Openstack nova list create problems - openstack

I am using Ubuntu 13.10 Saucy server and installed All openstack components, I succesfully did glance image-list, But when i tried to do nova list i got following error:
Error: HTTPConnectionPool(host='192.168.0.2',port=8774): Max retries exceeded with url: /v2/2344gh34gh234g34hj34g3j4gh34jgh34jgh34jg/servers/detail (caused by <class 'socket.error'>: [Errno 111] Connection refused)
Here is my /var/nova/nova-api.log
2014-01-20 10:43:20.867 19646 INFO nova.wsgi [-] Stopping WSGI server
2014-01-20 10:43:20.867 20051 INFO nova.openstack.common.service [-] Caught SIGHERM stopping children
2014-01-20 10:43:20.867 19275 INFO nova.openstack.common.service [-] Child 20052 exited with status 1

You have to make sure the nova services are running, that could be the problem.
You should have running these services:
sergio#cachiovm:/opt/stack/nova$ ps -ef | grep nova
root 4217 3217 0 10:44 pts/10 00:00:00 sg libvirtd /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
sergio 4223 3236 0 10:44 pts/12 00:00:13 /usr/bin/python /usr/local/bin/nova-cert --config-file /etc/nova/nova.conf
sergio 4227 3273 0 10:44 pts/16 00:00:00 /usr/bin/python /usr/local/bin/nova-xvpvncproxy --config-file /etc/nova/nova.conf
sergio 4231 3266 0 10:44 pts/15 00:00:07 /usr/bin/python /usr/local/bin/nova-novncproxy --config-file /etc/nova/nova.conf --web /opt/stack/noVNC
sergio 4236 3238 0 10:44 pts/13 00:00:15 /usr/bin/python /usr/local/bin/nova-network --config-file /etc/nova/nova.conf
sergio 4239 3264 0 10:44 pts/14 00:00:15 /usr/bin/python /usr/local/bin/nova-scheduler --config-file /etc/nova/nova.conf
sergio 4241 3307 0 10:44 pts/18 00:00:00 /usr/bin/python /usr/local/bin/nova-objectstore --config-file /etc/nova/nova.conf
sergio 4242 4217 0 10:44 pts/10 00:00:59 /usr/bin/python /usr/local/bin/nova-compute --config-file /etc/nova/nova.conf
sergio 4245 3301 0 10:44 pts/17 00:00:13 /usr/bin/python /usr/local/bin/nova-consoleauth --config-file /etc/nova/nova.conf
sergio 4246 3219 0 10:44 pts/11 00:01:26 /usr/bin/python /usr/local/bin/nova-conductor --config-file /etc/nova/nova.conf

Make sure you have the "nova-api" package installed.
I was following the install instructions and somehow I ended up with an /etc/init/nova-api.conf file but somewhere along the line nova-api was removed and it led to this useless error.
The bottom line: UPSTART SUCKS -- it really should report this kind of problem. But error handling was never its strong suit.

Start nova API in debug mode and you can see the actual error.
nova-api --debug
In my case the error was
CRITICAL nova [-] RequiredOptError: value required for option: lock_path
I have checked lock_path param in /etc/nova/nova.conf . it was not configured under [DEFAULT]. I have moved lock_path to [DEFAULT] . Then I started nova-api and worked for me.

Ok, in my case, while I am trying this on Ubuntu 14.04 and Juno on the below command I would get the status as below and the logs were frozen.
service nova-api start
nova-api stop/waiting
For some strange reason nova-api had gone missing, reinstalling it fixed the problem.

Related

Suricata Custom Ruleset will not Load into `suricata.rules`

I am running Suricata in IDS (af-packet) mode on Ubuntu 20.04.5 LTS (Focal Fossa) and deployed as the root user:
NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
Following the Suricata "Adding your own Rules" Doc, I have added a very basic (for complexity ease when troubleshooting) alerting-rule with first available sid:1000000 from custom rules range:
########### Test Rules #############
alert ssh any any -> xxx.xxx.60.6 !22 (msg:"SSH TRAFFIC on non-SSH port"; flow:to_client, not_established; classtype: misc-attack; target: dest_ip; sid:1000000;)
The .rules file for the local rules has sufficient permissions and matches suricata.rules, owned by root:
ls -halt /var/lib/suricata/rules/
total 22M
-rw-r--r-- 1 root root 3.2K Oct 17 00:00 classification.config
drwxr-x--- 2 root root 4.0K Oct 17 00:00 .
-rw-r--r-- 1 root root 22M Oct 17 00:00 suricata.rules
-rw-r--r-- 1 root root 210 Oct 13 21:45 local.rules
Ensured that the rules are added to Suricata suricata.yaml config and processed is restarted:
cat /etc/suricata/suricata.yaml | grep "rule-files" -A 5 -B 5
##
#default-rule-path: /var/lib/suricata/rules
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
- /var/lib/suricata/rules/local.rules
- /etc/suricata/rules/*.rules
AFAIK, the custom ruleset should be loaded into the suricata.rules file? Therefore, I am running the following verification subject to what I am reporting:
cat /var/lib/suricata/rules/suricata.rules | grep sid:1000000
I can test traffic and verify with tcpdump, matching the rule but never see a signature match in fast.log (which is logging other signature-matching traffic):
cat /var/log/suricata/fast.log | grep 1000000
I see no errors following statup of the service that would indicate an error present:
systemctl status suricata.service
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (running) since Mon 2022-10-17 13:11:39 UTC; 8h ago
Docs: man:systemd-sysv-generator(8)
Process: 2184275 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS)
Tasks: 78 (limit: 618963)
Memory: 25.2G
CGroup: /system.slice/suricata.service
└─2184295 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v>
Oct 17 13:11:39 sec3 systemd[1]: Starting LSB: Next Generation IDS/IPS...
Oct 17 13:11:39 sec3 suricata[2184275]: Starting suricata in IDS (af-packet) mode... done.
Oct 17 13:11:39 sec3 systemd[1]: Started LSB: Next Generation IDS/IPS.
Can somebody help me with somewhere I may be silly here?
TYIA!

Permissions error in WordPress setup with Mariadb + NGINX and custom php-fpm Dockerfile

I'm trying to configure a WordPress installation based on docker-compose and with official docker images and a custom Dockerfile based image for the php-fpm part.
The docker-compose is like follows:
docker-compose.yml:
-------------------
# MariaDB - MySQL Database
mariadb:
container_name: mariadb
image: linuxserver/mariadb:latest
restart: always
security_opt:
- no-new-privileges:true
ports:
- "3306:3306"
secrets:
- mysql_root_password
volumes:
- /home/docker/mariadb/data:/config
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
healthcheck:
test: mysqladmin ping -h localhost -p$$MYSQL_ROOT_PASSWORD && test '0' -eq $$(ps aux | awk '{print $$11}' | grep -c -e '^mysql$$')
environment:
- PUID=1000
- PGID=998
- TZ=Europe/Madrid
- MYSQL_ALLOW_EMPTY_PASSWORD=no
- FILE__MYSQL_ROOT_PASSWORD=/run/secrets/mysql_root_password
- MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress
- MYSQL_DATABASE=wordpress
secrets:
- mysql_root_password
# Nginx - Web Server
nginx:
container_name: nginx
image: nginx:1.18
restart: unless-stopped
depends_on:
- php7
healthcheck:
test: pidof nginx
networks:
- t2_proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /var/log/nginx:/var/log/nginx
- /home/docker/nginx:/etc/nginx
- /home/docker/shared/.htpasswd:/shared/.htpasswd
- /home/docker/sites/wordpress/html:/var/www/html/wordpress
labels:
- "traefik.enable=true"
## HTTP Routers (WordPress) Auth
- "traefik.http.routers.nginx-wordpress-auth-rtr.entrypoints=https"
- "traefik.http.routers.nginx-wordpress-auth-rtr.rule=Host(`example.com`) && Path(`/wp-login.php`)"
- "traefik.http.routers.nginx-wordpress-rtr.tls=true"
- "traefik.http.routers.nginx-wordpress-auth-rtr.priority=100"
## HTTP Routers (WordPress) Bypass
- "traefik.http.routers.nginx-wordpress-rtr.entrypoints=https"
- "traefik.http.routers.nginx-wordpress-rtr.rule=Host(`example.com`) || Host(`www.example.com`)"
- "traefik.http.routers.nginx-wordpress-rtr.priority=99"
# Redirect wordpress non-www to www middleware
- "traefik.http.middlewares.wordpress-redirect.redirectregex.regex=^https?://www.example.com/(.*)"
- "traefik.http.middlewares.wordpress-redirect.redirectregex.replacement=https://example.com/$${1}"
- "traefik.http.middlewares.wordpress-redirect.redirectregex.permanent=true"
## Middlewares
- "traefik.http.routers.nginx-wordpress-rtr.middlewares=wordpress-redirect,chain-no-auth-wp#file"
- "traefik.http.routers.nginx-wordpress-auth-rtr.middlewares=wordpress-redirect,chain-authelia#file"
# PHP - Hypertext Preprocessor
php7:
container_name: php7
image: php:7.4-fpm-custom
build:
context: /home/docker/custom/
dockerfile: Dockerfile-php7
restart: unless-stopped
healthcheck:
test: pidof php-fpm
user: 1000:998 # allows upgrading WP and plugins
networks:
- t2_proxy
volumes:
- /home/docker/sites/wordpress/html:/var/www/html/wordpress
- /home/docker/php/php7:/usr/local/etc/php
The Dockerfile used in the 'php7' container is based on official Wordpress php-fpm image:
Dockerfile-php7:
FROM php:7.4-fpm
# persistent dependencies
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
# Ghostscript is required for rendering PDF previews
ghostscript \
; \
rm -rf /var/lib/apt/lists/*
# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions)
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libfreetype6-dev \
libjpeg-dev \
libmagickwand-dev \
libpng-dev \
libwebp-dev \
libzip-dev \
; \
\
docker-php-ext-configure gd \
--with-freetype \
--with-jpeg \
--with-webp \
; \
docker-php-ext-install -j "$(nproc)" \
bcmath \
exif \
gd \
mysqli \
zip \
; \
# https://pecl.php.net/package/imagick
pecl install imagick-3.5.0; \
docker-php-ext-enable imagick; \
rm -r /tmp/pear; \
\
# https://pecl.php.net/package/redis
pecl install redis; \
docker-php-ext-enable redis; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN set -eux; \
docker-php-ext-enable opcache; \
{ \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=4000'; \
echo 'opcache.revalidate_freq=2'; \
echo 'opcache.fast_shutdown=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
echo 'display_errors = Off'; \
echo 'display_startup_errors = Off'; \
echo 'log_errors = On'; \
echo 'error_log = /dev/stderr'; \
echo 'log_errors_max_len = 1024'; \
echo 'ignore_repeated_errors = On'; \
echo 'ignore_repeated_source = Off'; \
echo 'html_errors = Off'; \
} > /usr/local/etc/php/conf.d/error-logging.ini
I ensure that all Wordpress files are in the correct folder:
root#ubuntu:/home/docker# ls -l sites/wordpress/html/
total 220
-rw-r----- 1 1000 998 405 Feb 6 2020 index.php
-rw-r----- 1 1000 998 19915 Jan 1 2021 license.txt
-rw-r----- 1 1000 998 7346 Jul 6 12:23 readme.html
-rw-r----- 1 1000 998 7165 Jan 21 2021 wp-activate.php
drwxr-x--- 9 1000 998 4096 Sep 9 02:20 wp-admin
-rw-r----- 1 1000 998 351 Feb 6 2020 wp-blog-header.php
-rw-r----- 1 1000 998 2328 Feb 17 2021 wp-comments-post.php
-rw-r----- 1 1000 998 3004 May 21 10:40 wp-config-sample.php
-rw-r--r-- 1 1000 998 3153 Oct 5 05:47 wp-config.php
drwxr-x--- 4 1000 998 4096 Sep 9 02:20 wp-content
-rw-r----- 1 1000 998 3939 Jul 30 2020 wp-cron.php
drwxr-x--- 25 1000 998 16384 Sep 9 02:20 wp-includes
-rw-r----- 1 1000 998 2496 Feb 6 2020 wp-links-opml.php
-rw-r----- 1 1000 998 3900 May 15 17:38 wp-load.php
-rw-r----- 1 1000 998 45463 Apr 6 18:39 wp-login.php
-rw-r----- 1 1000 998 8509 Apr 14 2020 wp-mail.php
-rw-r----- 1 1000 998 22297 Jun 1 23:09 wp-settings.php
-rw-r----- 1 1000 998 31693 May 7 20:16 wp-signup.php
-rw-r----- 1 1000 998 4747 Oct 8 2020 wp-trackback.php
-rw-r----- 1 1000 998 3236 Jun 8 2020 xmlrpc.php
And the wp-config is pointing to the correct database:
wp-config.php
-------------
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'wordpress' );
/** MySQL database password */
define( 'DB_PASSWORD', 'wordpress' );
/** MySQL hostname */
define( 'DB_HOST', 'mariadb' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/** Filesystem access **/
define('FS_METHOD', 'direct');
With this setup, when I reach https://example.com I got a "File not found" error.
If I changed the ownership of the Wordpress files folder (/home/docker/sites/wordpress/html/) to 'docker' user I'm able to see the Wordpress app running, but and "Error establishing a database connection"
docker ps -a:
docker logs mariadb:
root#ubuntu-s-1vcpu-1gb-intel-ams3-01:/home/docker# docker logs mariadb
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[env-init] MYSQL_ROOT_PASSWORD set from FILE__MYSQL_ROOT_PASSWORD
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 1000
User gid: 998
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-initialise-db: executing...
Setting Up Initial Databases
Installing MariaDB/MySQL system tables in '/config/databases' ...
2021-10-05 7:53:00 1 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1017: Can't find file: './mysql/' (errno: 2 "No such file or directory")
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following command:
'/usr/bin/mysql_secure_installation'
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the MariaDB Knowledgebase at https://mariadb.com/kb or the
MySQL manual for more instructions.
You can start the MariaDB daemon with:
cd '/usr' ; /usr/bin/mysqld_safe --datadir='/config/databases'
You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/mysql-test' ; perl mysql-test-run.pl
Please report any problems at https://mariadb.org/jira
The latest information about MariaDB is available at https://mariadb.org/.
You can find additional information about the MySQL part at:
https://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
2021-10-05 7:53:01 0 [Note] mysqld (mysqld 10.5.12-MariaDB-log) starting as process 306 ...
2021-10-05 7:53:02 0 [Note] InnoDB: Uses event mutexes
2021-10-05 7:53:02 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2021-10-05 7:53:02 0 [Note] InnoDB: Number of pools: 1
2021-10-05 7:53:02 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2021-10-05 7:53:02 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts)
2021-10-05 7:53:02 0 [Note] InnoDB: Using Linux native AIO
2021-10-05 7:53:02 0 [Note] InnoDB: Initializing buffer pool, total size = 268435456, chunk size = 134217728
2021-10-05 7:53:02 0 [Note] InnoDB: Completed initialization of buffer pool
2021-10-05 7:53:02 0 [Note] InnoDB: 128 rollback segments are active.
2021-10-05 7:53:02 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2021-10-05 7:53:02 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2021-10-05 7:53:02 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2021-10-05 7:53:02 0 [Note] InnoDB: 10.5.12 started; log sequence number 45094; transaction id 20
2021-10-05 7:53:02 0 [Note] Plugin 'FEEDBACK' is disabled.
2021-10-05 7:53:02 0 [Note] InnoDB: Loading buffer pool(s) from /config/databases/ib_buffer_pool
2021-10-05 7:53:02 0 [Note] InnoDB: Buffer pool(s) load completed at 211005 7:53:02
2021-10-05 7:53:02 0 [Note] Server socket created on IP: '::'.
2021-10-05 7:53:02 0 [Note] Reading of all Master_info entries succeeded
2021-10-05 7:53:02 0 [Note] Added new Master_info '' to hash table
2021-10-05 7:53:02 0 [Note] mysqld: ready for connections.
Version: '10.5.12-MariaDB-log' socket: '/run/mysqld/mysqld.sock' port: 3306 MariaDB Server
2021-10-05 7:53:03 0 [Note] mysqld (initiated by: root[root] # localhost []): Normal shutdown
2021-10-05 7:53:03 0 [Note] Event Scheduler: Purging the queue. 0 events
2021-10-05 7:53:03 0 [Note] InnoDB: FTS optimize thread exiting.
2021-10-05 7:53:03 0 [Note] InnoDB: Starting shutdown...
2021-10-05 7:53:03 0 [Note] InnoDB: Dumping buffer pool(s) to /config/databases/ib_buffer_pool
2021-10-05 7:53:03 0 [Note] InnoDB: Buffer pool(s) dump completed at 211005 7:53:03
2021-10-05 7:53:04 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2021-10-05 7:53:04 0 [Note] InnoDB: Shutdown completed; log sequence number 45106; transaction id 23
2021-10-05 7:53:04 0 [Note] mysqld: Shutdown complete
Database Setup Completed
[cont-init.d] 40-initialise-db: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
211005 07:53:05 mysqld_safe Logging to '/config/databases/1e14f4ec3953.err'.
211005 07:53:05 mysqld_safe Starting mariadbd daemon with databases from /config/databases
docker logs php7:
[05-Oct-2021 05:52:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'pdo_mysql' (tried: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdo_mysql (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdo_mysql: cannot open shared object file: No such file or directory), /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdo_mysql.so (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdo_mysql.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
[05-Oct-2021 05:52:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'mcrypt' (tried: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/mcrypt (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/mcrypt: cannot open shared object file: No such file or directory), /usr/local/lib/php/extensions/no-debug-non-zts-20190902/mcrypt.so (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/mcrypt.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
[05-Oct-2021 05:52:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'pspell' (tried: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pspell (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/pspell: cannot open shared object file: No such file or directory), /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pspell.so (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/pspell.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
[05-Oct-2021 05:52:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'sockets' (tried: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/sockets (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/sockets: cannot open shared object file: No such file or directory), /usr/local/lib/php/extensions/no-debug-non-zts-20190902/sockets.so (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/sockets.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
[05-Oct-2021 05:52:57] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'ssh2' (tried: /usr/local/lib/php/extensions/no-debug-non-zts-20190902/ssh2 (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/ssh2: cannot open shared object file: No such file or directory), /usr/local/lib/php/extensions/no-debug-non-zts-20190902/ssh2.so (/usr/local/lib/php/extensions/no-debug-non-zts-20190902/ssh2.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: fpm is running, pid 1
[05-Oct-2021 05:52:58] NOTICE: ready to handle connections
192.168.90.10 - 05/Oct/2021:05:57:30 +0000 "GET /index.php" 404
192.168.90.10 - 05/Oct/2021:05:57:32 +0000 "GET /index.php" 404
192.168.90.10 - 05/Oct/2021:05:59:02 +0000 "GET /index.php" 404
192.168.90.10 - 05/Oct/2021:06:00:00 +0000 "GET /index.php" 404
192.168.90.10 - 05/Oct/2021:06:23:19 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:23:20 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:23:21 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:25:23 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:25:24 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:25:24 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:26:39 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:26:40 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:27:22 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:30 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:31 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:31 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:31 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:32 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:32 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:32 +0000 "GET /index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:41 +0000 "GET /wp-admin/index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:42 +0000 "GET /wp-admin/index.php" 500
192.168.90.10 - 05/Oct/2021:06:29:43 +0000 "GET /wp-admin/index.php" 500
192.168.90.10 - 05/Oct/2021:06:31:36 +0000 "GET /wp-admin/index.php" 500
I think my problem is something with the PUID/PGID and users, but I can't get it work. Hope someone could point me in the right direction.
Thank you all in advance!
It's because of the complicated and so strict that your file permission configured. I think that you are trying to config your php-fpm to use user 1000 and group 998. But it is a wrong way because php-fpm also need to access to /usr/local/lib/php/* to load php extensions. Php-fpm has it owned mechanism to to switch to another user to serve client request while using root (or other power user to load PHP/system configurations). Because you are not using root to start php-fpm so it does not have permission to switch to another user, so you see the logs:
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[05-Oct-2021 05:52:58] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
There are many ways to resolve your problems. If you still expect to use too strict the file permission like that, you will have to keep running php-fpm as root but on the php-fpm configuration (usually at etc/php-fpm.d/*.conf), you set user to 1000 and group to 998, so php-fpm will use that user and group to serve your client request and that user will be able to read your current source code files. However, I think you will have to make sure that user 1000 and 998 are existed in the image.
Secondly, I think your permission model is too strict and not necessary. I will grant +r for public to the source code files and start php-fpm as root (by default it will use www user to serve clients).

Artifactory failed to initialize due to derby file log size

i'm stuck with an artifactory problem, my artifactory webpage return a 500 status failed to initialize.
First I try to restart the service systemclt restart artifactory.service. The service start with any error output during the operation. Here the output of a systemctl status artifactory after the restart, I try to stop and start too but same result:
➜ log systemctl status artifactory.service -l
● artifactory.service - LSB: Start Artifactory on Tomcat
Loaded: loaded (/etc/init.d/artifactory)
Active: active (running) since mer. 2020-07-22 15:42:06 CEST; 1h 50min ago
Process: 4751 ExecStop=/etc/init.d/artifactory stop (code=exited, status=0/SUCCESS)
Process: 4849 ExecStart=/etc/init.d/artifactory start (code=exited, status=0/SUCCESS)
Main PID: 4915 (java)
CGroup: /system.slice/artifactory.service
‣ 4915 /usr/bin/java -Djava.util.logging.config.file=/home/artifactory/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC -Djruby.compile.invokedynamic=false -Dfile.encoding=UTF8 -Dartdist=zip -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dartifactory.home=/home/artifactory -Djava.endorsed.dirs=/home/artifactory/tomcat/endorsed -classpath /home/artifactory/tomcat/bin/bootstrap.jar:/home/artifactory/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/artifactory/tomcat -Dcatalina.home=/home/artifactory/tomcat -Djava.io.tmpdir=/home/artifactory/tomcat/temp org.apache.catalina.startup.Bootstrap start
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using ARTIFACTORY_PID: /home/artifactory/run/artifactory.pid
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using CATALINA_BASE: /home/artifactory/tomcat
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using CATALINA_HOME: /home/artifactory/tomcat
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using CATALINA_TMPDIR: /home/artifactory/tomcat/temp
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using JRE_HOME: /usr
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using CLASSPATH: /home/artifactory/tomcat/bin/bootstrap.jar:/home/artifactory/tomcat/bin/tomcat-juli.jar
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Using CATALINA_PID: /home/artifactory/run/artifactory.pid
juil. 22 15:42:04 ns337904.ip-**-***-***.** artifactory[4849]: Tomcat started.
juil. 22 15:42:06 ns337904.ip-**-***-***.** artifactory[4849]: Artifactory Tomcat started in normal mode
juil. 22 15:42:06 ns337904.ip-**-***-***.** systemd[1]: Started LSB: Start Artifactory on Tomcat.
But problem isn't fixed. The first error before the restart in the artifactory.log : https://pastebin.com/XEfFmN19
After the restart : https://pastebin.com/EJLAJT91
When I go to the derby.log file same error logged with no more informations. The concerned file(i think) by the error :
➜ cd /home/artifactory/data/derby/log
➜ log ll
total 257M
-rw-r--r-- 1 artifactory artifactory 256M juil. 17 01:05 log3955.dat
-rw-r--r-- 1 root artifactory 0 juil. 22 15:42 log3956.dat
-rw-r--r-- 1 artifactory artifactory 48 juil. 22 15:42 log.ctrl
-rw-r--r-- 1 artifactory artifactory 48 juil. 22 15:42 logmirror.ctrl
-rw-r--r-- 1 artifactory artifactory 532 juil. 10 2016 README_DO_NOT_TOUCH_FILES.txt
So apparently it's a size log file problem. But I don't know how to solve that.
I search in the artifactory conf and see nothing to upgrade the max allow size.
I see nothing in the artifacory docs about that. Anyway I don't know if it's the best way to handle the problem.
Thanks for help
I suggest you consider using an outside db instead of using derby
this link suggests some workarounds on reclaiming space or changing the default storage

Openstack Newton Glance Error during db_sync

During the initial configuration of Glance, while running:
su -s /bin/sh -c "glance-manage db_sync" glance`
I get the following error:
2017-07-18 12:14:04.381 14001 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table image_members
2017-07-18 12:14:05.095 14001 INFO migrate.versioning.api [-] done
2017-07-18 12:14:05.095 14001 INFO migrate.versioning.api [-] 8 -> 9...
2017-07-18 12:14:05.819 14001 INFO migrate.versioning.api [-] done
2017-07-18 12:14:05.820 14001 INFO migrate.versioning.api [-] 9 -> 10...
2017-07-18 12:14:05.861 14001 INFO migrate.versioning.api [-] done
2017-07-18 12:14:05.861 14001 INFO migrate.versioning.api [-] 10 -> 11...
2017-07-18 12:14:06.494 14001 INFO migrate.versioning.api [-] done
2017-07-18 12:14:06.494 14001 INFO migrate.versioning.api [-] 11 -> 12...
2017-07-18 12:14:06.604 14001 CRITICAL glance [-] ArgumentError: Column type VARCHAR(36) on column 'images.id' is not compatible with autoincrement=True
Is anyone able to help me out with this?
Edit: please upgrade sqlalchemy-migrate to 0.11.0 to resolve this issue.
Credit goes to Mike Bayer.
====
I just met exactly the same bug.
It turns out downgrading SQLAlchemy from 1.1 to 1.0 solves the issue.
After you do sudo pip uninstall sqlalchemy && sudo pip install sqlalchemy==1.0
Just run sudo dpkg-reconfigure glance-common
to reconfigure the glance upgrading script.
I submitted a bug on glance bug tracker here:
https://bugs.launchpad.net/glance/+bug/1723097
And an email in SQLAlchemy mailing list:
https://groups.google.com/forum/#!topic/sqlalchemy/xoBcc6UnpWo

uWSGI, Nginx, Flask app service keeps failing

Going to my app produces a 502 gateway error. Found out that it was because my how_lit.service is failing. But I am having trouble finding out why.
Tried editing the application and the ini document. Cannot figure out whats wrong.
The Nginx and uWSGI services are up and running fine.
Service Status:
lit#digitalocean:~/howlit$ sudo service how_lit status
[sudo] password for lit:
● how_lit.service - uWSGI instance to serve how lit rest api
Loaded: loaded (/etc/systemd/system/how_lit.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2016-08-04 00:30:44 EDT; 5 days ago
Process: 14294 ExecStart=/home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini (code=exited, status=1/FAILURE)
Main PID: 14294 (code=exited, status=1/FAILURE)
Aug 04 00:30:44 digitalocean systemd[1]: Started uWSGI instance to serve how lit rest api.
Aug 04 00:30:44 digitalocean uwsgi[14294]: [uWSGI] getting INI configuration from /home/lit/howlit/howlit.ini
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Main process exited, code=exited, status=1/FAILURE
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Unit entered failed state.
Aug 04 00:30:44 digitalocean systemd[1]: how_lit.service: Failed with result 'exit-code'.
Directory and Permissions:
lit#digitalocean:~/howlit$ ls -l .
total 16
drwx---r-x 6 lit www-data 4096 Jul 29 11:47 env
-rwx---r-x 1 lit www-data 202 Aug 3 23:29 howlit.ini
-rwx---r-x 1 lit www-data 1203 Aug 3 23:01 how_lit_restapi.py
-rwxr-xr-x 1 lit www-data 72 Aug 3 23:27 wsgi.py
/etc/systemd/system/how_lit.service:
lit#digitalocean:~/howlit$ cat /etc/systemd/system/how_lit.service
[Unit]
Description=uWSGI instance to serve how lit rest api
After=network.target
[Service]
User=lit
Group=www-data
WorkingDirectory=/home/lit/howlit/
Environment="PATH=/home/lit/howlit/env/bin"
ExecStart=/home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini
[Install]
WantedBy=multi-user.target
howlit.ini file:
lit#digitalocean:~/howlit$ cat howlit.ini
[uwsgi]
module = wsgi:app
uid = lit
gid = www-data
master = true
processes = 5
socket = how_lit_restapi.sock
chmod-sock = 666
vacum = true
die-on-term = true
gto = /var/log/uwsgi/%n.log
Tried running it by hand:
lit#digitalocean:~/howlit$ /home/lit/howlit/env/bin/uwsgi --ini /home/lit/howlit/howlit.ini
[uWSGI] getting INI configuration from /home/lit/howlit/howlit.ini
*** Starting uWSGI 2.0.13.1 (64bit) on [Tue Aug 9 18:28:25 2016] ***
compiled with version: 5.4.0 20160609 on 29 July 2016 11:48:08
os: Linux-4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
nodename: digitalocean
machine: x86_64
clock source: unix
detected number of CPU cores: 1
current working directory: /home/lit/howlit
detected binary path: /home/lit/howlit/env/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
your processes number limit is 1896
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
bind(): Permission denied [core/socket.c line 230]
permission error again?
SOLVED IT: By sending my socket into tmp, but still getting bad gateway error when I navigate to my site :(
Solved my own problem.
First I checked my services.
sudo service nginx status
sudo service uwsgi status
sudo service how_lit status
then I saw them all running and up but was still getting the bad gateway error. Well after checking the logs had no errors. I had to assume my configs.
Then I realized my mistake....I never restarted all of it, just certain parts at certain times. So I restarted every single one as such:
sudo service nginx restart
sudo service uwsgi restart
sudo service how_lit restart
now it works.
About the permission issue I tried it by putting the socket into the /tmp directory that way www-data group users can access it as well as root. I learned that you need to be able to create the socket and allow access to the system for it.
I moved it out of tmp btw later for production as I was told that was not best practice.

Resources