I am working with Jenkins and I want to start a script with forever using Jenkins with a different user named aroot.
So my build configuration I write this command:
sudo -u aroot forever start -a --uid 'server' bin/www
It works fine but forever still tries to access the jenkins user and when I try to see the scripts running under forever by using the command:
forever list
I see nothing. Why does this happen? I have changed the user to aroot but it still tries to start the script under jenkins user. What should I do here?
I even tried changing the default jenkins user to aroot but after this, the Jenkins just does not restart.
you should not need the forever thing going. just enable it from systemctl
# systemctl enable jenkins.service
how you get it to run as different users is by editing this file.
# vi /etc/sysconfig/jenkins
and changing this line to whatever user you want.
JENKINS_USER="aroot"
When you restart it will be running as that user but you will need to chown all files in /var/lib/jenkins so it has the correct ownership.
Related
i'm running my node.js app on the linux server using PM2, with a config file, like this:
PM2 start mywebsite.config.js
all is good. but now i want to add jenkins to the picture.
i'm running a pipeline project in jenkins, using Jenkinsfile.
All working fine except for the last command, that should restart the app, to make the new version live:
stage('Restart PM2') {
steps {
sh 'pm2 restart all' }
}
}
and this command fails. here is the log output:
+ pm2 restart all
Use --update-env to update environment variables
[PM2][WARN] No process found
< empty pm2 log table here>
Use `pm2 show <id|name>` to get more details about an app
I understand that PM2 is working per user. means, that the user who ran the first command (start) is the one that should run the restart as well.
but how to do this?
To run pm2 restart all from Jenkins you need to:
Configure your system to run sudo from jenkins
(https://sgoyal.net/2016/11/18/run-a-shell-from-jenkins-using-sudo-ubuntu/)
Make a symbolic link to the .pm2/ folder, in my case(Ubuntu) it was at /root/.pm2 so i run
sudo ln -s /root/.pm2/ /var/lib/jenkins/
NOTE: /var/lib/jenkins if the default jenkins root directory, you can check yours on Jenkins configuration
after that you can go to jenkins and setup a shell command, in my case i did:
#!/bin/sh
echo "RESTARTING ALL"
sudo pm2 restart all
echo "ALL RESTARTED"
NOTE: if you have a .pm2 folder already in your jenkins root directory rename it so you can do the symbolic link
Hope this helps
Instead of restarting PM2 through you jenkins code, let PM2 do it by itself, using the watch flag. in your config file, set watch to be true.
You may want to add a relatively new flag called watch-ignore. that's an array, with files to be ignored by the watch. add your log file and error file to this list. otherwise, any logged information will cause your node app to restart endlessly.
after doing these changes to the config file, run pm2 again with the config. remove the restarting code from Jenkinsfile, you don't need that anymore, pm2 will detect the new version and will reload the app!
BUILD_ID=dontKillMe PM2 start mywebsite.config.js
Jenkins kills the pm2 daemon to be created by the build.
You should put the keyword to prevent killing daemon by Jenkins.
I'm launching an application and am able to use PM2 to run it however I'm looking at making sure PM2 launches on reboot of the server.
I have two users, root and a user for running the application. The user has sudo privileges.
Currently I am typing this command:
sudo env PATH=$PATH:/usr/local/bin /usr/local/lib/node_modules/pm2/bin/pm2 startup systemd -u USER --hp /home/USER
and the result:
[ERROR] Exit code : 1
[PM2][ERROR] systemctl start pm2-paul failed, see error above.
When I check jorunalctl for details, I see this:
pm2-user.service: PID file /home/user/.pm2/pm2.pid not readable (yet?) after
start: No such file or directory
Failed to start PM2 process manager.
Any help would be greatly appreciated, I've been struggling for a few hours now with this.
I have a service that I want to start with system startup. I have built a ap#.service definition for it as a template, because there could be many instances.
Defined in the root systemd, this works well, and starts and stops the service with the system. The service instance is installed with systemctl enable ap#inst1 as would be expected. Root is also able to start and stop the service without problems. The service runs in its own account (myuser), not root, controlled by User=myuser in the ap#.service template.
But I want user 'myuser' to be able to start and stop their own service, without compromising system security.
I switched to using a user systemd, and enabled lingering with loginctl enable-linger myuser. I then enable the service defined in the ~myuser/.config/systemd/user directory. The service now starts and stops cleanly with the system, as designed. If I log in to a terminal as 'myuser', systemctl --user start ap#inst1, and systemctl --user stop ap#inst1 both work perfectly.
However, if I log in as a different user (user2) and perform sudo su - myuser in a terminal, then systemctl --user commands now fail with error message "Failed to get D-Bus connection: no such file or directory".
How do I enable systemctl --user to work after a sudo su - myuser command to switch the user?
I found the answer on another site with further searches using different terms.
The solutions needed was to provide the shell with information to reach the correct DBUS for the user.
By adding the following environment variables to the shell before running systemctl --user, the DBUS problem is eliminated, and systemctl operates correctly.
export XDG_RUNTIME_DIR="/run/user/$UID"
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
To ensure that the DBUS_SESSION_BUS_ADDRESS is available in the sudo shell, I added the environment variables to ~/.bash_profile of the target userid. This requires that a login shell ( sudo su - myuser or sudo -l myuser) is created in order to create the correct environment.
Alternatively, add the creation of the environment variables to ~/.bashrc (or equivalent for other shells). The environment will then be established anew for all shell creations.
systemd 248 (released March 2021) introduced support for the syntax -M myuser# for specifying another user.
$ sudo systemctl --user -M myuser# start ap#inst1
A side-note:
If you want to get an interactive login shell for the user myuser
$ sudo machinectl shell myuser#
I have a cron job that needs to be run under ec2-user on my EC2 instance and it needs to be able to write to the standard log files for my web app. However, the log files are owned by webapp (as per normal).
I've successfully changed the permissions on the log files so that they are accessible by both the owner and the group webapp:webapp. But where I'm running into trouble is when I try to add the ec2-user to the webapp group.
I can do it fine in SSH with sudo usermod -a -G webapp ec2-user but when I try to add this command via EB container-commands, I get an error saying that you must have a tty to run sudo. Running the command without sudo gives me /bin/sh: usermod: command not found.
Anybody know of any other way to be able to add ec2-user to the webapp group via the Elastic Beanstalk deployment config.
Not sure about the issue with the sudoers file, but generally a cleaner way to add a user to a group (than manually executing a command) is to use the users section of the .ebextensions file. For example, in .ebextensions/something.config:
users:
ec2-user:
groups:
- webapp
You should not use sudo, the deploy script is ran by root.
Also, this is a server command, do it in the commands section instead of container commands section.
commands:
01_set_user_role:
command: "usermod -a -G webapp ec2-user"
You need to run this command from a container_command before executing any commands with sudo:
echo Defaults:root \!requiretty >> /etc/sudoers
In context (in .ebextensions/yourconf.config)
container_commands:
001-enableroot:
command: echo Defaults:root \!requiretty >> /etc/sudoers #disables error related to needing a tty for sudo, allows running without cli
I would like to automatically run node server when instances are created (using forever). I am on Ubuntu 11.10 (Canonical), I followed the instructions here exactly on creating launch config using user script: http://alestic.com/2011/11/ec2-schedule-instance
I can't seem to get this to work. Below is my startup script:
#!/bin/bash
set -e -x
/home/MyUserName/node_modules/.bin/forever stopall
/home/MyUserName/node_modules/.bin/forever start node.js/app.js
The launch config is created using this cmd:
as-create-launch-config MyLC --image-id ami-b6a3f8f2 --user-data-file user-data-script.sh --instance-type m1.small
Found the issue, I have to run forever as the user, not root, wonder why...like so:
sudo -u MyUserName /home/MyUserName/node_modules/.bin/forever start node.js/app.js
Are you fully qualifying the app.js file? Could it just be this line?
/home/MyUserName/node_modules/.bin/forever start /home/MyUserName/node.js/app.js