Capistrano deploy:setup works but not deploy:check - deployment

Testing capistrano with a simple recipe.
$ cap deploy:setup
* executing `deploy:setup'
* executing "sudo -p 'sudo password: ' mkdir -p /u/apps/ [..]
[..]
deploy:setup works as exprected.
However
$ cap deploy:check
* executing `deploy:check'
* executing "test -d /u/apps/[..]
[..]
When running deploy:check I get the following error:
The following dependencies failed. Please check them and try again:
--> You do not have permissions to write to `/u/apps/
[..]
--> `/u/apps/app/shared is not writable [..]
It seems that capistrano is not using sudo while in deploy:check mode.
I don't get it!
While in deploy:setup the whole directory structure was created by capistrano without any issue?
Why capistrano doesn't use sudo as in deploy:check?

I also ran into this issue and it turned out capistrano was creating all of the folders under the <user> group except for the shared folder. SSH onto your server and do a long listing ls -l. If you see - root - root - for the shared folder, you'll just need to update the permissions on the folder:
sudo chown <user> shared
sudo chgrp <user> shared

I ran into the same issue: the trick is to explicitly configure Capistrano not to use sudo.
You can turn that off in your deploy.rb file with:
set :use_sudo, false
If you need to use sudo, how about using the sudo DSL Action Invocation in your commands:
run "#{sudo} apachectl restart"

Related

deleting files in /var/lib/postgresql/12/main while attempting to replication in postresql

I am new to postgres and was following this tutorial for setting Up Physical Streaming Replication with PostgreSQL
In step 3 while running the following command:
sudo -u postgres rm -r /var/lib/postgresql/12/main/*
I was getting the following error
rm: cannot remove '/var/lib/postgresql/12/main/*': No such file or directory
while the /var/lib/postgresql/12/main/ clearly had many files if explored manually.
In desperation, I deleted all the files inside /var/lib/postgresql/12/main/ manually and now any of the further steps are not working.
I have even tried to uninstall and install postgresql-12 using
sudo apt-get --purge remove postgresql
and
sudo apt -y install postgresql-12 postgresql-client-1 respectively
I have even tried doing the whole process again from start and while running the following command:
sudo -u postgres psql
sudo pg_ctlcluster 12 main start
I got this error:
Job for postgresql#12-main.service failed because the service did not take the steps required by its unit configuration.
See "systemctl status postgresql#12-main.service" and "journalctl -xe" for details.
while resolving the above issue using :
sudo chown postgres.postgres /var/lib/postgresql/12/main/global/pg_internal.init
I got this error...
chown: cannot access '/var/lib/postgresql/12/main/global/pg_internal.init': No such file or directory
I think this is happening because of the manual deletion of all the files and folder in
/var/lib/postgresql/12/main/
Any help is much appreciated
Thanks
The glob * is evaluated by your regular user before the sudo is invoked, but your regular user can't see into that directory. So what gets sent to the postgres user is an order to remove the file with the literal name of '/var/lib/postgresql/12/main/*', which doesn't exist. You would need to have your shell that evaluated the glob be postgres, so it can see what it is doing before invoking rm. Something like:
sudo -u postgres bash -c 'rm -r /var/lib/postgresql/12/main/*'
For the rest of it, you didn't give enough details to know what is going on, like what was in the logs, or what were the directory listings at the time your command failed.

VS Code: NoPermissions (FileSystemError): Error: EACCES: permission denied

I'm trying to save a file called app.js on a folder called js.
Vs Code pop up this:
Failed to save 'app.js': Unable to write file 'vscode-remote://wsl+ubuntu-18.04/js/app.js'
(NoPermissions (FileSystemError): Error: EACCES: permission denied, mkdir '/js')
I tried:
sudo chown -R user /mnt/c/Users/myUser/Documents/myFolder/proyectFolder
but I still can't save this file.
Try this, fixed it for me
sudo chown -R username path
Example:
sudo chown -R emanuel /home/emanuel/test/
In the SSH terminal:
Recommended :
sudo chmod -R 777 folder_name_where_your_file_exists
or
sudo chmod -R 755 folder_name_where_your_file_exists
this works for me
sudo chown -R $USER:$USER /home/
TLDR;
If you're using a docker container, avoid making files from within the container because the owner and group permissions may cause problems with your editor (in my case VS Code)
I was running docker container for a Django project from Windows Terminal and using VS Code to edit my code.
It is a Linux file (since everything in Linux is a file) permission problem that arises because the files don't have proper user and/or group permissions. So VS Code tries to tell us that.
The problem I found only happened when I created files from within my docker container.
I would run docker exec ... bash
make new files using touch /path/to/file from the container bash
then try to edit those files on VS Code (say urls.py) only to get the scary permissions error preventing the file from saving.
I suspect that making files from within the container embellishes those files with different owner and group settings than your system would default to if you just ran the commands locally (not in the container).
Changing the file permissions with chown -hR and chgrp -hR would do the trick but to avoid the error altogether I stopped making files from within the container.
Try activating polling:
This worked for me during I tried using wsl.
The below is for individual file:
sudo chown yourUserNAme filename
For an entire directory it will be (when you write ls to terminal, you should see your directory to execute this command):
sudo chown yourUserNAme dirName
For recursive (i.e files and folders inside a folder):
sudo chown -R yourUserNAme dirName
Note: yourUserNAme is, if you do pwd under any Documents, you will see the path: /home/jhon/Documents. Here user is jhon.
Run VS Code as administrator and it will fix the problem.
https://answers.microsoft.com/en-us/windows/forum/all/error-in-vs-code-destination-directory-and-says/e70dc626-6b12-4791-a960-8b704e57098d
Install the extension Save as Root in Remote SSH in VS code.
While saving press Ctrl + Shift + P.
This open the command palette.
Search Save as Root
It is a Linux user permissions problem.
you should use the command:
sudo chown -R $USER:$USER.

Gitlab-runner failed to remove permission denied

I'm setting up a CI/CD pipeline with Gitlab. I've installed gitlab-runner on a Digital Ocean Ubuntu 18.04 droplet and gave permissions in /etc/sudoers to the gitlab-runner as:
gitlab-runner ALL=(ALL:ALL)ALL
The first commit to the associated repository correctly build the docker-compose (the app itself is Django+postgres), but following commits are not able to clean previous builds and fail:
Running with gitlab-runner 12.8.0 (1b659122)
on ubuntu-s-4vcpu-8gb-fra1-01 52WypZsE
Using Shell executor...
00:00
Running on ubuntu-s-4vcpu-8gb-fra1-01...
00:00
Fetching changes with git depth set to 50...
00:01
Reinitialized existing Git repository in /home/gitlab-runner/builds/52WypZsE/0/lorePieri/djangocicd/.git/
From https://gitlab.com/lorePieri/djangocicd
* [new ref] refs/pipelines/120533457 -> refs/pipelines/120533457
0072002..bd28ba4 develop -> origin/develop
Checking out bd28ba46 as develop...
warning: failed to remove app/staticfiles/admin/img/selector-icons.svg: Permission denied
warning: failed to remove app/staticfiles/admin/img/search.svg: Permission denied
warning: failed to remove app/staticfiles/admin/img/icon-alert.svg: Permission denied
warning: failed to remove app/staticfiles/admin/img/tooltag-arrowright.svg: Permission denied
warning: failed to remove app/staticfiles/admin/img/icon-unknown-alt.svg: Permission denied
This is the relevant portion of the .gitlab-ci.yml file:
image: docker:latest
services:
- docker:dind
stages:
- test
- deploy_staging
- deploy_production
step-test:
stage: test
before_script:
- export DYNAMIC_ENV_VAR=DEVELOP
only:
- develop
tags:
- develop
script:
- echo running tests in $DYNAMIC_ENV_VAR
- sudo apt-get install -y python-pip
- sudo pip install docker-compose
- sudo docker image prune -f
- sudo docker-compose -f docker-compose.yml build --no-cache
- sudo docker-compose -f docker-compose.yml up -d
- echo do tests now
- sudo docker-compose exec -T web python3 -m coverage run --source='.' manage.py test
...
What I've tried:
usermod -aG docker gitlab-runner
sudo service docker restart
The best solution for me was adding
pre_clone_script = "sudo chown -R gitlab-runner:gitlab-runner ."
into /etc/gitlab-runner/config.toml
Even if you won't have permissions after a previous job it'll set correct permissions before cleaning up the workdir and cloning the repo.
I would recommend setting a GIT_STRATEGY to none in the afflicted job.
I have had the exact same problem. Therefore I will explain how it was resolved in details.
Try finding your config.toml file and run the gitlab-runner command with root privileges, since permission denied is a very common UNIX-based operating systems error.
After finding the location of config.toml pass it:
sudo gitlab-runner run --config <absolute_location_of_config_toml>
P.S. You can find all config.toml file easily using locate config.toml command. Make sure you have already installed by executing sudo apt-get install mlocate
After facing to permission denied error, I have tried using sudo gitlab-runner run instead of gitlab-runner, but it has its own problem:
ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such
file or directory builds=0
while executing gitlab-runner without root permissions doesn't have any config file problem.
Try implementing the ways and solutions as #Grumbanks and #vlad-Mazurkov mentioned. But they didn't work properly.
It MAY be because you write a file in cloned out codebase. What I do is simply create another directory outside of gitlab-runner directory:
WORKSPACE_DIR="/home/abcd_USER/a/b"
rm -rf $WORKSPACE_DIR
mkdir -p $WORKSPACE_DIR
cd $WORKSPACE_DIR
ls -la
git clone ..................
AND DO whatever
I never faced the issue again.

Jenkins pipeline with docker: run docker as specific user (embedded postgresql

Hi Stack Overflow community!
I have a maven - java project which needs to be build with jenkins pipelines.
To do so, I've configured the job using the docker image maven:3.3.3. Everything works, except for the fact that I use ru.yandex.qatools.embed:postgresql-embedded. This works locally, but on jenkins it complains about starting Postgres:
2019-02-08 09:31:20.366 WARN 140 --- [ost-startStop-1] r.y.q.embed.postgresql.PostgresProcess: Possibly failed to run initdb:
initdb: cannot be run as root
Please log in (using, e.g., "su") as the (unprivileged) user that will own the server process.
2019-02-08 09:31:40.999 ERROR 140 --- [ost-startStop-1] r.y.q.embed.postgresql.PostgresProcess: Failed to read PID file (File '/var/.../target/database/postmaster.pid' does not exist)
java.io.FileNotFoundException: File '/var/.../target/database/postmaster.pid' does not exist
Apparently, Postgres does not allow to be run with superuser privileges for security reasons.
I've tried to run as a user by creating my own version of the docker-image and adding the following to the DockerFile:
RUN useradd myuser
USER myuser
And this works when I start the docker image from the server's terminal. But by using jenkins pipeline, whoami still prints 'root', which suggests that Jenkins Pipeline uses run -u behind the schemes, which would overrule the DockerFile?
My pipeline job is currently as simple as this:
pipeline {
agent {
docker {
image 'custom-maven:1'
}
}
stages {
stage('Checkout') {
...
}
stage('Build') {
steps {
sh 'whoami'
sh 'mvn clean install'
}
}
}
}
So, my question: How do I start this docker image as a different user? Or switch users before running mvn clean install?
UPDATE:
By adding -u myuser as args in jenkins pipeline, I do log in as the correct user, but then the job can't access the jenkins-log file (and hopefully that's the only problem). The user myuser is added to the group root, but this makes no differece:
agent {
docker {
image 'custom-maven:1'
args '-u myuser'
}
}
And the error:
sh: 1: cannot create /var/.../jenkins-log.txt: Permission denied
sh: 1: cannot create /var/.../jenkins-result.txt.tmp: Permission denied
mv: cannot stat ‘/var/.../jenkins-result.txt.tmp’: No such file or directory
touch: cannot touch ‘/var/.../jenkins-log.txt’: Permission denied
I have solved the issue in our case. What I did was sudo before the mvn command. Keep in mind that every sh step has his own shell, so you need to do sudo in each sh step:
sh 'sudo -u <youruser> mvn <clean or whatever> -f <path/to/pomfile.xml>'
The user must be created in the Dockerfile. I've created it without password, but I don't think it matters since you are root...
You must use sudo instead of switching user or something since otherwise you need to provide a password.
This is far from a clean way... I would suggest to not mess with user-switching unless you really need to (like to run a embedded postgres)
#Thomas Stubbe
I got almost the same error as you mentioned above. I also have an image which has postgresql on it. On the Dockerfile I have created an user named like tdv, and use id command on Container check tdv permission was 1000:1000. I can Start the Container though Jenkins pipeline but it failed to execute sh command, even I add sudo -u tdv for each command. Did you did any other configuration?
My Jenkins Pileline script like following:
pipeline{
agent none
stages{
stage('did operation inside container'){
agent {
docker{
image 'tdv/tdv-test:8.2'
label 'docker_machine'
customWorkspace "/opt/test"
registryUrl 'https://xxxx.xxxx.com'
registryCredentialsId '8269c5cd-321e-4fab-919e-9ddc12b557f3'
args '-u tdv --name tdv-test -w /opt/test -v /opt/test:/opt/test:rw,z -v /opt/test#tmp:/opt/test#tmp:rw,z -p 9400:9400 -p 9401:9401 -p 9402:9402 -p 9403:9403 -p 9407:9407 -p 9303:9303 --cpus=2.000 -m=4g xxx.xxx.com/tdv/tdv-test:8.2 tdv.server'
}
}
steps{
sh 'sudo tdv whoami'
sh 'sudo tdv pwd'
sh 'sudo tdv echo aaa'
}
}
}
}
After the Job run, I can check the Container start up actually. but it still get error like following
$ docker top f1140072d77c5bed3ce43a5ad2ab3c4be24e8c32cf095e83c3fd01a883e67c4e -eo pid,comm
ERROR: The container started but didn't run the expected command. Please double check your ENTRYPOINT does execute the command passed as docker run argument, as required by official docker images (see https://github.com/docker-library/official-images#consistency for entrypoint consistency requirements).
Alternatively you can force image entrypoint to be disabled by adding option `--entrypoint=''`.
[Pipeline] {
[Pipeline] sh
sh: /opt/test#tmp/durable-081990da/jenkins-log.txt: Permission denied
sh: /opt/test#tmp/durable-081990da/jenkins-result.txt.tmp: Permission denied
touch: cannot touch ‘/opt/test#tmp/durable-081990da/jenkins-log.txt’: Permission denied
mv: cannot stat ‘/opt/test#tmp/durable-081990da/jenkins-result.txt.tmp’: No such file or directory
touch: cannot touch ‘/opt/test#tmp/durable-081990da/jenkins-log.txt’: Permission denied
touch: cannot touch ‘/opt/test#tmp/durable-081990da/jenkins-log.txt’: Permission denied
Solution
You currently have sh 'sudo tdv whoami'
I think you should add the -u flag after sudo like that:
sh 'sudo -u tdv whoami'

Capistrano Deployment: a Task before `deploy:finalize_update` Is not Executed

I'm using Capistrano v2.13.4 for deployment.
A Capistrano task (deploy:special_treats) before deploy:finalize_update is not executed.
The task deploy:special_treats does some preparation (setup the internet access) for bundle:install, otherwise, bundle:install will not be able to reach the Internet ([out :: servername] Could not reach https://rubygems.org/
In config/deploy.rb
before 'deploy:finalize_update', 'deploy:special_treats'
and
namespace :deploy do
task :special_treats do
run "echo 'something special treats: setup the Internet access'"
end
end
The result for cap deploy:update
$ cap deploy:update
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
executing locally: "svn info https://svnlinks --username username --password password --no-auth-cache -rHEAD"
command finished in 10336ms
* getting (via export) revision 33268 to /tmp/20120927171608
executing locally: svn export -q --username username --password password --no-auth-cache -r33268 https://svnlinks /tmp/20120927171608
command finished in 79314ms
* processing exclusions...
* Compressing /tmp/20120927171608 to /tmp/20120927171608.tar.gz
executing locally: tar czf 20120927171608.tar.gz 20120927171608
command finished in 1401ms
servers: ["servername"]
** sftp upload /tmp/20120927171608.tar.gz -> /tmp/20120927171608.tar.gz
[servername] /tmp/20120927171608.tar.gz
[servername] done
* sftp upload complete
* executing "cd /usr/website/rr/releases && tar xzf /tmp/20120927171608.tar.gz && rm /tmp/20120927171608.tar.gz"
servers: ["servername"]
[servername] executing command
command finished in 774ms
* executing `deploy:finalize_update'
triggering before callbacks for `deploy:finalize_update'
* executing `bundle:install'
* executing "cd /usr/website/rr/releases/20120927171608 && bundle install --gemfile /usr/website/rr/releases/20120927171608/Gemfile --path /usr/website/rr/shared/bundle --deployment --quiet --without development
test"
servers: ["servername"]
[servername] executing command
** [out :: servername] Could not reach https://rubygems.org/
command finished in 1403ms
*** [deploy:update_code] rolling back
* executing "rm -rf /usr/website/rr/releases/20120927171608; true"
servers: ["servername"]
[servername] executing command
command finished in 344ms
failed: "rvm_path=$HOME/.rvm/ $HOME/.rvm/bin/rvm-shell '1.9.3-p194' -c 'cd /usr/website/rr/releases/20120927171608 && bundle install --gemfile /usr/website/rr/releases/20120927171608/Gemfile --path
/usr/website/rr/shared/bundle --deployment --quiet --without development test'" on servername
I just had the same issue but in the after deploy:finalize_update trigger. The difference is that my script works in another machine for a long time.
I don't have capistrano locked as a gem in the Gemfile, so I tried reverting to the same version of the working machine which is 2.6.0 but that did not fix it.
After some research and several trials, I have found some issues at the github project like this that leads to that but looks like folks can't fully reproduce it.
I have then headed to the docs and browsing I found that Capistrano behaviors have been affected by recent changes on the 0.9.x versions of rake that have to do with namespace conflicts as you can see in this brief and tiny note that can be found at the deploy:create_symlink section of Capistrano Tasks wiki page
I did not have time to fix the script to work with latest versions of both rake and capistrano but I was able to have it back working on a different machine by reverting rake to version 0.8.7.
I hope this can get you going and provide some clues towards the solution.