Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Varnish 4.1 Ubuntu package breaks varnishncsa and varnishlog due to missing permissions #1947

Closed
Yggdrasil opened this issue May 11, 2016 · 1 comment
Closed

Varnish 4.1 Ubuntu package breaks varnishncsa and varnishlog due to missing permissions #1947

Yggdrasil opened this issue May 11, 2016 · 1 comment

Comments

@Yggdrasil
Copy link

Yggdrasil commented May 11, 2016
edited
Loading

I´m having trouble upgrading Varnish 4.0 to 4.1 on Ubuntu 12.04 and 14.04. So, I tried a clean install of 4.1 on a new VM and it fails too.

Expected Behavior

The varnish daemon correctly starts out-of-the-box. Then the optional varnishncsa service is enabled (was already enabled when upgrading or is enabled on a clean install) via the variable VARNISHNCSA_ENABLED=1 in file /etc/default/varnishncsa.

When I try to start the service via service varnishncsa start the varnishncsa daemon should start running in the background.

Current Behavior

When I try to start the service via service varnishncsa start it fails to start.

root@test01:~# service varnishncsa start
 * Starting HTTP accelerator log deamon                                [fail]
Can't open log - retrying for 5 seconds
Can't open VSM file (Cannot open /var/lib/varnish/test01/_.vsm: Permission denied
)

Possible Solution

The VSM-file´s permissions are:
-rw-r----- 1 root varnish 84934656 May 11 14:58 /var/lib/varnish/test01/_.vsm
when they used to be root:root in Varnish 4.0.

According to https://www.varnish-cache.org/docs/trunk/whats-new/changes.html:

varnishlog, varnishncsa and other Varnish shared log utilities now must be run in a context with varnish group membership.

So, the package should fix group membership on upgrade and installation by adding the user varnishlog to the group varnish, before attempting to start the varnishlog and varnishncsa daemons.

Steps to Reproduce (for bugs)

  1. Start an Ubuntu 14.04 VM
  2. apt-get install apt-transport-https
  3. curl https://repo.varnish-cache.org/GPG-key.txt | apt-key add -
  4. echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1" >> /etc/apt/sources.list.d/varnish-cache.list
  5. apt-get update && apt-get install varnish
  6. echo "VARNISHNCSA_ENABLED=1" > /etc/default/varnishncsa
  7. service varnishncsa start

Context

Upgrading from Varnish 4.0 to 4.1 failed because we had enabled the varnishncsa service.

root@test01:/var/lib/varnish/test01# apt full-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libvarnishapi1 varnish
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/588 kB of archives.
After this operation, 113 kB of additional disk space will be used.
Do you want to continue? [Y/n]
(Reading database ... 95839 files and directories currently installed.)
Preparing to unpack .../libvarnishapi1_4.1.2-2~trusty_amd64.deb ...
Unpacking libvarnishapi1 (4.1.2-2~trusty) over (4.0.3-5~trusty) ...
Preparing to unpack .../varnish_4.1.2-2~trusty_amd64.deb ...
 * Stopping HTTP accelerator log deamon varnishncsa                                                                                         [ OK ]
 * Stopping HTTP accelerator
varnishd                                                                                               [ OK ]
Unpacking varnish (4.1.2-2~trusty) over (4.0.3-5~trusty) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up libvarnishapi1 (4.1.2-2~trusty) ...
Setting up varnish (4.1.2-2~trusty) ...
Installing new version of config file /etc/init.d/varnish ...

Configuration file '/etc/varnish/default.vcl'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
 ==> Keeping old config file as default.
 * Starting HTTP accelerator
varnish                                                                                               [ OK ]
 * Starting HTTP accelerator log deamon
varnishncsa                                                                                        [fail]
Can't open log - retrying for 5 seconds
Can't open VSM file (Cannot open /var/lib/varnish/test01/_.vsm: Permission denied
)
invoke-rc.d: initscript varnishncsa, action "start" failed.
dpkg: error processing package varnish (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for libc-bin (2.19-0ubuntu6.7) ...
Processing triggers for ureadahead (0.100.0-16) ...
Errors were encountered while processing:
 varnish
E: Sub-process /usr/bin/dpkg returned an error code (1)

Your Environment
@Yggdrasil Yggdrasil changed the title Varnish 4.1 Ubuntu package doesn't add user varnishlog to varnish group Varnish 4.1 Ubuntu package breaks varnishncsa and varnishlog due to missing permissions May 11, 2016
@gquintard gquintard mentioned this issue May 11, 2016
Closed
@gquintard
Copy link
Member

This is a packaging issue, moved here: varnishcache/pkg-varnish-cache#27

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Yggdrasil @lkarsten @gquintard