1

Topic: uwsgi permissions problem

Hello,

I work with iRedMail many for years, but today I faced with the following problem on new instalation on Centos 7:

uwsgi report to logs error :  uwsgi: [emperor-tyrant] invalid permissions for vassal iredadmin.ini

So uwsgi do not run and I can not login to iredadmin

Please help.

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.92
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: uwsgi permissions problem

Could you please show us content of file /etc/uwsgi.ini and /etc/uwsgi.d/iredadmin.ini?

3

Re: uwsgi permissions problem

uwsgi.ini

[uwsgi]
uid = uwsgi
gid = uwsgi
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
cap = setgid,setuid

iredadmin.ini

[uwsgi]
plugins = python
vhost = true
socket = /run/uwsgi/iredadmin.socket
pidfile = /run/uwsgi/iredadmin.pid
chown-socket = nginx:nginx
chmod-socket = 660
uid = iredadmin
gid = iredadmin
enable-threads = true

4

Re: uwsgi permissions problem

Comment out 'uid=' and 'gid=' in /etc/uwsgi.ini, then try again.

5

Re: uwsgi permissions problem

Now after  uwsgi restart I get the following errors :

*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
uwsgi: bind(): Permission denied [core/socket.c line 230
uwsgi: The Emperor has been buried (pid: 3162)
uwsgi: ...brutally killing workers...
systemd: uwsgi.service: main process exited, code=exited, status=1/FAILURE
systemd: Unit uwsgi.service entered failed state.

6

Re: uwsgi permissions problem

petera wrote:

*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***

Did you start uwsgi service from command line, or with 'systemctl' command?

7

Re: uwsgi permissions problem

first I reboot the system, iredadmin I didn't work then I typed service uwsgi  restart

8

Re: uwsgi permissions problem

I got a similar problem with my fresh iRedMail 0.9.2 install on CentOS7 but could solve it by editing the systemd service file:

Changed "Type=notify" to "Type=forking"

I'am not a uwsgi or python guy at all but for me it looks like uwsgi simple changed its default startup dehavior from "foreground" (with notify) to "background" (with fork()). Could be some other config-related problem but as a hotfix it works quite well.

I hope this was usefull

9 (edited by petera 2015-09-01 22:51:57)

Re: uwsgi permissions problem

It works, but I think it is not good idea to make this global change to systemd .
I expect that all users on Centos 7 will faced with this problem with 0.92 ver.
Maybe better idia is to make changes to iRedAdmin.

10

Re: uwsgi permissions problem

Maybe it's better to ask uwsgi RPM maintainer to change systemd file?

11

Re: uwsgi permissions problem

systemd works fine with other daemons, I think the problem is with centos 7 and iRedMail's uwsgi config.

12

Re: uwsgi permissions problem

Could you please try to comment out 'daemonize =' line in /etc/uwsgi.ini and try again with default systemd setting?

13

Re: uwsgi permissions problem

[uwsgi]
Unfortunately I didn't find this line in uwsgi.ini.

I have only this :

uid = uwsgi
gid = uwsgi
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
cap = setgid,setuid

14

Re: uwsgi permissions problem

petera wrote:

[uwsgi]
Unfortunately I didn't find this line in uwsgi.ini.

I have only this :

uid = uwsgi
gid = uwsgi
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
cap = setgid,setuid

Update uwsgi config file: http://www.iredmail.org/docs/upgrade.ir … gi-package

But after update, you need to comment out 'daemonize =' line in /etc/uwsgi.ini

My configs

# cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core) 
# cat /lib/systemd/system/uwsgi.service
[Unit]
Description=uWSGI Emperor Service
After=syslog.target

[Service]
EnvironmentFile=-/etc/sysconfig/uwsgi
ExecStartPre=/bin/mkdir -p /run/uwsgi
ExecStartPre=/bin/chown uwsgi:uwsgi /run/uwsgi
ExecStart=/usr/sbin/uwsgi --ini /etc/uwsgi.ini
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=always
Type=notify
StandardError=syslog
NotifyAccess=all

[Install]
WantedBy=multi-user.target
# cat /etc/uwsgi.ini
[uwsgi]

# Run in background and log to file
#daemonize = /var/log/uwsgi/uwsgi.log

# try to autoload appropriate plugin if "unknown" option has been specified
autoload = true

# enable master process manager
master = true

# spawn 2 uWSGI worker processes
workers = 2

# automatically kill workers on master's death
no-orphans = true

# write master's pid in file
pidfile = /run/uwsgi/uwsgi.pid

# bind to UNIX socket file
socket = /var/run/uwsgi.socket

# set mode of created UNIX socket
chmod-socket = 660

# place timestamps into log
log-date = true

# user identifier of uWSGI processes
#uid = uwsgi

# group identifier of uWSGI processes
#gid = uwsgi

# multi-app deployment
emperor = /etc/uwsgi.d
emperor-tyrant = false
# cat /etc/uwsgi.d/iredadmin.ini
[uwsgi]
plugins = python
vhost = true
socket = /run/uwsgi/iredadmin.socket
pidfile = /run/uwsgi/iredadmin.pid
chown-socket = nginx:nginx
chmod-socket = 660
uid = iredadmin
gid = iredadmin
enable-threads = true

15

Re: uwsgi permissions problem

vsolomatin wrote:

But after update, you need to comment out 'daemonize =' line in /etc/uwsgi.ini

If you don't have 'daemonize =' in /etc/uwsgi.ini, system will hang on uwsgi service during reboot. that's not good.

16

Re: uwsgi permissions problem

ZhangHuangbin wrote:
vsolomatin wrote:

But after update, you need to comment out 'daemonize =' line in /etc/uwsgi.ini

If you don't have 'daemonize =' in /etc/uwsgi.ini, system will hang on uwsgi service during reboot. that's not good.

I don't have this problem. After reboot server I see login screen and I cat restart uwsgi service

[root@mx ~]# ps axu| grep uwsgi | grep -v grep
root       481  0.0  0.0  60384  3388 ?        Ss   18:20   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
root       494  0.0  0.0  59932  1208 ?        S    18:20   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
root       495  0.0  0.0  60384   968 ?        S    18:20   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
root       496  0.0  0.0  60384   968 ?        S    18:20   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
iredadm+   497  0.0  0.1 174044  6804 ?        S    18:20   0:00 /usr/sbin/uwsgi --ini iredadmin.ini
iredadm+   498  0.0  0.1 193404  5968 ?        S    18:20   0:00 /usr/sbin/uwsgi --ini iredadmin.ini
[root@mx ~]# systemctl status uwsgi.service
uwsgi.service - uWSGI Emperor Service
   Loaded: loaded (/usr/lib/systemd/system/uwsgi.service; enabled)
   Active: active (running) since Wed 2015-09-02 18:20:37 GST; 1min 59s ago
  Process: 475 ExecStartPre=/bin/chown uwsgi:uwsgi /run/uwsgi (code=exited, status=0/SUCCESS)
  Process: 467 ExecStartPre=/bin/mkdir -p /run/uwsgi (code=exited, status=0/SUCCESS)
 Main PID: 481 (uwsgi)
   Status: "The Emperor is governing 1 vassals"
   CGroup: /system.slice/uwsgi.service
           ├─481 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
           ├─494 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
           ├─495 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
           ├─496 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
           ├─497 /usr/sbin/uwsgi --ini iredadmin.ini
           └─498 /usr/sbin/uwsgi --ini iredadmin.ini

Sep 02 18:20:37 mx.example.com uwsgi[481]: your server socket listen backlog is limited to 100 connections
Sep 02 18:20:37 mx.example.com uwsgi[481]: your mercy for graceful operations on workers is 60 seconds
Sep 02 18:20:37 mx.example.com uwsgi[481]: mapped 145536 bytes (142 KB) for 1 cores
Sep 02 18:20:37 mx.example.com uwsgi[481]: *** Operational MODE: single process ***
Sep 02 18:20:37 mx.example.com uwsgi[481]: *** no app loaded. going in full dynamic mode ***
Sep 02 18:20:37 mx.example.com uwsgi[481]: *** uWSGI is running in multiple interpreter mode ***
Sep 02 18:20:37 mx.example.com uwsgi[481]: spawned uWSGI master process (pid: 497)
Sep 02 18:20:37 mx.example.com uwsgi[481]: Wed Sep  2 18:20:37 2015 - [emperor] vassal iredadmin.ini has been spawned
Sep 02 18:20:37 mx.example.com uwsgi[481]: spawned uWSGI worker 1 (pid: 498, cores: 1)
Sep 02 18:20:37 mx.example.com uwsgi[481]: Wed Sep  2 18:20:37 2015 - [emperor] vassal iredadmin.ini is ready to accept requests
[root@mx ~]# systemctl stop uwsgi.service
[root@mx ~]# ps axu| grep uwsgi | grep -v grep
[root@mx ~]# systemctl status uwsgi.service
uwsgi.service - uWSGI Emperor Service
   Loaded: loaded (/usr/lib/systemd/system/uwsgi.service; enabled)
   Active: inactive (dead) since Wed 2015-09-02 18:22:45 GST; 9s ago
  Process: 481 ExecStart=/usr/sbin/uwsgi --ini /etc/uwsgi.ini (code=exited, status=0/SUCCESS)
  Process: 475 ExecStartPre=/bin/chown uwsgi:uwsgi /run/uwsgi (code=exited, status=0/SUCCESS)
  Process: 467 ExecStartPre=/bin/mkdir -p /run/uwsgi (code=exited, status=0/SUCCESS)
 Main PID: 481 (code=exited, status=0/SUCCESS)
   Status: "The Emperor is buried."

Sep 02 18:22:42 mx.example.com uwsgi[481]: goodbye to uWSGI.
Sep 02 18:22:43 mx.example.com uwsgi[481]: Wed Sep  2 18:22:43 2015 - [emperor] removed uwsgi instance iredadmin.ini
Sep 02 18:22:43 mx.example.com uwsgi[481]: Wed Sep  2 18:22:43 2015 - waiting for Emperor death...
Sep 02 18:22:44 mx.example.com uwsgi[481]: Wed Sep  2 18:22:44 2015 - The Emperor is buried.
Sep 02 18:22:44 mx.example.com uwsgi[481]: Wed Sep  2 18:22:44 2015 - waiting for Emperor death...
Sep 02 18:22:45 mx.example.com uwsgi[481]: Wed Sep  2 18:22:45 2015 - The Emperor has been buried (pid: 494)
Sep 02 18:22:45 mx.example.com uwsgi[481]: Wed Sep  2 18:22:45 2015 - worker 1 buried after 4 seconds
Sep 02 18:22:45 mx.example.com uwsgi[481]: Wed Sep  2 18:22:45 2015 - worker 2 buried after 4 seconds
Sep 02 18:22:45 mx.example.com uwsgi[481]: Wed Sep  2 18:22:45 2015 - goodbye to uWSGI.
Sep 02 18:22:45 mx.example.com systemd[1]: Stopped uWSGI Emperor Service.
[root@mx ~]# systemctl start uwsgi.service
[root@mx ~]# ps axu| grep uwsgi | grep -v grep
root      1762  0.0  0.0  60384  3388 ?        Ss   18:23   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
root      1764  0.0  0.0  59932  1212 ?        S    18:23   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
iredadm+  1765  0.3  0.1 174044  6808 ?        S    18:23   0:00 /usr/sbin/uwsgi --ini iredadmin.ini
root      1766  0.0  0.0  60384   968 ?        S    18:23   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
root      1767  0.0  0.0  60384   968 ?        S    18:23   0:00 /usr/sbin/uwsgi --ini /etc/uwsgi.ini
iredadm+  1768  0.0  0.1 193404  5972 ?        S    18:23   0:00 /usr/sbin/uwsgi --ini iredadmin.ini

I had similar problems and solved them by commenting out 'daemonize =' line in /etc/uwsgi.ini
I read this topic http://www.iredmail.org/forum/topic9459 … inpro.html

CentOS version 7.1.1503