Ok, i re-did my entire deployment all over again, making sure that the 'web' user is responsible for all actions taken in the deployment process, including thinking sphinx related tasks.
Now, deltas *DO* Appear on search, but i can't re-index: w...@socialninjaz:/var/www/statussearch2/current$ rake RAILS_ENV=production ts:index (in /var/www/statussearch2/releases/20090523013634) Generating Configuration to /var/www/statussearch2/releases/ 20090523013634/config/production.sphinx.conf /usr/local/bin/indexer --config /var/www/statussearch2/releases/ 20090523013634/config/production.sphinx.conf --all --rotate Sphinx 0.9.8.1-release (r1533) Copyright (c) 2001-2008, Andrew Aksyonoff using config file '/var/www/statussearch2/releases/20090523013634/ config/production.sphinx.conf'... indexing index 'status_update_core'... collected 62039 docs, 5.7 MB collected 0 attr values sorted 0.1 Mvalues, 100.0% done sorted 22.3 Mhits, 97.9% done total 62039 docs, 5703116 bytes total 3146.338 sec, 1812.62 bytes/sec, 19.72 docs/sec indexing index 'status_update_delta'... FATAL: failed to open /var/www/statussearch2/releases/20090523013634/ db/sphinx/production/status_update_delta.tmp.spl: Permission denied, will not index. Try --rotate option. The file exists but under root ownership again. w...@socialninjaz:/var/www/statussearch2/current$ ls -l db/sphinx/ production/ total 133328 -rw-r--r-- 1 web web 2479160 May 24 20:25 status_update_core.spa -rw-r--r-- 1 web web 83895816 May 24 20:25 status_update_core.spd -rw-r--r-- 1 web web 367 May 24 20:25 status_update_core.sph -rw-r--r-- 1 web web 6302754 May 24 20:25 status_update_core.spi -rw------- 1 web web 0 May 24 20:26 status_update_core.spl -rw-r--r-- 1 web web 1266960 May 24 20:25 status_update_core.spm -rw-r--r-- 1 web web 40304468 May 24 20:25 status_update_core.spp -rw-r--r-- 1 root root 30960 May 24 22:30 status_update_delta.spa -rw-r--r-- 1 root root 1165980 May 24 22:30 status_update_delta.spd -rw-r--r-- 1 root root 367 May 24 22:30 status_update_delta.sph -rw-r--r-- 1 root root 364375 May 24 22:30 status_update_delta.spi -rw------- 1 web web 0 May 24 22:30 status_update_delta.spl -rw-r--r-- 1 root root 15476 May 24 22:30 status_update_delta.spm -rw-r--r-- 1 root root 514466 May 24 22:30 status_update_delta.spp -rw-r--r-- 1 root root 0 May 24 22:30 status_update_delta.tmp.spl i made sure that all capistrano activity and cron jobs are operated by the 'web' user... i don't really know what is going on really... On May 23, 9:25 pm, Pat Allan <[email protected]> wrote: > I guess what I was wondering is whether you were using the 'run' > command or the 'sudo' command in your capistrano tasks - I know I've > made the mistake of using the latter when 'run' would have been the > better choice. > > -- > Pat > > On 23/05/2009, at 5:59 PM, Elad Meidar wrote: > > > > > now SSH. i thought about testing the configuration and running process > > manually before deploying with it. > > > On May 23, 6:34 pm, Pat Allan <[email protected]> wrote: > >> How are you running the rake task? Via capistrano? Or ssh'd into your > >> production machine? > > >> -- > >> Pat > > >> On 23/05/2009, at 3:23 PM, Elad Meidar wrote: > > >>> i'm running passenger on the default apache user www-data, i didn't > >>> change nothing from the default apache/passenger installations. > > >>> i tried a little test.... > > >>> i chown'ed the *detla* files to web:web, just like the *core* files > >>> and checked that it really happened. > >>> then, i ran "rake RAILS_ENV=production ts:index --rotate" and listed > >>> the files again. > > >>> owner was again root. > > >>> On May 23, 4:37 pm, Pat Allan <[email protected]> wrote: > >>>> Are your mongrels running as root? Or passenger? This is the > >>>> process > >>>> that will invoke delta indexing, and thus overwrite the existing > >>>> files > >>>> to new ones with root access only. > > >>>> -- > >>>> Pat > > >>>> On 23/05/2009, at 1:34 PM, Elad Meidar wrote: > > >>>>> Well, i moved everything to web > >>>>> (ts:stop, ts:index, :ts:start after clearing all the db/sphinx > >>>>> folder) > > >>>>> but still all the delta files are created under the root > >>>>> ownership, i > >>>>> really don't know why.. i am sure that only the web user is doing > >>>>> any > >>>>> kind of thinking_sphinx related actions. > >>>>> when i manually chown the files to be under the "web" user, deltas > >>>>> appear on search and everything is awesome. > > >>>>> this is my crontab for the web user... any idea how or who is > >>>>> changing > >>>>> those files ownerships? > > >>>>> */2 * * * * cd /var/www/statussearch2/current/ && rake > >>>>> RAILS_ENV=production ts:index --rotate > >>>>> * */5 * * * cd /var/www/statussearch2/current/ && rake > >>>>> RAILS_ENV=production ts:index > > >>>>> On May 23, 10:20 am, Elad Meidar <[email protected]> wrote: > >>>>>> well, the rake tasks are run by the deploying user, which is > >>>>>> 'web' > > >>>>>> but i think that there are some cron tasks (--rotate for example) > >>>>>> that > >>>>>> are run by 'root' > > >>>>>> i'll move everything to 'web' and i'll see where it's heading. > > >>>>>> Thnx. > > >>>>>> On May 23, 2:19 am, James Healy <[email protected]> wrote: > > >>>>>>> Pat Allan wrote: > >>>>>>>> You need the web server and the rake tasks to be run by the > >>>>>>>> same > >>>>>>>> user > >>>>>>>> - either both by root, or some other user of your choice. This > >>>>>>>> should > >>>>>>>> avoid any permissions issues. > > >>>>>>>> The *easiest* way is probably to run the rake tasks with sudo - > >>>>>>>> not > >>>>>>>> convinced that's the *best* way though. Others may know > >>>>>>>> better :) > > >>>>>>> As a general rule you really don't want to run internet > >>>>>>> accessible > >>>>>>> daemons as root. > > >>>>>>> I personally use the Debian convention of www-data user and > >>>>>>> group > >>>>>>> for my > >>>>>>> webserver, mongrels and cron triggered rake tasks. It doesn't > >>>>>>> matter too > >>>>>>> much which user you use, just pick or create one with reduced > >>>>>>> privileges. You want to minimise the impact of a malicious user > >>>>>>> finding > >>>>>>> an exploitable bug in the prcess. > > >>>>>>> -- James Healy <jimmy-at-deefa-dot-com> Sat, 23 May 2009 > >>>>>>> 16:14:36 > >>>>>>> +1000 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en -~----------~----~----~----~------~----~------~--~---
