Re: [lxc-users] LXC container and Systemd
On Fri, Aug 10, 2018 at 5:12 PM, Goran wrote: > Your test-asuser.service works as intended. If I change the user and > group to grafana it shows the same problems. > > # id grafana > uid=207(grafana) gid=207(grafana) groups=207(grafana) > > # cat /etc/passwd > ... > grafana:x:207:207::/var/lib/grafana:/sbin/nologin > ... > > cat /etc/group > ... > grafana:x:207: > ... > > Hmm ... not sure what happens. Probably /var/lib/grafana doesn't exist? Unless you got help from somebody more familiar with systemd, I'd just do one of these: - start as root in the systemd unit, then use runasuser/su (this already works), or - delete (preserving its files), recreate the user (possibly using "useradd -m" to create a "normal" user with /home directory, just in case), and chown grafana's files afterwards. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
Your test-asuser.service works as intended. If I change the user and group to grafana it shows the same problems. # id grafana uid=207(grafana) gid=207(grafana) groups=207(grafana) # cat /etc/passwd ... grafana:x:207:207::/var/lib/grafana:/sbin/nologin ... cat /etc/group ... grafana:x:207: ... Thanks for all the help 2018-08-10 11:58 GMT+02:00 Fajar A. Nugraha : > On Fri, Aug 10, 2018 at 4:38 PM, Goran wrote: >> >> Always the same behavior, if the binary is executed as a user >> different from root, systemd does not find the binary. >> >> In this case >> >> # which bash >> /usr/bin/bash >> >> can't be found by systemd. ExecStart=whatsoever does not work. It >> doesn't matter if it's bash or grafana-server as long the user differs >> from root. >> > > > This test unit works fine for me in lxd. Container created using "lxc launch > images:archlinux arch-test" > > ## > # cat /etc/systemd/system/test-asuser.service > [Unit] > Description=run as user test > > [Service] > User=nobody > Group=nobody > > Type=oneshot > ExecStart=/bin/bash -c 'echo $(date) id is $(id) >> /tmp/test-asuser.log' > ## > > How did you create your container? If you use lxc (not lxd), try the > 'download' template. > > -- > Fajar > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
On Fri, Aug 10, 2018 at 4:38 PM, Goran wrote: > Always the same behavior, if the binary is executed as a user > different from root, systemd does not find the binary. > > In this case > > # which bash > /usr/bin/bash > > can't be found by systemd. ExecStart=whatsoever does not work. It > doesn't matter if it's bash or grafana-server as long the user differs > from root. > > This test unit works fine for me in lxd. Container created using "lxc launch images:archlinux arch-test" ## # cat /etc/systemd/system/test-asuser.service [Unit] Description=run as user test [Service] User=nobody Group=nobody Type=oneshot ExecStart=/bin/bash -c 'echo $(date) id is $(id) >> /tmp/test-asuser.log' ## How did you create your container? If you use lxc (not lxd), try the 'download' template. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
Always the same behavior, if the binary is executed as a user different from root, systemd does not find the binary. In this case # which bash /usr/bin/bash can't be found by systemd. ExecStart=whatsoever does not work. It doesn't matter if it's bash or grafana-server as long the user differs from root. 2018-08-10 3:04 GMT+02:00 Fajar A. Nugraha : > On Thu, Aug 9, 2018 at 8:11 PM, Goran wrote: >> >> I did as you told. What I can say is that the user/group directive are >> the problem. >> >> With this config it works: >> > > > Now we're getting somehwere :D > > >> >> [Unit] >> Description=Grafana service >> After=network.target >> >> [Service] >> # User=grafana >> # Group=grafana >> # WorkingDirectory=/usr/share/grafana >> # ExecStart=/usr/bin/grafana-server -config=/etc/grafana.ini >> ExecStart=/usr/bin/runuser -s /bin/bash -g grafana -l grafana -c >> 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana' >> LimitNOFILE=1 >> TimeoutStopSec=20 >> SuccessExitStatus=0 2 >> >> [Install] >> WantedBy=multi-user.target >> >> What I don't understand is why the user/group directive are not >> accepted and quitted with error >> >> Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed to >> determine user credentials: No such process >> Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed at >> step USER spawning /usr/bin/runuser: No such process >> > > > This looks promising: "/usr/bin/runuser: No such process" > > Try something like this: > > [Service] > User=grafana > Group=grafana > ExecStart=/bin/bash -c 'grafana-server -config=/etc/grafana.ini -homepath > /usr/share/grafana' > > -- > Fajar > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
On Thu, Aug 9, 2018 at 8:11 PM, Goran wrote: > I did as you told. What I can say is that the user/group directive are > the problem. > > With this config it works: > > Now we're getting somehwere :D > [Unit] > Description=Grafana service > After=network.target > > [Service] > # User=grafana > # Group=grafana > # WorkingDirectory=/usr/share/grafana > # ExecStart=/usr/bin/grafana-server -config=/etc/grafana.ini > ExecStart=/usr/bin/runuser -s /bin/bash -g grafana -l grafana -c > 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana' > LimitNOFILE=1 > TimeoutStopSec=20 > SuccessExitStatus=0 2 > > [Install] > WantedBy=multi-user.target > > What I don't understand is why the user/group directive are not > accepted and quitted with error > > Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed to > determine user credentials: No such process > Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed at > step USER spawning /usr/bin/runuser: No such process > > This looks promising: "/usr/bin/runuser: No such process" Try something like this: [Service] User=grafana Group=grafana ExecStart=/bin/bash -c 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana' -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
I did as you told. What I can say is that the user/group directive are the problem. With this config it works: [Unit] Description=Grafana service After=network.target [Service] # User=grafana # Group=grafana # WorkingDirectory=/usr/share/grafana # ExecStart=/usr/bin/grafana-server -config=/etc/grafana.ini ExecStart=/usr/bin/runuser -s /bin/bash -g grafana -l grafana -c 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana' LimitNOFILE=1 TimeoutStopSec=20 SuccessExitStatus=0 2 [Install] WantedBy=multi-user.target What I don't understand is why the user/group directive are not accepted and quitted with error Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed to determine user credentials: No such process Aug 09 13:06:10 monitor systemd[25843]: grafana.service: Failed at step USER spawning /usr/bin/runuser: No such process User and group are available: # id grafana uid=207(grafana) gid=207(grafana) groups=207(grafana) 2018-08-09 10:30 GMT+02:00 Fajar A. Nugraha : > On Tue, Aug 7, 2018 at 11:13 PM, Goran wrote: >> >> I'm starting Grafana on top of Arch Linux without problem. But when I >> install Grafana into an Arch Linux LXC container on top of Arch Linux >> OS I can't start it. >> >> The error is: >> >> systemd[24509]: grafana.service: Failed to determine user credentials: >> No such process >> systemd[24509]: grafana.service: Failed at step USER spawning >> /usr/bin/grafana-server: No such process >> >> It looks like a systemd error but it's working on top of a real OS. >> >> Here is my grafana.service file: https://pastebin.com/T8XU98XT >> >> I can start Grafana without any problems with >> >> runuser -s /bin/bash -g grafana -l grafana -c 'grafana-server >> -config=/etc/grafana.ini -homepath /usr/share/grafana' >> > > To confirm: you can start it by logging into the container and run the above > command? > > >> >> It looks like LXC is hindering systemd to start the process. >> > > > I think the easiest way to troubleshoot is just use that command in a > systemd unit. Something like > > [Unit] > Description=Simple run test > > [Service] > ExecStart=/bin/bash -c "runuser -s /bin/bash -g grafana -l grafana -c > 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana'" > > [Install] > WantedBy=multi-user.target > > > Put it as a some service file somewhere on /etc/systemd/system, start it, > and see what happens. If that works, you can start changing up the service > to look more like the original while finding out which lines from the > original service file is problematic. > > -- > Fajar > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
I tried but no success. 2018-08-09 9:54 GMT+02:00 Andrey Repin : > Greetings, Goran! > >> I log into Arch Linux OS. Form there I attach to the container > >> # lxc-attach -n monitor > >> The container itself is hosting Arch Linux too. > > Try > lxc-attach -n monitor -- su -l > > > -- > With best regards, > Andrey Repin > Thursday, August 9, 2018 10:52:02 > > Sorry for my terrible english... > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
On Tue, Aug 7, 2018 at 11:13 PM, Goran wrote: > I'm starting Grafana on top of Arch Linux without problem. But when I > install Grafana into an Arch Linux LXC container on top of Arch Linux > OS I can't start it. > > The error is: > > systemd[24509]: grafana.service: Failed to determine user credentials: > No such process > systemd[24509]: grafana.service: Failed at step USER spawning > /usr/bin/grafana-server: No such process > > It looks like a systemd error but it's working on top of a real OS. > > Here is my grafana.service file: https://pastebin.com/T8XU98XT > > I can start Grafana without any problems with > > runuser -s /bin/bash -g grafana -l grafana -c 'grafana-server > -config=/etc/grafana.ini -homepath /usr/share/grafana' > > To confirm: you can start it by logging into the container and run the above command? > It looks like LXC is hindering systemd to start the process. > > I think the easiest way to troubleshoot is just use that command in a systemd unit. Something like [Unit] Description=Simple run test [Service] ExecStart=/bin/bash -c "runuser -s /bin/bash -g grafana -l grafana -c 'grafana-server -config=/etc/grafana.ini -homepath /usr/share/grafana'" [Install] WantedBy=multi-user.target Put it as a some service file somewhere on /etc/systemd/system, start it, and see what happens. If that works, you can start changing up the service to look more like the original while finding out which lines from the original service file is problematic. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
I log into Arch Linux OS. Form there I attach to the container # lxc-attach -n monitor The container itself is hosting Arch Linux too. 2018-08-08 13:28 GMT+02:00 Andrey Repin : > Greetings, Goran! > >> # cat /proc/self/uid >> cat: /proc/self/uid: No such file or directory > >> I do not log into the container but attach to it. > > How do you attach? > > > -- > With best regards, > Andrey Repin > Wednesday, August 8, 2018 14:28:13 > > Sorry for my terrible english... > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
Greetings, Goran! > # cat /proc/self/uid > cat: /proc/self/uid: No such file or directory > I do not log into the container but attach to it. How do you attach? -- With best regards, Andrey Repin Wednesday, August 8, 2018 14:28:13 Sorry for my terrible english... ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
The uid map is available # cat /proc/self/uid_map 0 0 4294967295 2018-08-07 22:54 GMT+02:00 Goran : > # cat /proc/self/uid > cat: /proc/self/uid: No such file or directory > > I do not log into the container but attach to it. > > 2018-08-07 20:17 GMT+02:00 Serge E. Hallyn : >> Quoting Goran (sendmailtogo...@gmail.com): >>> 2018-08-07 18:34 GMT+02:00 Serge E. Hallyn : >>> > Quoting Goran (sendmailtogo...@gmail.com): >>> >> I'm starting Grafana on top of Arch Linux without problem. But when I >>> >> ... >>> >> It looks like LXC is hindering systemd to start the process. >>> > >>> > What are the uid and gid of 'grafana' in the container? Do they >>> > fit into the container's uid allocation? >>> > ... >>> >>> uid=207(grafana) gid=207(grafana) groups=207(grafana) >>> >>> How can I find the container's uid allocation? >> >> cat /proc/self/uid when logged into the container. >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
# cat /proc/self/uid cat: /proc/self/uid: No such file or directory I do not log into the container but attach to it. 2018-08-07 20:17 GMT+02:00 Serge E. Hallyn : > Quoting Goran (sendmailtogo...@gmail.com): >> 2018-08-07 18:34 GMT+02:00 Serge E. Hallyn : >> > Quoting Goran (sendmailtogo...@gmail.com): >> >> I'm starting Grafana on top of Arch Linux without problem. But when I >> >> ... >> >> It looks like LXC is hindering systemd to start the process. >> > >> > What are the uid and gid of 'grafana' in the container? Do they >> > fit into the container's uid allocation? >> > ... >> >> uid=207(grafana) gid=207(grafana) groups=207(grafana) >> >> How can I find the container's uid allocation? > > cat /proc/self/uid when logged into the container. > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
Quoting Goran (sendmailtogo...@gmail.com): > 2018-08-07 18:34 GMT+02:00 Serge E. Hallyn : > > Quoting Goran (sendmailtogo...@gmail.com): > >> I'm starting Grafana on top of Arch Linux without problem. But when I > >> ... > >> It looks like LXC is hindering systemd to start the process. > > > > What are the uid and gid of 'grafana' in the container? Do they > > fit into the container's uid allocation? > > ... > > uid=207(grafana) gid=207(grafana) groups=207(grafana) > > How can I find the container's uid allocation? cat /proc/self/uid when logged into the container. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
2018-08-07 18:34 GMT+02:00 Serge E. Hallyn : > Quoting Goran (sendmailtogo...@gmail.com): >> I'm starting Grafana on top of Arch Linux without problem. But when I >> ... >> It looks like LXC is hindering systemd to start the process. > > What are the uid and gid of 'grafana' in the container? Do they > fit into the container's uid allocation? > ... uid=207(grafana) gid=207(grafana) groups=207(grafana) How can I find the container's uid allocation? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC container and Systemd
Quoting Goran (sendmailtogo...@gmail.com): > I'm starting Grafana on top of Arch Linux without problem. But when I > install Grafana into an Arch Linux LXC container on top of Arch Linux > OS I can't start it. > > The error is: > > systemd[24509]: grafana.service: Failed to determine user credentials: > No such process > systemd[24509]: grafana.service: Failed at step USER spawning > /usr/bin/grafana-server: No such process > > It looks like a systemd error but it's working on top of a real OS. > > Here is my grafana.service file: https://pastebin.com/T8XU98XT > > I can start Grafana without any problems with > > runuser -s /bin/bash -g grafana -l grafana -c 'grafana-server > -config=/etc/grafana.ini -homepath /usr/share/grafana' > > It looks like LXC is hindering systemd to start the process. What are the uid and gid of 'grafana' in the container? Do they fit into the container's uid allocation? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
