Project

General

Profile

Bug #15434

Cannot start relayd

Added by Nicolas CHARLES 3 months ago. Updated 12 days ago.

Status:
Released
Priority:
N/A
Category:
Server components
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

running systemctl start rudder-relayd doesn't start relayd on centos7
exit code is indeed 0, but journalctl shows

Aug 08 12:49:48 server systemd[1]: Started Rudder Relay Daemon.
Aug 08 12:49:48 server polkitd[682]: Unregistered Authentication Agent for unix-process:23907:277601 (system bus name :1.118, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Aug 08 12:49:48 server rudder-relayd[23913]:  INFO relayd: Starting rudder-relayd 5.1.0-alpha1-git201908072219
Aug 08 12:49:48 server rudder-relayd[23913]:  INFO relayd: Read configuration from "/opt/rudder/etc/relayd/" 
Aug 08 12:49:48 server rudder-relayd[23913]: ERROR rudder_relayd: I/O error: Permission denied (os error 13)
Aug 08 12:49:48 server systemd[1]: rudder-relayd.service: main process exited, code=exited, status=1/FAILURE
Aug 08 12:49:48 server systemd[1]: Unit rudder-relayd.service entered failed state.

perms are
drwxr-xr-x.  2 root root     43 Aug  8 12:50 relayd

root@server:/var/rudder/reports# ls -alh /opt/rudder/etc/relayd
total 12K
drwxr-xr-x.  2 root root   43 Aug  8 12:50 .
drwxr-xr-x. 10 root root 4.0K Aug  8 12:50 ..
-rw-r--r--.  1 root root  429 Aug  8 08:50 logging.conf
-rw-r--r--.  1 root root  851 Aug  8 12:50 main.conf


Subtasks

Bug #15439: Update rudder relay reload command to permit permission checkReleasedAlexis MOUSSETActions
Bug #15441: change call to rudder relay reload to check permission of generated fileReleasedAlexis MOUSSETActions

Associated revisions

Revision 8d45f819 (diff)
Added by Nicolas CHARLES 3 months ago

Fixes #15434: Cannot start relayd

History

#1

Updated by Alexis MOUSSET 3 months ago

It's probably a problem to read the files in /var/rudder/lib/ssl

#2

Updated by Nicolas CHARLES 3 months ago

doing chown root:rudder /var/rudder/lib/ssl/allnodescerts.pem solves the issue

#3

Updated by Nicolas CHARLES 3 months ago

i tried doing perm <- IOResult.effect(file.setGroup("rudder")), but it fails with

[2019-08-08 16:12:29] ERROR com.normation.rudder.services.policies.WriteNodeCertificatesPemImpl - SystemError: An error occured; cause was: java.io.IOException: 'owner' parameter can't be a group 
 -> com.normation.rudder.services.policies.WriteNodeCertificatesPemImpl.$anonfun$writeCertificates$8(WriteNodeCertificatesPem.scala:99)
#4

Updated by Nicolas CHARLES 3 months ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
#5

Updated by Nicolas CHARLES 3 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/2379
#6

Updated by Nicolas CHARLES 3 months ago

  • Status changed from Pending technical review to Pending release
#7

Updated by Vincent MEMBRÉ 12 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.0~beta1 which was released today.

Also available in: Atom PDF