What I tried:
in /etc/nixos/configuration.nix:
services.lambdabot.enable = true;
services.lambdabot.script ="
rc /var/lib/lambdabot/.lambdabot/creds.rc
irc-connect twitch irc.chat.twitch.tv 6667 IsoMorpheus Lambda_Robots:_100%_Loyal
admin + twitch:IsoMorpheus
join twitch:#freeman42x";
in /var/lib/lambdabot/.lambdabot/creds.rc:
irc-password oauth:6q9hoi2notaellmugrr3alh9yjx8ua
Then:
nixos-rebuild switch
chown lambdabot /var/lib/lambdabot/.lambdabot/creds.rc
systemctl restart lambdabot
Checking HTOP it can be seen that the service is running but the bot does not connect to the IRC channel.
Settings from the manual:
services.lambdabot.enable
Enable the Lambdabot IRC bot
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
services.lambdabot.script
Lambdabot script
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
Launching lambdabot manually it connects fine and it replies to commands:
https://github.com/lambdabot/lambdabot/blob/1d1ed3e7980081c9f356f8d2fd8ca2771c0ed4f4/lambdabot-core/README.md#connecting
Any suggestions of how to launch it as a service?
[root#nixos:/home/neo]# systemctl status lambdabot
● lambdabot.service - Lambdabot daemon
Loaded: loaded (/nix/store/ifwgvglg3vzndk5wssb66vdz9j9rdflf-unit-lambdabot.service/lambdabot.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-01-27 23:53:33 EET; 1min 32s ago
Main PID: 4749 (lambdabot-start)
Tasks: 8 (limit: 4915)
CGroup: /system.slice/lambdabot.service
├─4749 /nix/store/jgw8hxx7wzkyhb2dr9hwsd9h2caaasdc-bash-4.4-p12/bin/bash -e /nix/store/0c6ya3n4bz6id840f4gprv3ly24808rn-unit-script/bin/lambdabot-start
├─4753 /nix/store/jgw8hxx7wzkyhb2dr9hwsd9h2caaasdc-bash-4.4-p12/bin/bash -e /nix/store/0c6ya3n4bz6id840f4gprv3ly24808rn-unit-script/bin/lambdabot-start
├─4754 /nix/store/h0z0pf4ix0ilx5j1x6sk1rfkpjcyjhvc-lambdabot-5.1.0.1/bin/lambdabot
└─4755 cat /run/lambdabot/offline
Jan 27 23:53:33 nixos systemd[1]: Started Lambdabot daemon.
Jan 27 23:53:37 nixos lambdabot-start[4749]: [WARNING] Plugin.seen: WARNING: failed to read Seen module state: Data.Binary.Get.runGet at position 0: not enough bytes
Jan 27 23:53:37 nixos lambdabot-start[4749]: CallStack (from HasCallStack):
Jan 27 23:53:37 nixos lambdabot-start[4749]: error, called at libraries/binary/src/Data/Binary/Get.hs:342:5 in binary-0.8.3.0:Data.Binary.Get
Jan 27 23:53:37 nixos lambdabot-start[4749]: Plugin `offlineRC' failed with: /var/lib/lambdabot/.lambdabot/State: createDirectory: permission denied (Permission denied)
The issue is that I set permission on the creds.rc file instead of on the entire folder, fix:
chown -R lambdabot:users /var/lib/lambdabot/.lambdabot
Related
When I try to load a redis module with loadmodule in redis.conf, redis-server crashes.
The log shows
Module /etc/modules/librejson.so failed to load: /etc/modules/librejson.so: unable to open shared objects file: Permission denied.
I have read the documentation to install RedisJson, but it does not work for me.
If I comment loadmodule line, the server works fine.
Installation process
sudo dnf update
sudo dnf upgrade
sudo dnf install redis
Configuration
cd /etc/redis
nvim /redis.conf
loadmodule loadmodule /etc/modules/librejson.so
supervised systemd
The rest of the file is kept by default
What I did
I created modules folder inside etc folder
I ran chown redis:root over modules folder
I moved the module to /etc/modules because I had read that homeprotection can block redis when trying to read the module in the /home path.
Then I used ls -l to check permissions and owners:
-rwxr-xr-x. 2 user user user 23668904 Feb 15 09:10 librejson.so
after that, I ran chown redis:root (as redis.conf owners): -rwxr-xr-xr-x. 2 redis root 23668904 Feb 15 09:10 librejson.so
and when I ran sudo systemctl restart redis.service:
Job for redis.service failed because the control process exited with error code.
See "systemctl status redis.service" and "journalctl -xeu redis.service" for details.
systemctl status redis.service:
redis.service - Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
└─limit.conf
Active: failed (Result: exit-code) since Thu 2023-02-16 13:21:58 CST; 6min ago
Process: 28947 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --daemonize no --supervised systemd (code=exited, status=1/FAILURE)
Main PID: 28947 (code=exited, status=1/FAILURE)
Status: "Redis is loading..."
CPU: 10ms
Feb 16 13:21:58 fedora systemd[1]: Starting redis.service - Redis persistent key-value database...
Feb 16 13:21:58 fedora systemd[1]: redis.service: Main process exited, code=exited, status=1/FAILURE
Feb 16 13:21:58 fedora systemd[1]: redis.service: Failed with result 'exit-code'.
Feb 16 13:21:58 fedora systemd[1]: Failed to start redis.service - Redis persistent key-value database.
and nothing, I ran out of ideas.
System specs
Fedora 37
Redis server v=7.0.8
I have VPS server with Debian 10. I want to start Apache2 with option PrivateTmp=true.
But on start it failed with error: apache2.service: Failed at step NAMESPACE spawning /usr/sbin/apachectl: Permission denied.
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2020-11-27 17:17:43 CET; 5s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 523 ExecStart=/usr/sbin/apachectl start (code=exited, status=226/NAMESPACE)
Nov 27 17:17:43 5091-server systemd[1]: Starting The Apache HTTP Server...
Nov 27 17:17:43 5091-server systemd[523]: apache2.service: Failed to set up mount namespacing: Permission denied
Nov 27 17:17:43 5091-server systemd[523]: apache2.service: Failed at step NAMESPACE spawning /usr/sbin/apachectl: Permission denied
Nov 27 17:17:43 5091-server systemd[1]: apache2.service: Control process exited, code=exited, status=226/NAMESPACE
Nov 27 17:17:43 5091-server systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 27 17:17:43 5091-server systemd[1]: Failed to start The Apache HTTP Server.
I checked the permissions for tmp:
root#5091-server:~# ls -ld /tmp
drwxrwxrwt 8 root root 4096 Nov 27 17:17 /tmp
root#5091-server:~# ls -ld /var/tmp
drwxrwxrwt 2 root root 4096 Nov 27 17:17 /var/tmp
Any idea which permissions are wrong?
This can work...
sudo sed -i -e 's,PrivateTmp=true,PrivateTmp=false\nNoNewPrivileges=yes,g' /lib/systemd/system/apache2.service
sudo systemctl daemon-reload
sudo systemctl start apache2.service
sudo systemctl status apache2.service
This is related to new systemd security features (v220+?) conflicting with unprivileged LXC containers like the ones inside Proxmox.
Edit apache config (the clean way):
sudo systemctl edit apache2.service
Add this to disable new systemd security features (affect LXC containers like the ones inside Proxmox)
[Service]
PrivateDevices=false
PrivateTmp=false
ProtectControlGroups=false
ProtectKernelModules=false
ProtectSystem=false
Maybe only necessary:
ProtectHome=false
ProtectSystem=false
Then
sudo systemctl start apache2.service
sudo systemctl status apache2.service # Just to check the output
I saw this on apache2 and memcached. Also with systemd-logind. In this last case ssh connection speed was affected. ssh -vvv was stuck on debug1: pledge: filesystem (without VPN), and debug1: pledge: network (with VPN). As mention here and here the problem is solved enabling nesting (also here) on the Proxmox containers.
Probably simply enabling the "nesting" feature for the container (if it is unprivileged) will allow systemd to make use of its namespacing features.
Related
Nested containers in LXD | Ubuntu
Roadmap - Proxmox VE 7.1 The real fix is to upgrade host?
Failed to reset devices.list...Operation not permitted · Issue #2004 · lxc/lxd
I installed Node V10.19.0 and tileserver-gl
I created a bash file in my home directory, by the name tileserver.sh
Which contain this code:
xvfb-run -a -s "-screen 0 1024x768x24" tilerserver-gl NewZeland.mbtiles
When I executed it works fine, and listening on port 8080
and I created service of this file in /etc/systemd/system/tileserver.service and enabled
sudo systemctl status tileserver.service
It shows this error:
Loaded: loaded (/etc/systemd/system/tileserver.service: enabled; vendor preset: enabled)
Active: Failed (Result: exit-code) since .....
process: 3729 ExecStart=/home/tilesServer/tileserver.sh ( code=exited, status=126)
Main PID: 3729 ( code=exited, status=126)
mar 26 18:21:57 tileserver systemd started tileserver bash script runing
mar 26 18:21:57 tilerserver tileserver.sh[3729] : /usr/bin/env "node' Permission denied
mar 26 18:21:57 tileserver systemd[1]: tileserver.service: main process exited , code=exited, status=126/n/a
mar 26 18:21:57 tileserver systemd[1]: tileserver.service: Failed with result 'exit-code'
How to resolve this issue and error
I recommended you use NVM and install It as normal user, after your installed NVM you should install NodeJS with nvm install stable to get node stable version and then you will can test.
First I add the nvm path to bachrc
start to debug it. With root
node debug tileserver-gl
It work fine , so I modified the script and working fine
I have recently installed puppet5 in Centos7 (Running in VirtualBox). After installation I tried starting it which thrown the below message.
Is there anything should I do with configuration?
[root#puppet ~]# systemctl status puppetserver -l
● puppetserver.service - puppetserver Service
Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled)
Active: activating (start) since Thu 2018-01-25 13:59:44 IST; 32s ago
Control: 10284 (bash)
CGroup: /system.slice/puppetserver.service
├─10284 bash /opt/puppetlabs/server/apps/puppetserver/cli/apps/start
├─10291 java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar:/opt/puppetlabs/server/apps/puppetserver/jruby-1_7.jar:/opt/puppetlabs/server/data/puppetserver/jars/* clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d --bootstrap-config /etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/ --restart-file /opt/puppetlabs/server/data/puppetserver/restartcounter
└─10366 sleep 1
Jan 25 13:59:44 puppet systemd[1]: Starting puppetserver Service...
Journal Logs:
Jan 25 14:01:29 puppet puppetserver[10419]: Background process 10426 exited before start had completed
Jan 25 14:01:29 puppet systemd[1]: puppetserver.service: control process exited, code=exited status=1
Jan 25 14:01:29 puppet systemd[1]: Failed to start puppetserver Service.
-- Subject: Unit puppetserver.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit puppetserver.service has failed.
--
-- The result is failed.
It looks like the VM has insufficient memory to run the server.
Edit the file /etc/default/puppetserver and lower the values of
JAVA_ARGS=" -Xms2g -Xmx2g ...
to:
JAVA_ARGS="-Xms1g -Xmx1g ...
The VM must have at least 1GB RAM configured with the edited settings.
I have tried too many times,but I failed.
I run order in shell ,it works,but I write it to supervisor or /etc/rc.d/init.d/functions ,both failed!
/usr/sbin/rabbitmq-server start (shell works)
supervisor or /etc/rc.d/init.d/functions ,both failed!
RabbitMQ on Centos7 uses the systemd.
You have to enable the service:
sudo systemctl enable rabbitmq-server
Then try to reboot:
Last login: Tue Sep 5 07:51:49 2017 from 10.0.2.2
[vagrant#localhost ~]$ sudo systemctl status rabbitmq-server
● rabbitmq-server.service - RabbitMQ broker
Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-09-05 07:57:05 UTC; 20s ago
Main PID: 930 (beam.smp)
Status: "Initialized"
CGroup: /system.slice/rabbitmq-server.service
├─ 930 /usr/lib64/erlang/erts-9.0.4/bin/beam.smp -W w -A 64 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -K true -- -root /usr/lib64/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.11.902/ebin -noshell -n...
├─1317 /usr/lib64/erlang/erts-9.0.4/bin/epmd -daemon
├─2354 erl_child_setup 1024
├─2437 inet_gethost 4
└─2438 inet_gethost 4
EDIT
It is the same for 3.3.5, see here:
[vagrant#localhost ~]$ sudo systemctl status rabbitmq-server
● rabbitmq-server.service - LSB: Enable AMQP service provided by RabbitMQ broker
Loaded: loaded (/etc/rc.d/init.d/rabbitmq-server; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[vagrant#localhost ~]$ sudo systemctl enable rabbitmq-server
rabbitmq-server.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig rabbitmq-server on
[vagrant#localhost ~]$ sudo reboot
➜ centos7 vagrant ssh
Last login: Tue Sep 5 08:04:37 2017 from 10.0.2.2
[vagrant#localhost ~]$ sudo systemctl status rabbitmq-server
● rabbitmq-server.service - LSB: Enable AMQP service provided by RabbitMQ broker
Loaded: loaded (/etc/rc.d/init.d/rabbitmq-server; bad; vendor preset: disabled)
Active: active (running) since Tue 2017-09-05 08:48:23 UTC; 9s ago
Docs: man:systemd-sysv-generator(8)
Process: 972 ExecStart=/etc/rc.d/init.d/rabbitmq-server start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/rabbitmq-server.service
├─1325 /bin/sh /etc/rc.d/init.d/rabbitmq-server start
├─1335 /bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rabbitmq-server
└─1339 /bin/sh /usr/sbin/rabbitmq-server
RabbitMQ version:
sudo rabbitmqctl status
Status of node rabbit#localhost ...
[{pid,1379},
{running_applications,[{rabbit,"RabbitMQ","3.3.5"},
Note:
You are using a very old RabbitMQ version, please consider to update it to the last one