systemd cannot start the backend due to cache signing key
mightybyte opened this issue · comments
In GitLab by @MichaelXavier on Aug 1, 2019, 18:26
After deploying to an EC2 machine running the latest nixos image (ami ami-0efc58fb70ae9a217
via https://nixos.org/nixos/download.html on us-east-1). nginx seems to start but the backend repeatedly fails while generating the cache signing key. From /var/lib/backend
, tailing the logs I get the following again and again:
==> backend.err <==
backend: zeus-cache-key.sec: renameFile:renamePath:rename: permission denied (Permission denied)
==> backend.out <==
read settings: BackendSettings {_beSettings_webhookBaseUrl = Nothing, _beSettings_ipWhitelist = [Cidr {_cidrIp = 2274085441, _cidrMask = 32}]}
Generating cache signing key
/nix/store/mzrh3y44sqrxrbb0xba5li9y838ndyxs-nix-2.1.3/bin/nix-store --generate-binary-cache-key zeus.soostonelabs.com-1 zeus-cache-key.sec zeus-cache-key.pub
Both files are owned by backend
, which seems to be the user that ought to be running this. zeus-cache-key.sec
is chmodded to 600. Running the command that it is trying to run doesn't seem to complain:
su -s /run/current-system/sw/bin/bash -c '/nix/store/mzrh3y44sqrxrbb0xba5li9y838ndyxs-nix-2.1.3/bin/nix-store --generate-binary-cache-key zeus.soostonelabs.com-1 zeus-cache-key.sec zeus-cache-key.pub' backend
exits with 0.
In GitLab by @MichaelXavier on Aug 1, 2019, 18:39
BTW it looks like if you run backend
manually once, this issue clears and systemctl is able to run it in the future.
In GitLab by @mightybyte on Aug 16, 2019, 23:04
I believe this is fixed now. Thanks for the report.
In GitLab by @mightybyte on Aug 16, 2019, 23:04
closed