecated anyway seemingly. How would you do this?
(I can do this type of filtering fine in the INPUT chain, just using the destination IP address, but how would I do it in the FORWARD chain?)
Environment
- Hardware: a common X86_64 PC. There are two 4TB HDDs,
/dev/sdaand/dev/sdb. - OS: Anolis OS 23.1 (a variant of CentOS Stream like RockyLinux, so the behavior should be very similar).
- Components:
- grub2-common-1:2.12-8.an23.noarch
- Grub2-efi-x64-1:2.12-8.an23.x86_64
- shim-x64-15.8-1.an23.x86_64
- The output of
lsblk -fis:
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sda
├─sda1 vfat FAT16 3687-D3D5 121.6M 5% /mnt/newraid/boot/efi
│ /boot/efi
├─sda2 ext4 1.0 a8889be5-a5bf-4001-80fd-8cc5848b0f15 3.4T 0% /home
├─sda3 ext4 1.0 7ed59ca5-1062-4841-9eaf-5455de1ff527 16.3G 11% /
└─sda4 swap 1 7cb849cb-db1a-46da-a64b-5afffb1e7c4c [SWAP]
sdb
├─sdb1 vfat FAT16 75D0-F9B6
├─sdb2 linux_raid_member 1.2 ZX-NAS:1 d2d58a60-b4fb-d792-5430-07603f85c090
│ └─md1 ext4 1.0 24814373-7082-4290-986b-5f049e4d76dd 3.4T 0% /mnt/newraid/home
├─sdb3 linux_raid_member 1.2 ZX-NAS:0 ae686811-5489-4aa6-c48d-458fe0bbc232
│ └─md0 ext4 1.0 d3984281-70f1-47fc-aaf0-8627d49ec68f 16.3G 11% /mnt/newraid
└─sdb4 swap 1 533b5b6a-5931-4fb0-b3ee-1152a62e6e11
What I want to do
- Copy all files from
/dev/sdato/dev/sdb(which I've done byrsync). - Generate grub items for the OS on
/dev/sdb. - Boot to the system on
/dev/sdbso that I can finally add/dev/sdato the mdadm RAID1 array.
What I did
- Mount all partitions:
mount /dev/md0 newraid
mount /dev/md1 newraid/home
mount /dev/sda1 newraid/boot/efi
mount --bind /dev newraid/dev
mount --bind /dev/pts newraid/dev/pts
mount --bind /proc newraid/proc
mount --bind /sys newraid/sys
chrootinto the mounted directory and reinstall grub2 packages:
chroot newraid/
rm /boot/grub2/grub.cfg
rm /boot/efi/EFI/anolis/grub.cfg
dnf reinstall shim-* grub2-efi-* grub2-common
Related information (in chroot environment)
- The contents of
/etc/mdadm.conf:
DEVICE /dev/sda* /dev/sdb*
ARRAY /dev/md0 metadata=1.2 name=ZX-NAS:0 UUID=ae686811:54894aa6:c48d458f:e0bbc232
ARRAY /dev/md1 metadata=1.2 name=ZX-NAS:1 UUID=d2d58a60:b4fbd792:54300760:3f85c090
- The output of
grubby --info DEFAULTshows correct UUID of/dev/md0:
index=0
kernel="/boot/vmlinuz-6.6.25-2.1.an23.x86_64"
args="ro resume=UUID=7cb849cb-db1a-46da-a64b-5afffb1e7c4c rhgb quiet"
root="UUID=d3984281-70f1-47fc-aaf0-8627d49ec68f"
initrd="/boot/initramfs-6.6.25-2.1.an23.x86_64.img $tuned_initrd"
title="Anolis OS (6.6.25-2.1.an23.x86_64) 23"
id="1e06d08a379c4b8eb7c36745cd33b690-6.6.25-2.1.an23.x86_64"
- The contents of
/boot/efi/EFI/anolis/grub.cfg:
search --no-floppy --fs-uuid --set=dev d3984281-70f1-47fc-aaf0-8627d49ec68f
set prefix=($dev)/boot/grub2
export $prefix
configfile $prefix/grub.cfg
- The contents of
/boot/grub2/grub.cfg:
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
set pager=1
if [ -f ${config_directory}/grubenv ]; then
load_env -f ${config_directory}/grubenv
elif [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="${saved_entry}"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
terminal_output console
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/00_tuned ###
set tuned_params=""
set tuned_initrd=""
### END /etc/grub.d/00_tuned ###
### BEGIN /etc/grub.d/01_users ###
if [ -f ${prefix}/user.cfg ]; then
source ${prefix}/user.cfg
if [ -n "${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root ${GRUB2_PASSWORD}
fi
fi
### END /etc/grub.d/01_users ###
### BEGIN /etc/grub.d/08_fallback_counting ###
insmod increment
# Check if boot_counter exists and boot_success=0 to activate this behaviour.
if [ -n "${boot_counter}" -a "${boot_success}" = "0" ]; then
# if countdown has ended, choose to boot rollback deployment,
# i.e. default=1 on OSTree-based systems.
if [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
set default=1
set boot_counter=-1
# otherwise decrement boot_counter
else
decrement boot_counter
fi
save_env boot_counter
fi
### END /etc/grub.d/08_fallback_counting ###
### BEGIN /etc/grub.d/10_linux ###
insmod part_gpt
insmod diskfilter
insmod mdraid1x
insmod ext2
set root='mduuid/ae68681154894aa6c48d458fe0bbc232'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='mduuid/ae68681154894aa6c48d458fe0bbc232' d3984281-70f1-47fc-aaf0-8627d49ec68f
else
search --no-floppy --fs-uuid --set=root d3984281-70f1-47fc-aaf0-8627d49ec68f
fi
insmod part_gpt
insmod fat
set boot='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=boot --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 3687-D3D5
else
search --no-floppy --fs-uuid --set=boot 3687-D3D5
fi
# This section was generated by a script. Do not modify the generated file - all changes
# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
#
# The blscfg command parses the BootLoaderSpec files stored in /boot/loader/entries and
# populates the boot menu. Please refer to the Boot Loader Specification documentation
# for the files format: https://systemd.io/BOOT_LOADER_SPECIFICATION/.
# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
# entries populated from BootLoaderSpec files that use this variable work correctly even
# without a grubenv file, define a fallback kernelopts variable if this has not been set.
#
# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
if [ -z "${kernelopts}" ]; then
set kernelopts="root=UUID=d3984281-70f1-47fc-aaf0-8627d49ec68f ro resume=UUID=7cb849cb-db1a-46da-a64b-5afffb1e7c4c rhgb quiet "
fi
insmod blscfg
blscfg
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/10_reset_boot_success ###
# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
if [ "${boot_success}" = "1" -o "${boot_indeterminate}" = "1" ]; then
set menu_hide_ok=1
else
set menu_hide_ok=0
fi
# Reset boot_indeterminate after a successful boot
if [ "${boot_success}" = "1" ] ; then
set boot_indeterminate=0
# Avoid boot_indeterminate causing the menu to be hidden more than once
elif [ "${boot_indeterminate}" = "1" ]; then
set boot_indeterminate=2
fi
# Reset boot_success for current boot
set boot_success=0
save_env boot_success boot_indeterminate
### END /etc/grub.d/10_reset_boot_success ###
### BEGIN /etc/grub.d/12_menu_auto_hide ###
if [ x$feature_timeout_style = xy ] ; then
if [ "${menu_show_once}" ]; then
unset menu_show_once
save_env menu_show_once
set timeout_style=menu
set timeout=60
elif [ "${menu_auto_hide}" -a "${menu_hide_ok}" = "1" ]; then
set orig_timeout_style=${timeout_style}
set orig_timeout=${timeout}
if [ "${fastboot}" = "1" ]; then
# timeout_style=menu + timeout=0 avoids the countdown code keypress check
set timeout_style=menu
set timeout=0
else
set timeout_style=hidden
set timeout=1
fi
fi
fi
### END /etc/grub.d/12_menu_auto_hide ###
### BEGIN /etc/grub.d/14_menu_show_once ###
if [ x$feature_timeout_style = xy ]; then
if [ "${menu_show_once_timeout}" ]; then
set timeout_style=menu
set timeout="${menu_show_once_timeout}"
unset menu_show_once_timeout
save_env menu_show_once_timeout
fi
fi
### END /etc/grub.d/14_menu_show_once ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###
### BEGIN /etc/grub.d/25_bli ###
if [ "$grub_platform" = "efi" ]; then
insmod bli
fi
### END /etc/grub.d/25_bli ###
### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Anolis OS 23 (on /dev/sda3)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-6.6.25-2.1.an23.x86_64--7ed59ca5-1062-4841-9eaf-5455de1ff527' {
insmod part_gpt
insmod ext2
set root='hd0,gpt3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt3 --hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3 7ed59ca5-1062-4841-9eaf-5455de1ff527
else
search --no-floppy --fs-uuid --set=root 7ed59ca5-1062-4841-9eaf-5455de1ff527
fi
linux /boot/vmlinuz-6.6.25-2.1.an23.x86_64 root=/dev/sda3
initrd /boot/initramfs-6.6.25-2.1.an23.x86_64.img
}
menuentry 'Anolis OS 23 (on /dev/sda3)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-0-rescue-1e06d08a379c4b8eb7c36745cd33b690--7ed59ca5-1062-4841-9eaf-5455de1ff527' {
insmod part_gpt
insmod ext2
set root='hd0,gpt3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt3 --hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3 7ed59ca5-1062-4841-9eaf-5455de1ff527
else
search --no-floppy --fs-uuid --set=root 7ed59ca5-1062-4841-9eaf-5455de1ff527
fi
linux /boot/vmlinuz-0-rescue-1e06d08a379c4b8eb7c36745cd33b690 root=/dev/sda3
initrd /boot/initramfs-0-rescue-1e06d08a379c4b8eb7c36745cd33b690.img
}
# Other OS found, undo autohiding of menu unless menu_auto_hide=2
if [ "${orig_timeout_style}" -a "${menu_auto_hide}" != "2" ]; then
set timeout_style=${orig_timeout_style}
set timeout=${orig_timeout}
fi
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
if [ "$grub_platform" = "efi" ]; then
fwsetup --is-supported
if [ "$?" = 0 ]; then
menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
fi
fi
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###
Error I got
- The booting process was stuck at finding
/dev/md0. The timeout is FOREVER
What I have tried
- Changing the paths of mdadm partitions in
/etc/fstabfrom UUID to/dev/md0(1)does not work. dracut --regenerate-all -fdoes not work.- Since it is impossible to boot successfully, logs of
dmesgorjournalctlare not available. - I tried to boot the system inside
/dev/md0through GRUB command line directly. The boot process is still stuck at finding/dev/md0.
Ubuntu 24.04.1 LTS, "postfix start" and "postfix stop" work like a charm.
systemctl start postfix
(no answer)
/var/log/syslog
2024-12-13T21:49:14.744589+01:00 aaa systemd[1]: Starting [email protected] - Postfix Mail Transport Agent (instance -)...
2024-12-13T21:49:15.002726+01:00 aaa systemd[1]: [email protected]: Control process exited, code=exited, status=1/FAILURE
2024-12-13T21:49:15.003169+01:00 aaa systemd[1]: [email protected]: Failed with result 'exit-code'.
2024-12-13T21:49:15.004922+01:00 aaa systemd[1]: Failed to start [email protected] - Postfix Mail Transport Agent (instance -).
journalctl -xeu [email protected]
This looks like spam.
systemctl status postfix.service
systemctl status postfix.service
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; preset: enabled)
Active: active (exited) since Fri 2024-12-13 20:51:32 CET; 1h 1min ago
Docs: man:postfix(1)
Process: 960 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 960 (code=exited, status=0/SUCCESS)
CPU: 7ms
Dec 13 20:51:31 aaa systemd[1]: Starting postfix.service - Postfix Mail Transport Agent...
Dec 13 20:51:32 aaa systemd[1]: Finished postfix.service - Postfix Mail Transport Agent.
systemctl status [email protected]
[email protected] - Postfix Mail Transport Agent (instance -)
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled-runtime; preset: enabled)
Active: failed (Result: exit-code) since Fri 2024-12-13 21:49:15 CET; 4min 48s ago
Docs: man:postfix(1)
Process: 2191 ExecStartPre=/usr/lib/postfix/configure-instance.sh - (code=exited, status=1/FAILURE)
CPU: 246ms
Dec 13 21:49:14 aaa systemd[1]: Starting [email protected] - Postfix Mail Transport Agent (instance -)...
Dec 13 21:49:15 aaa systemd[1]: [email protected]: Control process exited, code=exited, status=1/FAILURE
Dec 13 21:49:15 aaa systemd[1]: [email protected]: Failed with result 'exit-code'.
Dec 13 21:49:15 aaa systemd[1]: Failed to start [email protected] - Postfix Mail Transport Agent (instance -).
postfix check
(no answer) = configuration ok
Tried everything without the files
/var/lib/postfix/master.lock
/var/spool/postfix/pid/master.pid
I tried also
inet_interfaces = ipv4
and
#inet_interfaces = ipv4
Nothing changes.
Help, thank you