systemd cannot start the backend due to cache signing key

[mightybyte]

In GitLab by @MichaelXavier on Aug 1, 2019, 18:26

After deploying to an EC2 machine running the latest nixos image (ami ami-0efc58fb70ae9a217 via https://nixos.org/nixos/download.html on us-east-1). nginx seems to start but the backend repeatedly fails while generating the cache signing key. From /var/lib/backend, tailing the logs I get the following again and again:

==> backend.err <==
backend: zeus-cache-key.sec: renameFile:renamePath:rename: permission denied (Permission denied)

==> backend.out <==
read settings: BackendSettings {_beSettings_webhookBaseUrl = Nothing, _beSettings_ipWhitelist = [Cidr {_cidrIp = 2274085441, _cidrMask = 32}]}
Generating cache signing key
/nix/store/mzrh3y44sqrxrbb0xba5li9y838ndyxs-nix-2.1.3/bin/nix-store --generate-binary-cache-key zeus.soostonelabs.com-1 zeus-cache-key.sec zeus-cache-key.pub

Both files are owned by backend, which seems to be the user that ought to be running this. zeus-cache-key.sec is chmodded to 600. Running the command that it is trying to run doesn't seem to complain:

su -s /run/current-system/sw/bin/bash -c '/nix/store/mzrh3y44sqrxrbb0xba5li9y838ndyxs-nix-2.1.3/bin/nix-store --generate-binary-cache-key zeus.soostonelabs.com-1 zeus-cache-key.sec zeus-cache-key.pub' backend exits with 0.

[mightybyte]

In GitLab by @MichaelXavier on Aug 1, 2019, 18:39

BTW it looks like if you run backend manually once, this issue clears and systemctl is able to run it in the future.

[mightybyte]

In GitLab by @mightybyte on Aug 16, 2019, 23:04

I believe this is fixed now. Thanks for the report.

[mightybyte]

In GitLab by @mightybyte on Aug 16, 2019, 23:04

closed