I have a task in a playbook that tries to restart nginx via a handler as per usual:
name: restart nginx
service: name=nginx state=restarted
It gaves me this following error:
RUNNING HANDLER [webtier : restart nginx] **************************************
fatal: [vagrant]: FAILED! => {"changed": false, "msg": "Unable to restart service nginx: Failed to restart nginx.service: Connection timed out\nSee system logs and 'systemctl status nginx.service' for details.\n"}
However until last time sudo: yes command was working. and the above error was not coming.
But this time, by adding sudo: yes command
name: restart nginx
service: name=nginx state=restarted
sudo: yes
Gives following error:
ERROR! conflicting action statements: service, sudo
The error appears to be in '/Users/mac/Documents/GitHub/petalandstem/ansible/roles/webtier/handlers/main.yml': line 28, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: restart nginx
^ here
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
How to restart nginx successfully ?
The correct syntax is either INI
- name: restart nginx
service: name=nginx state=restarted
become: true
become_method: sudo
or YAML
- name: restart nginx
service:
name: nginx
state: restarted
become: true
become_method: sudo
See Understanding privilege escalation: become.
Ansible 1.x: sudo: yes
Ansible 2.x: become: yes
That's because the become_method is a choice now but the default is "sudo".
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | machinectl ]
i was facing the same issue
this happened to me because httpd was already running on port 80
so i had to stop the httpd service
$ service httpd stop
then try the ansible-playbook
First don't edit the files in sites-enabled, but create links and edit in sites-available.
For me the problem was in sites-enabled folder.
When you delete the default site from sites-available folder, you need to delete the link from sites-enabled.
After deleting the default link from sites-enabled for me worked.
Related
I'm working on a project for deploying pentest lab with terraform & ansible. All is working good except that last problem.
In my lab I have a nginx server running on a Windows server. Nginx with php works when I start them as Administrator with ansible but i need them to run with a non admin local account.
For the php i've made a wrapper using this tools : https://github.com/antonioCoco/RunasCs
But it doesn't work with nginx cause of a working directory problem :
Here is the error :
PS C:\Users\Administrator> .\RunAsCs.exe nginx ***** C:\Web\nginx-1.19.6\nginx.exe
[*] Warning: GetUserProfileDirectory failed with error code: 2
[*] Warning: Unable to obtain environment for user 'nginx'.
[*] Warning: Environment of created process might be incorrect.
nginx: [alert] could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
2021/03/06 10:18:33 [emerg] 5556#6124: CreateFile() "C:\Windows\system32/conf/nginx.conf" failed (3: The system cannot find the path specified)
And that's normal because as you can see my wrapper start in Windows/System32
I would like to know if there is a solution either with nginx.conf or with ansible to start this exe as the "nginx" user.
This is a working code for starting nginx as Administrator
- name: Starting web server
win_shell: .\nginx.exe
args:
chdir: C:\Web\nginx-1.19.6
async: 180
poll: 0
I know that there is a psexec module in ansible but psexec will work only for Local Admin account and the goal of that is that my nginx don't run as Local Admin.
Thanks for the help !
I am trying to set up repmgr version 5 on Debian with PostgtrSql 11.
Seems like the documentation is more oriented towards centos/RHEL.
When I am trying to setup the witnes node to start the repmgr daemon, I get an error without any idea where to look for for seeing what is the cause of the error.
This is my repmgr.conf file:
node_id=3
node_name='PG-Node-Witness'
conninfo='host=10.97.7.140 user=repmgr dbname=repmgr connect_timeout=2'
data_directory='/var/lib/postgresql/11/main'
failover='automatic'
promote_command='/usr/bin/repmgr standby promote -f /etc/repmgr.conf --log-to-file'
follow_command='/usr/bin/repmgr standby follow -f /etc/repmgr.conf --log-to-file --upstream-node-id=%n'
priority=60
monitor_interval_secs=2
connection_check_type='ping'
reconnect_attempts=6
reconnect_interval=8
primary_visibility_consensus=true
standby_disconnect_on_failover=true
repmgrd_service_start_command='sudo /etc/init.d/repmgrd start' #??????
repmgrd_service_stop_command='sudo //etc/init.d/repmgrd stop'#??????
service_start_command='sudo /usr/bin/systemctl start postgresql#11-main.service'
service_stop_command='sudo /usr/bin/systemctl stop postgresql#11-main.service'
service_restart_command='sudo /usr/bin/systemctl restart postgresql#11-main.service'
service_reload_command='sudo /usr/bin/systemctl relaod postgresql#11-main.service'
monitoring_history=yes
log_status_interval=60
register is OK:
repmgr -f /etc/repmgr.conf witness register -h 10.97.7.97
INFO: connecting to witness node "PG-Node-Witness" (ID: 3)
INFO: connecting to primary node
NOTICE: attempting to install extension "repmgr"
NOTICE: "repmgr" extension successfully installed
INFO: witness registration complete
NOTICE: witness node "PG-Node-Witness" (ID: 3) successfully registered
repmgr daemon dry-run OK too:
$repmgr -f /etc/repmgr.conf daemon start --dry-run
INFO: prerequisites for starting repmgrd met
DETAIL: following command would be executed:
sudo /usr/bin/systemctl start postg...#11-main.service
I setup /etc/default/repmgrd with:
REPMGRD_ENABLED=yes
and
REPMGRD_CONF="/etc/repmgr.conf"
But still get error when trying to run the daemon start:
$ repmgr -f /etc/repmgr.conf daemon start
I get:
NOTICE: executing: "sudo /etc/init.d/repmgrd start"
ERROR: repmgrd does not appear to have started after 15 seconds
HINT: use "repmgr service status" to confirm that repmgrd was successfully started
It is recommended to run repmgrd as a systemd service,
According to the docs (for debian) you may first need to configure /etc/default/repmgrd,
My configuration looks like this:
# default settings for repmgrd. This file is source by /bin/sh from
# /etc/init.d/repmgrd
# disable repmgrd by default so it won't get started upon installation
# valid values: yes/no
REPMGRD_ENABLED=yes
# configuration file (required)
REPMGRD_CONF="/etc/repmgr/12/repmgr.conf"
# additional options
REPMGRD_OPTS="--daemonize=false"
# user to run repmgrd as
REPMGRD_USER=postgres
# repmgrd binary
REPMGRD_BIN=/bin/repmgrd
# pid file
REPMGRD_PIDFILE=/var/run/repmgrd.pid
Secondly, I would revisit sudoers (visudo) in order to check whether the non-root user can execute sudo /etc/init.d/repmgrd start.
Further, the user who runs repmgr commands should be able to write logs depending on your configuration.
Apparently the correct command to start the repmgr daemon is:
repmgrd -f /etc/prepmgr.conf
while installing letsencrypt certificate the output error is:
nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getgrnam(“nobody”) failed
nginx: configuration file /jet/etc/nginx/nginx.conf test failed
but if I run:
nginx -t
to see if there are configuration errors in the nginx.conf file,
nginx -t return the output:
nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /jet/etc/nginx/nginx.conf test is successful
Every now and then on WordPress I also get the error:
internal server 500 error
and I don’t know if this is related to the problem I described above
My web server is (include version):
The operating system my web server runs on is (include version):
Linux lemp7-optimized-g2-1-vm 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64
jeware lemp7 stack profile
jetware
I managed to install the certificates by inserting a line with the “user nobody nogroup;” in the nginx.conf file
After the installation I removed the line with the “user nobody nogroup;” in the nginx.conf file
sudo wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /jet/etc/letsencrypt/certbot-auto
sudo chown root /jet/etc/letsencrypt/certbot-auto
sudo chmod 0755 /jet/etc/letsencrypt/certbot-auto
sudo chmod a+x /jet/etc/letsencrypt/certbot-auto
sudo /jet/etc/letsencrypt/certbot-auto --nginx --nginx-ctl /jet/bin/nginx --nginx-server-root /jet/etc/nginx --config-dir /jet/etc/letsencrypt
this produce this output:
nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getgrnam(“nobody”) failed
nginx: configuration file /jet/etc/nginx/nginx.conf test failed
but if I run:
nginx -t
to see if there are configuration errors in the nginx.conf file,
nginx -t return the output:
nginx: the configuration file /jet/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /jet/etc/nginx/nginx.conf test is successful
every now and then on WordPress I also get the error: internal server 500 error
and I don’t know if this is related to the problem I described above
I will probably also have problems with automatic certificate renewal if I do not resolve this situation
Well I have solved the problem. Fortunately I managed to find the error in the log and I understood what happened.
“certbot-auto” installs the certificates using the user: nobody. In my system there already existed by default a user “nobody” of the group “nogroup” but has no access to nginx. user nobody
So to be able to install the certificates I had to insert a line with the directive: user nobody nogroup; inside nginx.conf.
This allowed the installation of certificates. However, this procedure has changed the permissions in the directory: /jet/tmp/nginx/
where instead of: my_ssh_user:my_ssh_group I found: nobody:my_ssh_group and with this modified setting I received the internal server 500 error on the WordPress admin panel. So the problem is not related to WordPress but to the certificate installation procedure.
After installing the certificates I removed the user nobody nogroup directive; because during the restart of nginx, a warning came up saying that this directive is not supported and therefore will be ignored.
Restoring the permissions with chmod on the directory: /jet/tmp/nginx I fixed the problem and the internal server 500 error disappeared.
Here the link of the same discussion on letsencrypt. I still doubt that the error could recur when I have to renew the certificates.
A possible solution could be to assign the ssh user of the virtual instance that does not have root permissions, root permissions by adding it to the root group.
On virtual hosts, when an instance is launched, a user ssh is created.
This user, for security reasons, does not have root permissions.
Letsencrypt by default installs the certificates on the / etc / letsencrypt folder, which has root permissions (user: root group: root).
I had to install the certificates in the folder where the ssh user can have access (user: myssh_user group: myssh_group), ie su / jet / etc / letsencrypt
Could it be that the error was caused by this?
I have OSX El Capitan. I installed Nginx-Full via homebrew. I am supposed to be able to start and stop services with
brew services Nginx-Full Start
I run that command and it seems to start no problem. I check the running services with
brew services list
That indicates that the Nginx-Full services is running. When i run
htop
to look at everything that is running Nginx does not show up and the server is not handling requests.
nginx is failing to launch because of an error, but brew-services is not communicating that to you.
Running it with sudo, as other users have suggested, is just masking the problem. If you just run nginx directly, you may see that there is actually a configuration or permissions issue that is causing nginx to abort. In my case, it was because it couldn't write to the error log:
nginx: [alert] could not open error log file: open() "/usr/local/var/log/nginx/error.log" failed (13: Permission denied)
2020/04/02 13:11:53 [warn] 19989#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /usr/local/etc/nginx/nginx.conf:2
2020/04/02 13:11:53 [emerg] 19989#0: open() "/usr/local/var/log/nginx/error.log" failed (13: Permission denied)
The last error is causing nginx to fail to launch. You can make yourself the owner of the logs with:
sudo chown -R $(whoami) /usr/local/var/log/nginx/
This should cause subsequent config errors to be written to the error log, even if homebrew services is not reporting them in stderr/stdout for now.
I've opened an issue about this: https://github.com/Homebrew/homebrew-services/issues/215
The log path may not the same for everyone. You can check the path to log file by checking the config file /usr/local/etc/nginx/nginx.conf. You can find a line like:
error_log /Users/myusername/somepath/nginx.log;. Change the chown command above accordingly. If even this didn't solve the problem, you may have to do the same for any other log files specified in the server blocks in your nginx configuration
Try launching it with "sudo", even if the formula say
The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.
sudo brew services Nginx-Full start
this worked for me:
sudo brew services start nginx
Running sudo nginx worked for me, it initially gave some error stating certain file in certain directory is missing, creating that file, and then another file is asked for to be created and then it runs properly.
I had similar problem, running it brew services start nginx used to show nginx running.
but brew services list used to show error.
running with sudo nginx solved my issue
I noticed when I test my nginx config using nginx -t, it gives me a warning:
nginx: [alert] could not open error log file: open() "/var/logs/nginx/error.log" failed (2: No such file or directory)
Which makes sense, since the log path for nginx is actually set up to be /var/log/nginx/ not /var/logs/nginx.
I scanned the entire nginx config directory and there is nothing there referencing /var/logs. I'm at a loss as to where this log location could be written?
Run this command in a terminal (note: capital V):
nginx -V
Do you find /var/logs there? Your nginx might be compiled with that default file location.
[EDIT]
I guess that some of your server blocks don't have the "error_log" directive. So nginx tries the default one for them. Note that by default the error_log is always on.
To fix this issue, you can add this line on the main block (the top level) such that all child blocks can inherit the setting:
error_log /var/log/nginx/error.log;
You can create these missed files:
cd /var/log/nginx/
sudo touch error.log
sudo touch access.log
sudo chmod 750 *.log
Then trigger nginx service:
sudo systemctl daemon-relod
sudo service nginx restart
[NOTE]:
You can also disable nginx logging:
disable nginx logging (1)
disable nginx logging (2)
You have a bad compiled default. Anything nginx notices before loading the config goes to the path for the error log defined at compile time. Recompile nginx with sane path or symlink log to logs if you can't.