Bug 2101076
| Summary: | ATS does not start due to lack of capabilities | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | customercare |
| Component: | trafficserver | Assignee: | Jered Floyd <jered> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 35 | CC: | jered, zrhoffman |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-06-25 10:08:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
it collided with an old installation of ATS 5.x from Fedora. Some files in /run/trafficserver /var/log/trafficserver etc. did not have the desired owner or mods to be processed. Workaround: remove/chown old files or prefered way, because you do not forget a file: deinstall trafficserver change ID of user trafficserver to the old id in passwd/group install trafficserver again also ..
trafficserver seems to call a non-existent script:
[pid 15115] execve("/usr/bin/example_alarm_bin.sh", ["example_alarm_bin.sh", "[TrafficManager] Traffic Server process was reset."], 0x55d49c30ceb0 /* 41 vars */ <unfinished ...>
=> this script is not configured in the configs, it's hardcoded as it looks. <=
WORKAROUND FOR DEBUGPROBLEM: In case someone stumples over this bugreport and has this problem: After configuring it to listen on port 80 and 443: 2022-06-25T11:47:39.661694+02:00 s113 traffic_manager[18736]: Fatal: [bindProxyPort] Unable to bind socket: 80 : Permission denied 2022-06-25T11:47:39.661795+02:00 s113 traffic_manager[18736]: Fatal: [bindProxyPort] Unable to bind socket: 80 : Permission denied you messed up the caps while debugging the first "Fatal: failed to acquire privileged capabilities: Operation not permitted" message. That were not cap_net* issues, it was fileaccess issues. if you played with setcap reinstall the package and use systemd too start it. It sets the needed bind_service cap on startup. manuell FIX for any none-fedora user: setcap "cap_net_bind_service+ep" /usr/bin/traffic_manager (In reply to customercare from comment #2) > also .. > > trafficserver seems to call a non-existent script: > > [pid 15115] execve("/usr/bin/example_alarm_bin.sh", ["example_alarm_bin.sh", > "[TrafficManager] Traffic Server process was reset."], 0x55d49c30ceb0 /* 41 > vars */ <unfinished ...> > > > => this script is not configured in the configs, it's hardcoded as it looks. > <= Interesting! This is upstream and probably is not desirable, or the script should be installed as part of the install target and package. https://github.com/apache/trafficserver/blob/master/mgmt/RecordsConfig.cc#L293 https://github.com/apache/trafficserver/blob/master/proxy/example_alarm_bin.sh I'll discuss upstream what the best resolution is for this. |
Version-Release number of selected component (if applicable): Name : trafficserver Version : 9.1.2 Release : 8.fc35 Architecture: x86_64 Install Date: Sa 25 Jun 2022 10:52:11 CEST Description of problem: ATS does not start: [root ~]# systemctl start trafficserver.service [root ~]# systemctl status trafficserver.service ● trafficserver.service - Apache Traffic Server is a fast, scalable and extensible caching proxy server. Loaded: loaded (/usr/lib/systemd/system/trafficserver.service; disabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since Sat 2022-06-25 11:06:28 CEST; 1s ago Docs: man:traffic_server(8) Process: 4608 ExecStart=/usr/bin/traffic_manager $TM_DAEMON_ARGS (code=exited, status=70) Main PID: 4608 (code=exited, status=70) CPU: 16ms the service files names this cap: AmbientCapabilities=CAP_NET_BIND_SERVICE But thats all hints we have here: 2022-06-25T11:06:38.906071+02:00 traffic_manager[4633]: NOTE: --- Manager Starting --- 2022-06-25T11:06:38.906205+02:00 traffic_manager[4633]: NOTE: Manager Version: Apache Traffic Server - traffic_manager - 9.1.2 - (build # 061300 on Jun 13 2022 at 00:00:00) 2022-06-25T11:06:38.910390+02:00 traffic_manager[4633]: Fatal: failed to acquire privileged capabilities: Operation not permitted 2022-06-25T11:06:38.910519+02:00 traffic_manager[4633]: Fatal: failed to acquire privileged capabilities: Operation not permitted 2022-06-25T11:06:38.911239+02:00 systemd[1]: trafficserver.service: Main process exited, code=exited, status=70/SOFTWARE 2022-06-25T11:06:38.911485+02:00 systemd[1]: trafficserver.service: Failed with result 'exit-code'. Is this feature kernel dependend?