Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Backports seems to be done. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-729923695___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Closed #2391. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#event-4012528952___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
It should be fixed with referenced commit from above. Lets wait a bit for packaging tests and then i will backport as well. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691025581___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Ok, this sounds indeed easy, I will do it then. :-) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691021646___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
then we can add this string into [`kamailio.service`](https://github.com/kamailio/kamailio/blob/master/pkg/kamailio/obs/kamailio.service) ``` AmbientCapabilities=CAP_CHOWN ``` That will be more simple. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691019945___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
> The file can be added, need to define which package. > If a file will be added into `kamailio` package, then it will affect all > installation. > > We can define cfg packages like > > ``` > kamailio-cfg-siremis > ``` > > When you install siremis, then need to install a specific cfg package. Hi Sergey, this is needed for jsonrpcs and ctl module and generally unrelated to SIREMIS. Both modules are in the default cfg. So it should be probably added to the main kamailio unit. See also comment from Daniel above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691016663___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
File can be added, need to define which package. If file will be added into `kamailio` package, then it will affect all installation. We can defined cfg packages like ``` kamailio-cfg-siremis ``` When you install siremis, then install specific cfg package. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691012066___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
@sergey-safarov, @linuxmaniac could you add the necessary file from comment https://github.com/kamailio/kamailio/issues/2391#issuecomment-654726464 to debian and rpm packaging? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-691008036___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
I can add the required permissions to `systemd` unit file. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-684885775___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
If I understood right, it is about kamailio being able to do chown internally. At least `ctl` module needs this capability as well. Probably connecting with kamcmd or kamcli face same problem if they are configured to run under different user/group, like it happens with apache2 (running siremis). As the chown is inside kamailio code, my opinion is that this systemd option should be included in kamailio unit. The ctl and jsonrpc modules are loaded in default config file, so changing its parameters should be as smooth as possible with default systemd unit. We practically keep the same capabilities as it used to be with init.d. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-682342825___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
I think it should be documented in the jsonrpcs module, as packaging is probably a bit too much for this special case. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-670059923___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Is anything left to be addressed on this issue? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-668181785___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
> make it sense to add it to debian packaging? As it does not need in most cases, I think best options a package `/etc/systemd/system/kamailio.service.d/20-siremis.conf` for other packages then `kamailio`. This may be `kamailio-cfg-siremis` or `siremis` itself. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-654765100___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
I just did a quick grep, it seems this is the only one. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-654761452___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Do we have more modules with the same behavior? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-654754829___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
> > > @henningw please create file > `/etc/systemd/system/kamailio.service.d/20-siremis.conf` with content > > ``` > [Service] > AmbientCapabilities=CAP_CHOWN > ``` > > and then execute commands > > ```shell > systemctl daemon-reload > systemctl restart kamailio > systemctl status kamailio > ``` Thanks, this worked great: root@kam01:/home/henning# ls -la /var/run/kamailio/kamailio_rpc.sock srw-rw 1 www-data root 0 Jul 7 09:28 /var/run/kamailio/kamailio_rpc.sock @linuxmaniac - make it sense to add it to debian packaging? Otherwise I can just document it in the jsonrpcs README. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-654726464___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
@henningw please create file `/etc/systemd/system/kamailio.service.d/20-siremis.conf` with content ``` [Service] AmbientCapabilities=CAP_CHOWN ``` and then execute commands ```sh systemctl daemon-reload systemctl restart kamailio systemctl status kamailio ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653895314___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
>If we provide this capability in the module, it should work in our packages as >well. If you want to add these extra capabilities via `SIREMIS` package, then yes. That will works. Required create drop-in like `/etc/systemd/system/kamailio.service.d/20-siremis.conf`. This change made to fix the issue https://github.com/kamailio/kamailio/issues/2334. >From my point of view, the correct approach "starts daemons with the specified >user and group". If in some cases this is not enough, then extend capabilities via drop-in. About creation of `/var/run/kamailio` need place `/usr/lib/tmpfiles.d/kamailio.conf` with following content. ``` D /run/kamailio 0700 kamailio kamailio - ``` And after deb package is installed, need to execute a script command like. ``` systemd-tmpfiles --create kamailio.conf >/dev/null 2>&1 ``` Victor Seva @linuxmaniac could you look suggestion above. About extra capabilities via systemd unit file I will make some test. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653890557___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Hi Sergey, the reason to use this parameter is to enable SIREMIS Web GUI to communicate with Kamailio, as you guessed already. To start Kamailio as user www-data is probably not optimal from a security point of view. If we provide this capabiltiy in the module, it should work in our packages as well. Do you remember why we changed this ExecStart in commit 0436af5? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653884835___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Also, you can create drop-in and start Kamailio with required user and group ``` [Service] User=www-data Group=root ``` Or you can create drop-in and start Kamailio as before under root user and then drop process permission > On systemd, to change username or group please create drop-in /etc/systemd/system/kamailio.service.d/10-user_group.conf file, like ``` [Service] User=root Group=root ExecStart= ExecStart=/usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f $CFGFILE -m $SHM_MEMORY -M $PKG_MEMORY -u kamailio -g kamailio ``` Blank "ExecStart=" to clean `ExecStart` from the main `kamailio.service` unit file. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653882889___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
```
root@kam01:/home/henning# ls -ld /var/run/kamailio
ls: cannot access '/var/run/kamailio': No such file or directory
root@kam01:/home/henning# ls -l /var/run/kamailio
ls: cannot access '/var/run/kamailio': No such file or directory
```
Looks as not exist tmpfiles configuration file. I will make review of such file
packaging.
About config options
```
modparam("jsonrpcs", "dgram_user", "www-data")
modparam("jsonrpcs", "dgram_group", "root")
```
As now the `kamailio` main process started as a regular user, then the process
does not have the capability to change process user and group.
Extra capabilities may be added process back. Additional info
https://manpages.debian.org/unstable/manpages/capabilities.7.en.html
Why you want to create Unix socket with owner other than default?
Are you manage Kamailio via web server like `nginx`, `apache`?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2391#issuecomment-653881421___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
> all files under `/var/run/` (a symbolic link to `/run`) must be created from > scratch on server reboot. > Could you make a test: > > 1. systemctl disable kamailio > 2. reboot > 3. ls -ld /var/run/kamailio > 4. ls -l /var/run/kamailio > 5. systemctl enable --now kamailio > 6. ls -ld /var/run/kamailio > 7. ls -l /var/run/kamailio > > And paste here output of these commands. This is without the problematic cfg parameter: root@kam01:/home/henning# systemctl disable kamailio Synchronizing state of kamailio.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable kamailio Removed /etc/systemd/system/multi-user.target.wants/kamailio.service. reboot root@kam01:/home/henning# ls -ld /var/run/kamailio ls: cannot access '/var/run/kamailio': No such file or directory root@kam01:/home/henning# ls -l /var/run/kamailio ls: cannot access '/var/run/kamailio': No such file or directory root@kam01:/home/henning# systemctl enable --now kamailio Synchronizing state of kamailio.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable kamailio Created symlink /etc/systemd/system/multi-user.target.wants/kamailio.service → /lib/systemd/system/kamailio.service. root@kam01:/home/henning# ls -ld /var/run/kamailio drwxr-x--- 2 kamailio kamailio 120 Jul 5 10:46 /var/run/kamailio root@kam01:/home/henning# ls -l /var/run/kamailio total 4 srw--- 1 kamailio kamailio 0 Jul 5 10:46 kamailio_ctl -rw-r--r-- 1 kamailio kamailio 5 Jul 5 10:46 kamailio.pid prw-rw 1 kamailio kamailio 0 Jul 5 10:46 kamailio_rpc.fifo srw-rw 1 kamailio kamailio 0 Jul 5 10:46 kamailio_rpc.sock -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653872669___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
> Is it reproducible on clean installation? Or only after upgrade? > > Is issue fixed after server reboot? Thanks Sergey. I did a server reboot, did not changes anything. Will now try the other steps. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653872050___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
all files under `/var/run/` (a symbolic link to `/run`) must be created from scratch on server reboot. Could you make a test: 1) systemctl disable kamailio 2) reboot 3) ls -ld /var/run/kamailio 4) ls -l /var/run/kamailio 5) systemctl enable --now kamailio 6) ls -ld /var/run/kamailio 7) ls -l /var/run/kamailio And paste here output of these commands. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653871306___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] commit 0436af5abd8b73e breaks startup for jsonrpcs module (#2391)
Is it reproducible on clean installation? Or only after upgrade? Is issue fixed after server reboot? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2391#issuecomment-653869404___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
