I'm working on restarting slapd process with minimum data loss and the task I was given was to start slapd process on port 400, reroute packets to it, and keep it alive until the one on default port (389) is alive again.
I've managed to stop the default one with:
sudo /etc/init.d/slapd stop
and then to start another one with:
sudo slapd -h ldap://127.0.0.1:400 -g openldap -u openldap -F /etc/ldap/slapd.d
but if I try to do the above command after executing:
sudo slapd -h ldap://127.0.0.1:389 -g openldap -u openldap -F /etc/ldap/slapd.d
nothing happens.
Is it possible to have two slapds listening on different ports simultaneously?
Related
I can't run docker commands as my own user. But I know that the service is running because I can run commands as sudo:
$ docker ps
Cannot connect to the Docker daemon at unix:///run/user/1000/docker.sock. Is the docker daemon running?
$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
(snip) (snip) (snip) 13 days ago Up 2 hours (healthy) 9000/tcp (snip)
I am successfully running a few containers, and they each work, but I have another not listed in 👆 that I need to run as my own user.
I am part of the docker group:
$ groups
docker www-data video tim
I'm not sure what else to check. I do have this:
$ echo $DOCKER_HOST
unix:///run/user/1000/docker.sock
Also:
$ uname -r
5.4.0-65-generic
$ docker --version
Docker version 19.03.6, build 369ce74a3c
This is on Ubuntu 18.04.5 LTS
As you followed all the post installation steps correctlly, as far as I can tell, my best guess is that has to do with the DOCKER_HOST environment variable.
Does it help if you unset DOCKER_HOST? (Perhaps you need to log out, so it has an effect.)
On my system, docker ps works with sudo, but once I set DOCKER_HOST=unix:///run/user/1000/docker.sock, I get the same error as you.
For some background, here is a question about the DOCKER_HOST variable. In essence, that variable should normally not be set.
Return to the default sock path (unix:///var/run/docker.sock), by unsetting DOCKER_HOST and removing an errant config files:
unset DOCKER_HOST
rm -r ~/.docker
The Docker Daemon must be restarted after creating the “docker” group:
sudo services docker restart
Then, ensure you add your current user to the group:
sudo usermod -a -G docker $USER
This will ensure your user has access to the socket file.
UPDATE: 12/2022
Recently had to do this on Ubuntu 22.04 LTS and ran into the login shell persisting the previous group.
Since the UI manages the login shell, a restart is either required, or you need to replace the process with exec. You can work around this issue, until you restart, by replacing your current shell process: (use $0 instead, if $SHELL doesn't match your preferred shell)
exec sudo -u $USER -E $SHELL
Everytime I restart, I see loads of dockerd -h fd// processes when I run htop on ubuntu
I want to kill all of these processes (I have no idea why they're being run upon restart, but they're massively reducing my cpu performance.)
I tried every suggestion here Stop and remove all docker containers but nothing worked: the processes are still running.
How do I fix this?
First verify if you do not have containers that are still running :docker container ps, if you have containers that are still running stop them docker stop container1 container2 or even docker stop $(docker ps -q)and verify if the cpu performance issue persists.
Then verify the status of docker service: sudo systemctl status docker here you can see different things that may help you :
Afterwards you can restart/stop and even disable the auto-restart of the docker daemon if you want :
sudo systemctl restart docker
sudo systemctl stop docker
sudo systemctl disable docker
And if you want to start the service again at boot time sudo systemctl enable docker and verify if the problem persists.
PS: If you do not have systemctl, use the service command.
you can see the proccess of the docker containers by using :
1 - docker ps -a
and then stop :
2- docker stop Container-ID
and then you can remove it :
3- docker rm Container-ID
I have a daemon that must be run as root on startup.
I use pm2 to start other apps but can not figure out if it can start an app as root. Can it be done?
If not, what are my options?
I had problems with sudo pm2 start api, but this was since pm2 was already running without sudo privileges, therefor you need to run:
pm2 kill
sudo pm2 start api
This kills the pm2 deamon first, so that it starts in sudo, but then you need sudo for ALL pm2 commands afterwards, like: sudo pm2 ls
If you only need your daemon to be run as root in order to access a port number (such as 80 or 443), the pm2 documentation recommends using authbind. So, if you want the user yourusername to have access to port 80, run:
$ sudo apt-get install authbind
$ sudo touch /etc/authbind/byport/80
$ sudo chown yourusername /etc/authbind/byport/80
$ sudo chmod 755 /etc/authbind/byport/80
$ authbind --deep pm2 update
And then use authbind --deep pm2 instead of pm2. The documentation suggests setting up an alias.
I would recommend:
sudo pm2 start index.js
OR
pm2 start 'http-server' /var/www -p 80
sudo pm2 startup
pm2 save
OR
pm2 start 'which http-server' /var/www -p 80
To start it on your HTTP Port
Also, I always put -i 0 at the end - this starts up as many worker processes as you have cores. Check THIS
It is not always necessary to start PM2 as root. If you have PM2 as root and the cli module installed, security is a big risk. This is only required if you're starting your app on a port between 1 and 1024
Wasted about an hour
On AWS EC2 machine, one system was in inconsistent state due to earlier installations, that forced sudo elevations in the application for all commands to OS, like sh, etc.
pm2 was running as root:
ps aux | grep pm2
# root ... PM2 v4.1.2: God Daemon (/root/.pm2)
Now pm2 is running as ubuntu:
ps aux | grep pm2
# ubuntu ... PM2 v4.1.2: God Daemon (/home/ubuntu/.pm2)
Below commands worked:
sudo pm2 kill
sudo npm remove pm2 -g
sudo npm i -g pm2#latest
sudo pm2 update
sudo chown -R ubuntu:ubuntu /home/ubuntu/.pm2
Hope that helps
You should start pm2 as a root, (sudo pm2 start app.js), then your app will start as a root
First, install pm2 globally.
Then set root permissions to pm2 using this command
sudo chown ubuntu:ubuntu /home/ubuntu/.pm2/rpc.sock /home/ubuntu/.pm2/pub.sock
you might consider routing your traffic with iptables, since there is a reason behind this errror
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
When I start my Nodejs app with pm2, other server users are not able to access the process.
Even if I start pm2 from a custom directory (not current user's ~/, what pm2 is using by default):
HOME=/var/www pm2 start app.js
Directory is accessible by any user (comparing to ~/, but there's still no way other server user is able to access the process.
When other server user does pm2 list, it shows him 0 processes are running – but there are (started by another user). And when other user tries HOME=/var/www pm2 list, CLI throws an error:
events.js:72
throw er; // Unhandled 'error' event
^
Error: connect EACCES
at errnoException (net.js:905:11)
at Object.afterConnect [as oncomplete] (net.js:896:19)
So I am wondering how to make sure users are able to access pm2 processes run by other server users? Or it shall be approached differently?
I am wondering why every server user is able to make git pull to deploy latest source code from a Git repository, but can't restart pm2 process afterwards? Only the user that started pm2 process is able to restart it… Weird.
Here's how we bypassed this.
Just create a group
Create a new group pm2 or whatever name works for you
$ groupadd pm2
Change the /var/www/ folder group owner to group pm2
$ chgrp -R pm2 /var/www
Add the other user, let's say bob, to pm2
$ usermod -aG pm2 bob
Now bob can run pm2 commands by changing $HOME to /var/www
$ env HOME=/var/www pm2 list
Or (better still) create an alias as #jcollum suggested
$ alias pm2='env HOME=/var/www pm2'
Ok, here is my solution for same problem:
# 1. Create user PM2 and set his password
sudo useradd -d /opt/pm2 -m -s /bin/bash pm2
sudo passwd pm2
# 2. Add users you want to provide the access to PM2 to PM2 group
sudo usermod -aG pm2 <username>
# Note: if you added yourself to pm2 group, perform logout and login back to the host machine
# 3. Set the PM2_HOME variable
sudo touch /etc/profile.d/pm2.sh
sudo sh -c 'echo "export PM2_HOME=\"/opt/pm2/.pm2\"" > /etc/profile.d/pm2.sh'
source /etc/profile.d/pm2.sh
# 4. Install the PM2
# Check the npm prefix if fail:
# https://docs.npmjs.com/misc/config#prefix
sudo npm install pm2 -g
# 5. Make startup script
sudo pm2 startup ubuntu -u pm2 --hp /opt/pm2
sudo systemctl enable pm2-pm2 && \
sudo systemctl start pm2-pm2 && \
sudo systemctl status pm2-pm2
# 6. Change permission of PM2_HOME
sudo chmod -v g+w /opt/pm2/.pm2
# 7. Check the PM2
pm2 status
It seems that PM2 saves data under user's '~/.pm2' folder, so other users can not see your PM2 process with 'pm2 status'.
I created a new linux user for PM2, and all users use 'su pm2user' before starting Pm2 process:
$ sudo su pm2user
$ sudo pm2 start app.js
It's a stupid way, but it is simple and works well. Hope this would help :)
Assuming you run pm2 as www-data. To have access to that pm2 instance, I do: sudo -u www-data HOME=/var/www pm2 list for example. You can, of course, create a script (e.g. supm2) that does that for you so you can just do supm2 list instead.
I've faced a similar issue. The reason may be that you do not have the required permissions, or you do not own the pid and sock files created by pm2. In my case, it was working fine when I started the pm2 from commandline instead of startup. When I used startup, it was running as root user by default. So root was the owner of the pid, sock files
I know that I am late to the party, but this is how I did it:
PM2="/usr/share/nodejs/pm2"
USER="me"
useradd $USER
groupadd pm2
chgrp -R pm2 $PM2
usermod -aG pm2 $USER
setfacl -Rdm g:pm2:rwx $PM2
/etc/bash.bashrc etc
export PM2_HOME=$PM2;
I also have the need to use pm2 with multiple users and I found a solution seemed even better. Here is brief version from Piotr SobuĹ›'s medium article.
sudo groupadd pm2 # Create pm2 group for user who want manage pm2 together
sudo usermod -a -G pm2 user1 # add yourself to pm2 group
sudo usermod -a -G pm2 user2 # add as many user as you need to pm2 group
# you need to login again for new group to apply to user
sudo mkdir /etc/pm2daemon
sudo chgrp -R pm2 /etc/pm2daemon
sudo chmod -R 770 /etc/pm2daemon
sudo chmod g+s /etc/pm2daemon
Add following lines to ~/.bashrc for users that you want to share pm2 management.
# PM2 environment
export PM2_HOME=/etc/pm2daemon
If you install pm2 systemd service with pm2 startup. You also need to modify PIDFILE and PM2_HOME in systemd service confgiuration file:
/etc/systemd/system/multi-user.target.wants/pm2-YOUR_USER_NAME.service
from:
...
Environment=PM2_HOME=/home/YOUR_USER_NAME/.pm2
PIDFile=/home/YOUR_USER_NAME/.pm2/pm2.pid
...
to:
...
Environment=PM2_HOME=/etc/pm2daemon
PIDFile=/etc/pm2daemon/pm2.pid
...
After modification, you need to use systemctl daemon-reload to update systemd configuration. Now start the service with sudo systemctl start pm2-YOUR_USER_NAME.service.
Then you can now use pm2 across users that you shared.
PS. If you fail to start service with systemctl, kill current pm2 daemon process by pm2 kill. Now you should able to use systemctl to start pm2 daemon.
When i run this command
sudo /etc/init.d/httpd restart
it gives below error
Stopping httpd: [FAILED]
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs [FAILED]
i checked running programs at port 80 by using
netstat -lnp | grep :80 (it gives below output)
tcp 0 0 :::80 :::* LISTEN 21739/httpd
why i am not able to stop stop apache by using sudo /etc/init.d/httpd restart?
below commands work without issue
sudo apachectl stop
sudo apachectl start
i am using linux micro instance of amazon ec2
I ran into this problem when I installed apache from source, but then tried to run
$ sudo /etc/init.d/httpd restart
which was using a pre-installed version of apache. The stop directive in /etc/init.d/httpd was not removing the httpd.pid file that was created when starting the source-installed version of apache.
To determine if this is also the reason for your problem, find where the httpd.pid file is getting set when you run
$ sudo apachectl start
If you installed from source and apache2 is living in /usr/local/apache2, then the httpd.pid file should get created in /usr/local/apache2/logs. When you stop apache by running
$ sudo apachectl stop
this file should get removed. So to test if the httpd.pid file is causing your problem, start apache by calling
$ sudo apachectl start
and locate the httpd.pid file. Then try stopping apache by using
$ sudo /etc/init.d/httpd stop
If the original httpd.pid file is still present, then that is why apache is unable to start when you use
$ sudo /etc/init.d/httpd start
To get my /etc/init.d/httpd file to work correctly, I explicitly put the call to apachectl in the start and stop methods:
#!/bin/bash
# /etc/init.d/httpd
#
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache2/bin/apachectl
httpd=/usr/local/apache2/bin/httpd
pid=/usr/local/apache2/logs/httpd.pid
prog=httpd
RETVAL=0
start() {
echo -n $"Starting $prog: "
$apachectl -k start
RETVAL=$?
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$apachectl -k stop
RETVAL=$?
echo
}
I tried this and it works:
sudo fuser -k -n tcp 80
sudo service httpd start
Hope this will help you!
Cheers
I feel its better to kill the process itself, find out the process id and kill it and then do a fresh start, it should work fine
I have had this issue very rarely over the last couple years with a server I've been managing. Unfortunately, if you are getting FAILED after trying to restart, the process that's managing the connection on port 80 won't release it's hold on that port.
I would try a full "sudo /etc/init.d/httpd stop" wait for that to finish or fail.
If that doesn't fix it you'll have to restart the server completely. Hopefully, it's configured to start everything up automatically on restart, but that isn't guaranteed.
"apachectl" is also great tool for Apache, but it may not be on this server, it depends on the install and linux distro used.
If after rebooting the server, apache still fails to start, something bad has happened. I'd consider pulling all the website and conf files for creating a new server at that point, but the apache start, and then failed message output should give you some idea of where to look in the Logs about why it cannot start.