Error directories access

[mtangaro]

Dear onedata developers, For the ELIXIR-ITALY use case we use Galaxy with Nginx as web server, exploiting the directory named nginx_upload_store, to upload data. During the upload procedure Nginx store data here. I've created it on my space:

(.venv) [galaxy@galaxy-test galaxy]$ mkdir -p nginx_upload_store (.venv) [galaxy@galaxy-test galaxy]$ ll total 0 -rw-rw-r--. 1 1220087 1245641 5 May 23 15:59 ciao.txt drwxr-xr-x. 1 1220087 1245641 0 May 31 09:49 _conda drwxr-xr-x. 1 1220087 1245641 0 Jun 1 09:51 database drwxr-xr-x. 1 1220087 1245641 0 Jun 1 09:51 job_work drwxrwxr-x. 1 1220087 1245641 0 Jun 1 19:13 nginx_upload_store -rw-rw-r--. 1 1220087 1245641 6 May 31 15:40 prova drwxr-xr-x. 1 1220087 1245641 0 May 31 09:37 tool_deps

but running nginx:

`(.venv) [galaxy@galaxy-test galaxy]$ sudo systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-06-01 19:12:20 UTC; 7s ago Process: 12769 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE) Process: 12768 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Starting The nginx HTTP and reverse proxy server... Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: [emerg] mkdir() "/data/galaxy/nginx_upload_store" failed (13: Permission denied) Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: configuration file /etc/nginx/nginx.conf test failed Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: nginx.service: control process exited, code=exited status=1 Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Failed to start The nginx HTTP and reverse proxy server. Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Unit nginx.service entered failed state. Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: nginx.service failed.`

For this reason I can't use onedata as storage to upload data. Do you have any idea to solve this issue?

Best Regards, Marco.

[luman75]

@mtangaro what is the UID for nginx process you are running. That case seems to be a UID mixup between owner of oneclient and nginx which usually runs on different account

[groundnuty]

@mtangaro can you elaborate a bit more? What is the architecture you are aiming at here?

[mtangaro]

I'm using "galaxy" as default user to run oneclient:

$ ps -aux | grep oneclient
galaxy    6027  1.0 17.9 1263932 367944 ?      Ssl  07:16   2:14 oneclient -H oneprovider-test.cloud.ba.infn.it -t MDAxNWxvY2F00aW9uIG9uZXpvbmUKMDAzYmlkZW500aWZpZXIgdWRJMGlndXgtMXlsUExsRlp3RV9QUTlQSWlBUGlOMnloRS1BajRiUlJidwowMDFhY2lkIHRpbWUgPCAxNTM2NjQ4Nzk2CjAwMmZzaWduYXR1cmUgloMSlNiVepWnNb5tHT2qbFihs1s57X00HmM01mB01cxSJkK /onedata --insecure -o nonempty

$ id -u galaxy
4001
 id -g galaxy
4001

To start nginx I've to user the superuser, of course. Then to use nginx worker I'm using "galaxy":

$ ps -aux | grep nginx
root     30851  0.0  0.1 172900  3084 ?        Ss   10:36   0:00 nginx: master process nginx
galaxy   30852  0.0  0.2 172900  5124 ?        S    10:36   0:00 nginx: worker process

This is the needed configuration to use nginx with the Galaxy workflow manager.

I've create the "nginx_upload_store" directory, on my space, mounted using oneclient using the galaxy user:

drwxrwxr-x 1 786371 1511344     0 Sep 15 10:42 nginx_upload_store/

[mtangaro]

So let me describe what's happening. Galaxy exploits NGINX upload module, to upload files. Nginx store them in this "nginx_upload_store", then Galaxy move them to its database directory. So NGINX needs the permissions on "nginx_upload_store" directory. I would avoid to create the nginx_upload_store directory on the VM and then move the files on onedata space. I can allow you to access to the VM, if you need it.