I have setup a mount.service in coreOS, but when I reboot the server, I get:
$ sudo -i
Failed Units: 1
mount.service
araweelo ~ # systemctl status mount
● mount.service - Mount share service
Loaded: loaded (/etc/systemd/system/mount.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2016-06-22 10:45:58 BST; 50s ago
Main PID: 695 (code=exited, status=32)
Jun 22 10:45:58 araweelo systemd[1]: Starting Mount share service...
Jun 22 10:45:58 araweelo mount.cifs[695]: mount error(101): Network is unreachable
Jun 22 10:45:58 araweelo mount.cifs[695]: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Jun 22 10:45:58 araweelo systemd[1]: mount.service: Main process exited, code=exited, status=32/n/a
Jun 22 10:45:58 araweelo systemd[1]: Failed to start Mount share service.
Jun 22 10:45:58 araweelo systemd[1]: mount.service: Unit entered failed state.
Jun 22 10:45:58 araweelo systemd[1]: mount.service: Failed with result 'exit-code'.
here is my mount.service file
araweelo ~ # vim /etc/systemd/system/mount.service
[Unit]
Description=Mount share service
Wants=network-online.target
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutStartSec=0
ExecStart=/opt/bin/mount.cifs //192.168.10.4/Apps/pegasus/operaII/Data/C /ccc/smb -o domain=server-apps.opera.local,credentials=/home/opera/.smbcredentials,uid=1000,gid=1000,ro
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
then:
araweelo ~ # systemctl enable mount
araweelo ~ # systemctl start mount
araweelo ~ # df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.4G 0 3.4G 0% /dev
tmpfs 3.5G 0 3.5G 0% /dev/shm
tmpfs 3.5G 460K 3.5G 1% /run
tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup
/dev/sda9 114G 44G 65G 41% /
/dev/sda3 985M 589M 345M 64% /usr
tmpfs 3.5G 0 3.5G 0% /media
/dev/sda1 128M 66M 62M 52% /boot
tmpfs 3.5G 0 3.5G 0% /tmp
/dev/sda6 108M 52K 99M 1% /usr/share/oem
//192.168.10.4/Apps/pegasus/operaII/Data/C 558G 246G 313G 44% /ccc/smb
if I then reboot the server, I get the Failed to start Mount share service
Any advise on what I have missed is much appreciated.
Taking a bit of a stab in the dark here, but should these two match?
Wants=network-online.target
After=network.target
I know for an After= to take affect you also need a Requires= that matches the same service. Maybe that's the case for this as well?
Related
I am running Suricata in IDS (af-packet) mode on Ubuntu 20.04.5 LTS (Focal Fossa) and deployed as the root user:
NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
Following the Suricata "Adding your own Rules" Doc, I have added a very basic (for complexity ease when troubleshooting) alerting-rule with first available sid:1000000 from custom rules range:
########### Test Rules #############
alert ssh any any -> xxx.xxx.60.6 !22 (msg:"SSH TRAFFIC on non-SSH port"; flow:to_client, not_established; classtype: misc-attack; target: dest_ip; sid:1000000;)
The .rules file for the local rules has sufficient permissions and matches suricata.rules, owned by root:
ls -halt /var/lib/suricata/rules/
total 22M
-rw-r--r-- 1 root root 3.2K Oct 17 00:00 classification.config
drwxr-x--- 2 root root 4.0K Oct 17 00:00 .
-rw-r--r-- 1 root root 22M Oct 17 00:00 suricata.rules
-rw-r--r-- 1 root root 210 Oct 13 21:45 local.rules
Ensured that the rules are added to Suricata suricata.yaml config and processed is restarted:
cat /etc/suricata/suricata.yaml | grep "rule-files" -A 5 -B 5
##
#default-rule-path: /var/lib/suricata/rules
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
- /var/lib/suricata/rules/local.rules
- /etc/suricata/rules/*.rules
AFAIK, the custom ruleset should be loaded into the suricata.rules file? Therefore, I am running the following verification subject to what I am reporting:
cat /var/lib/suricata/rules/suricata.rules | grep sid:1000000
I can test traffic and verify with tcpdump, matching the rule but never see a signature match in fast.log (which is logging other signature-matching traffic):
cat /var/log/suricata/fast.log | grep 1000000
I see no errors following statup of the service that would indicate an error present:
systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (running) since Mon 2022-10-17 13:11:39 UTC; 8h ago
Docs: man:systemd-sysv-generator(8)
Process: 2184275 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS)
Tasks: 78 (limit: 618963)
Memory: 25.2G
CGroup: /system.slice/suricata.service
└─2184295 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v>
Oct 17 13:11:39 sec3 systemd[1]: Starting LSB: Next Generation IDS/IPS...
Oct 17 13:11:39 sec3 suricata[2184275]: Starting suricata in IDS (af-packet) mode... done.
Oct 17 13:11:39 sec3 systemd[1]: Started LSB: Next Generation IDS/IPS.
Can somebody help me with somewhere I may be silly here?
TYIA!
I am trying to mount a flask app using uwsgi and nginx server. I keep getting permission denied error everytime i run my service.
/home/zerotouch/zerotouch/zerotouch.ini
[uwsgi]
module = wsgi
master = true
processes = 5
uid=nginx
gid=nginx
socket = /run/uwsgi/zerotouch.sock
chown-socket = zerotouch:nginx
chmod-socket = 660
vacuum = true
die-on-term = true
/etc/systemd/system/zerotouch.service
[Unit]
Description=uWSGI instance to serve zerotouch
After=network.target
[Service]
User=zerotouch
Group=nginx
WorkingDirectory=/home/zerotouch/zerotouch
Environment="PATH=/home/zerotouch/zerotouch/env/bin"
ExecStartPre=-/usr/bin/bash -c 'mkdir -p /run/uwsgi; chown zerotouch:nginx /run/uwsgi; chown zerotouch:nginx /home/zerotouch/zerotouch/env/bin/activate;'
ExecStart=/usr/bin/bash -c 'source /home/zerotouch/zerotouch/env/bin/activate;/home/zerotouch/zerotouch/env/bin/uwsgi --ini /home/zerotouch/zerotouch/zerotouch.ini'
[Install]
WantedBy=multi-user.target
Error
systemctl status zerotouch
● zerotouch.service - uWSGI instance to serve zerotouch
Loaded: loaded (/etc/systemd/system/zerotouch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2019-10-10 16:34:35 CEST; 8s ago
Process: 28843 ExecStart=/usr/bin/bash -c source /home/zerotouch/zerotouch/env/bin/activate;/home/zerotouch/zerotouch/env/bin/uwsgi --ini /home/zerotouch/zerotouch/zerotouch.ini (code=exited, status=1/FAILURE)
Process: 28839 ExecStartPre=/usr/bin/bash -c mkdir -p /run/uwsgi; chown zerotouch:nginx /run/uwsgi; chown zerotouch:nginx /home/zerotouch/zerotouch/env/bin/activate; (code=exited, status=127)
Main PID: 28843 (code=exited, status=1/FAILURE)
Oct 10 16:34:35 aj-poc-1 bash[28843]: detected binary path: /home/zerotouch/zerotouch/env/bin/uwsgi
Oct 10 16:34:35 aj-poc-1 bash[28843]: your processes number limit is 7259
Oct 10 16:34:35 aj-poc-1 bash[28843]: your memory page size is 4096 bytes
Oct 10 16:34:35 aj-poc-1 bash[28843]: detected max file descriptor number: 1024
Oct 10 16:34:35 aj-poc-1 bash[28843]: lock engine: pthread robust mutexes
Oct 10 16:34:35 aj-poc-1 bash[28843]: thunder lock: disabled (you can enable it with --thunder-lock)
Oct 10 16:34:35 faj-poc-1 bash[28843]: bind(): Permission denied [core/socket.c line 230]
Oct 10 16:34:35 aj-poc-1 systemd[1]: zerotouch.service: main process exited, code=exited, status=1/FAILURE
Oct 10 16:34:35 aj-poc-1 systemd[1]: Unit zerotouch.service entered failed state.
Oct 10 16:34:35 aj-poc-1 systemd[1]: zerotouch.service failed.
There were problems in permissions for creating and editing a socket.
So I went to /run/uwsgi and used ls -lhtr to get overview of file permissions
Then I created a blank sock file zerotouch.sock using vi zerotouch.sock
And added permissions to this file for user:zerotouch and group:nginx
chown zerotouch:nginx -R /run/uwsgi
I'm trying to run devstack on Ubuntu 16.04 VM using ./stack.sh
+lib/etcd3:start_etcd3:61 sudo systemctl daemon-reload
+lib/etcd3:start_etcd3:62 sudo systemctl enable devstack#etcd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/devstack#etcd.service to
/etc/systemd/system/devstack#etcd.service.
+lib/etcd3:start_etcd3:63 sudo systemctl start devstack#etcd.service
Job for devstack#etcd.service failed because the control process exited with error code. See "systemctl status
devstack#etcd.service" and "journalctl -xe" for details.
+lib/etcd3:start_etcd3:1 exit_trap
+./stack.sh:exit_trap:515 local r=1
++./stack.sh:exit_trap:516 jobs -p
+./stack.sh:exit_trap:516 jobs=
+./stack.sh:exit_trap:519 [[ -n '' ]]
+./stack.sh:exit_trap:525 '[' -f /tmp/tmp.0IwC5vOcG5 ']'
+./stack.sh:exit_trap:526 rm /tmp/tmp.0IwC5vOcG5
+./stack.sh:exit_trap:530 kill_spinner
+./stack.sh:kill_spinner:425 '[' '!' -z '' ']'
+./stack.sh:exit_trap:532 [[ 1 -ne 0 ]]
+./stack.sh:exit_trap:533 echo 'Error on exit'
Error on exit
+./stack.sh:exit_trap:535 type -p generate-subunit
+./stack.sh:exit_trap:536 generate-subunit 1524706916 269 fail
+./stack.sh:exit_trap:538 [[ -z /opt/stack/logs ]]
+./stack.sh:exit_trap:541 /opt/stack/devstack/tools/worlddump.py -d /opt/stack/logs
World dumping... see /opt/stack/logs/worlddump-2018-04-26-014626.txt for details
+./stack.sh:exit_trap:550 exit 1
When i the run the command sudo systemctl status devstack#etcd.service:
stack#openstack-demo-vm:/opt/stack/devstack$ sudo systemctl status devstack#etcd.service
● devstack#etcd.service - Devstack devstack#etcd.service
Loaded: loaded (/etc/systemd/system/devstack#etcd.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Thu 2018-04-26 01:46:27 UTC; 1min 27s ago
Process: 122376 ExecStart=/opt/stack/bin/etcd --name openstack-demo-vm --data-dir /opt/stack/data/etcd --initial-
cluster-state new --initial-cluster-token etcd-cluster-01 --initial-cluster openst
Main PID: 122376 (code=exited, status=1/FAILURE)
Apr 26 01:46:26 openstack-demo-vm systemd[1]: devstack#etcd.service: Main process exited, code=exited, status=1/FAILURE
Apr 26 01:46:26 openstack-demo-vm systemd[1]: Failed to start Devstack devstack#etcd.service.
Apr 26 01:46:26 openstack-demo-vm systemd[1]: devstack#etcd.service: Unit entered failed state.
Apr 26 01:46:26 openstack-demo-vm systemd[1]: devstack#etcd.service: Failed with result 'exit-code'.
Apr 26 01:46:27 openstack-demo-vm systemd[1]: devstack#etcd.service: Service hold-off time over, scheduling restart.
Apr 26 01:46:27 openstack-demo-vm systemd[1]: Stopped Devstack devstack#etcd.service.
Apr 26 01:46:27 openstack-demo-vm systemd[1]: devstack#etcd.service: Start request repeated too quickly.
Apr 26 01:46:27 openstack-demo-vm systemd[1]: Failed to start Devstack devstack#etcd.service.
lines 1-14/14 (END)
While etcd runs on the VM:
stack#openstack-demo-vm:/opt/stack/devstack$ systemctl status etcd
● etcd.service - etcd - highly-available key value store
Loaded: loaded (/lib/systemd/system/etcd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-04-26 00:12:18 UTC; 1h 58min ago
Docs: https://github.com/coreos/etcd
man:etcd
Main PID: 4425 (etcd)
Tasks: 9
Memory: 9.3M
CPU: 22.020s
CGroup: /system.slice/etcd.service
└─4425 /usr/bin/etcd
What am i missing?
Well, you may simply add the following in your local.conf:
disable_service etcd3
And then, run stack.sh.
Afte some researcha nd asking aroundin Openstack forums and devstack, disabling etcd' instack.sh' helped to resole this.
Steps:
Edit the file /opt/stack/devstack/stach.sh
Comment the below lines (you will find them at around 1035 line)
# Start Services
# ==============
# Dstat
# -----
# A better kind of sysstat, with the top process per time slice
#start_dstat
# Etcd
# -----
# etcd is a distributed key value store that provides a reliable way
to store data across a cluster of machines
#if is_service_enabled etcd3; then
# start_etcd3
#fi
Save the above file.
Run ./unstack.sh
Run ./stack.sh
This might be specific to openSUSE / systemd.
I'm having trouble mounting an encrypted loopback file using the procedure described on the SDB:Encrypted filesystems knowledge base. I get this behaviour:
[mjl#tesla:~]
[11:12] $ sudo systemctl start /home/mjl/key
Job for home-mjl-key.mount failed. See "systemctl status home-mjl-key.mount" and "journalctl -xe" for details.
[mjl#tesla:~]
[11:12] 1 $ sudo systemctl status home-mjl-key.mount
● home-mjl-key.mount - /home/mjl/key
Loaded: loaded (/etc/fstab; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2018-03-11 11:12:41 AEDT; 3s ago
Where: /home/mjl/key
What: /home/mjl/.tomb
Docs: man:fstab(5)
man:systemd-fstab-generator(8)
Process: 12949 ExecMount=/usr/bin/mount /home/mjl/.tomb /home/mjl/key -t crypt -o loop,user,acl,user_xattr (code=exited, status=32)
Mar 11 11:12:41 tesla systemd[1]: Mounting /home/mjl/key...
Mar 11 11:12:41 tesla mount[12949]: mount: unknown filesystem type 'crypt'
Mar 11 11:12:41 tesla systemd[1]: home-mjl-key.mount: Mount process exited, code=exited status=32
Mar 11 11:12:41 tesla systemd[1]: Failed to mount /home/mjl/key.
Mar 11 11:12:41 tesla systemd[1]: home-mjl-key.mount: Unit entered failed state.
[mjl#tesla:~]
[11:12] 3 $
The /home/mjl/.tomb loopback file was created using YaST Partitioner; I specified that I did not want it mounted at system start time, but that users should be allowed to mount it.
So it created the file, added an entry to /etc/cryptab and also this entry to /etc/fstab:
[mjl#tesla:~]
[11:12] 3 $ tail -n1 /etc/fstab
/home/mjl/.tomb /home/mjl/key crypt loop,user,noauto,acl,user_xattr,nofail 0 0
[mjl#tesla:~]
[11:15]$
There is the 'crypt' filesystem type.
My question is: how should I be mounting this as a user? Is systemd failing because of the filesystem type, or because I haven't told it the encryption key?
I've also tried mounting directly:
[mjl#tesla:~]
[11:16]$ sudo mount /home/mjl/key
mount: unknown filesystem type 'crypt'
[mjl#tesla:~]
The same error. So I guess I'm not mounting it correctly. Do I need to do something with cryptsetup
Going to my app produces a 502 gateway error. Found out that it was because my how_lit.service is failing. But I am having trouble finding out why.
Tried editing the application and the ini document. Cannot figure out whats wrong.
The Nginx and uWSGI services are up and running fine.
Service Status:
lit#digitalocean:~/howlit$ sudo service how_lit status
[sudo] password for lit:
● how_lit.service - uWSGI instance to serve how lit rest api
Loaded: loaded (/etc/systemd/system/how_lit.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2016-08-04 00:30:44 EDT; 5 days ago
Process: 14294 ExecStart=/home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini (code=exited, status=1/FAILURE)
Main PID: 14294 (code=exited, status=1/FAILURE)
Aug 04 00:30:44 digitalocean systemd[1]: Started uWSGI instance to serve how lit rest api.
Aug 04 00:30:44 digitalocean uwsgi[14294]: [uWSGI] getting INI configuration from /home/lit/howlit/howlit.ini
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Main process exited, code=exited, status=1/FAILURE
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Unit entered failed state.
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Failed with result 'exit-code'.
Directory and Permissions:
lit#digitalocean:~/howlit$ ls -l .
total 16
drwx---r-x 6 lit www-data 4096 Jul 29 11:47 env
-rwx---r-x 1 lit www-data 202 Aug 3 23:29 howlit.ini
-rwx---r-x 1 lit www-data 1203 Aug 3 23:01 how_lit_restapi.py
-rwxr-xr-x 1 lit www-data 72 Aug 3 23:27 wsgi.py
/etc/systemd/system/how_lit.service:
lit#digitalocean:~/howlit$ cat /etc/systemd/system/how_lit.service
[Unit]
Description=uWSGI instance to serve how lit rest api
After=network.target
[Service]
User=lit
Group=www-data
WorkingDirectory=/home/lit/howlit/
Environment="PATH=/home/lit/howlit/env/bin"
ExecStart=/home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini
[Install]
WantedBy=multi-user.target
howlit.ini file:
lit#digitalocean:~/howlit$ cat howlit.ini
[uwsgi]
module = wsgi:app
uid = lit
gid = www-data
master = true
processes = 5
socket = how_lit_restapi.sock
chmod-sock = 666
vacum = true
die-on-term = true
gto = /var/log/uwsgi/%n.log
Tried running it by hand:
lit#digitalocean:~/howlit$ /home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini
[uWSGI] getting INI configuration from /home/lit/howlit/howlit.ini
*** Starting uWSGI 2.0.13.1 (64bit) on [Tue Aug 9 18:28:25 2016] ***
compiled with version: 5.4.0 20160609 on 29 July 2016 11:48:08
os: Linux-4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
nodename: digitalocean
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /home/lit/howlit
detected binary path: /home/lit/howlit/env/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 1896
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
bind(): Permission denied [core/socket.c line 230]
permission error again?
SOLVED IT: By sending my socket into tmp, but still getting bad gateway error when I navigate to my site :(
Solved my own problem.
First I checked my services.
sudo service nginx status
sudo service uwsgi status
sudo service how_lit status
then I saw them all running and up but was still getting the bad gateway error. Well after checking the logs had no errors. I had to assume my configs.
Then I realized my mistake....I never restarted all of it, just certain parts at certain times. So I restarted every single one as such:
sudo service nginx restart
sudo service uwsgi restart
sudo service how_lit restart
now it works.
About the permission issue I tried it by putting the socket into the /tmp directory that way www-data group users can access it as well as root. I learned that you need to be able to create the socket and allow access to the system for it.
I moved it out of tmp btw later for production as I was told that was not best practice.