Date
1 - 4 of 4
Which user monit runs as?
|
Vincent Latombe <vlatombe@...>
Hi,
I'm trying to debug an issue related to one of my jobs and I just want a clarification regarding what user 'monit' is run as when executing the bosh deployment. My current environment, if that helps : PCF 1.5.2 - Stemcell 3062 In the documentation (https://bosh.io/docs/vm-monit.html#using-monit), it seems monit is expected to run as root, but when ssh'ing to the box then open a shell as root, 'monit summary' gives me back monit: The control file '/var/vcap/bosh/etc/monitrc' must be owned by you. Indeed, /var/vcap/bosh/etc/monitrc is owned by user 'vcap'. Thank you for your advices, |
|
|
|
Cyrille Le Clerc
Dear all,
To give more details, * We understand that monit should run the control scripts as root - see https://bosh.io/docs/vm-monit.html * we have the feeling that on PCF 1.5.2 for AWS + stemcell ubuntu-3062, monit is executed with different a user dependending on whether monit runs for the first time on the server (creating a new server during a bosh deploy) or restarts (updating the server during a bosh deploy). We have a problem when monit tries to execute "docker_ctl" (1) during a "bosh deploy" that updates an existing server In /var/vcap/data/sys/log/monit/docker.err.log, we have "dpkg: error: requested operation requires superuser privilege" This lets us think that this docker_ctl is executed by monit as "vcap" and not as root. Cyrille (1) https://github.com/cf-platform-eng/docker-boshrelease/blob/master/jobs/docker/templates/bin/docker_ctl On Fri, Sep 11, 2015 at 10:32 AM, Vincent Latombe <vlatombe(a)cloudbees.com> wrote: clarification regarding what user 'monit' is run as when executing the bosh deployment. seems monit is expected to run as root, but when ssh'ing to the box then open a shell as root, 'monit summary' gives me back monit: The control file '/var/vcap/bosh/etc/monitrc' must be owned by you. -- Cyrille Le Clerc email & gtalk : cleclerc(a)cloudbees.com / mob: +33-6.61.33.69.86 / skype: cyrille.leclerc CloudBees, Inc www.cloudbees.com |
|
|
|
Vincent Latombe <vlatombe@...>
Hello again,
it seems like our manual fiddling on the server had led us to a wrong direction. What we are actually experiencing : - On a fresh deploy (new stemcell, new package), we get a successful deployment - On a config change in our package (any change actually), the 'bosh -n deploy' fails. From the logs after execution of bosh -n deploy, I found the following bosh/log/@4000000055f2e2d51f95c6fc.s:2015-09-11_14:13:23.92877 [Cmd Runner] 2015/09/11 14:13:23 DEBUG - /var/vcap/bosh/bin/monit Stderr: monit: The control file '/var/vcap/bosh/etc/*monitrc*monitrc' must be owned by you. bosh/log/@4000000055f2e2d51f95c6fc.s:2015-09-11_14:13:23.92880 [monitJobSupervisor] 2015/09/11 14:13:23 ERROR - Failed to reload monit Running command: 'monit reload', stdout: '', stderr: 'monit: The control file '/var/vcap/bosh/etc/monitrc*monitrc*' must be owned by you. As I undertand it, as part of the deploy process 'monit reload' is called as root. However at this moment, /var/vcap/bosh/etc/monitrc is owned by vcap:vcap, and monit complains. I chowned /var/vcap/bosh/etc/monitrc to root:root and relaunched bosh -n deploy. Deployment succeeded. Then, I checked again permissions on this file, and it has been chown'ed back to vcap:vcap, so I'm pretty sure the next deployment will fail again because of the same previous error. Can you help us on this? Best regards, Vincent On Fri, Sep 11, 2015 at 12:12 PM Cyrille Le Clerc <cleclerc(a)cloudbees.com> wrote: Dear all,Vincent |
|
|
|
Vincent Latombe <vlatombe@...>
We just found where the issue was coming from, there was a chown -R
vcap:vcap /var/vcap lying in one of our packages. Sorry for the disturbance, On Fri, Sep 11, 2015 at 4:55 PM Vincent Latombe <vlatombe(a)cloudbees.com> wrote: Hello again,-- Vincent |
|
|