search

stevejenkins / pihole-cloudsync

Syncs blocklists, blacklists, and whitelists across multiple Pi-holes using a private GitHub repo
MIT License
517 stars 104 forks source link

pihole-cloudsync --pull works manually but receive authentication error when systemd service runs #25

Open IconicLight opened 3 years ago

IconicLight commented 3 years ago

If I run /usr/local/bin/pihole-cloudsync/pihole-cloudsync --pull this works 100% without issue letting me know the stored credentials are working. When my systemd task runs this command I get a issue.

pihole-cloudsync[65509]: fatal: could not read Username for 'https://github.com': No such device or address

Jan 02 11:24:10 pihole2 pihole-cloudsync[65507]: error: Could not fetch origin

Jan 02 11:24:10 pihole2 pihole-cloudsync[65500]: Local Pi-hole lists match remote Git repo. No further action required.

Jan 02 11:24:10 pihole2 systemd[1]: pihole-cloudsync-update.service: Succeeded.

Even though it says succeeded it does not actually succeed in downloading updated data from the repo (because of failed authentication). I have tested and verified the changes did not pull down, and then ran the command manually and verified THAT pulled the change. I'm not sure why the command works manually but something in the automated command isn't recognizing the saved credentials. I went through the info in your guide and have verified the credential.helper is working so I'm thinking this is a 2FA specific issue with the personal access token I have setup to make this work.

IconicLight commented 3 years ago

So, I fixed my pihole2 server (Ubuntu 20.04) by adding sudo in front of the command in the systemd service file. I saw somewhere (that I now can't recall) that when running this on a raspberry pi (Raspbian) you would need to add sudo as well to make it work (which is how I have pihole1 setup). Tried this on my Ubuntu (pihole2) server and it resolved the issue. I will leave it like this for now, but would prefer not to have to run as root if it's not necessary.

I think the issue is that whatever user the systemd task is being run as is not a user I have saved credentials for hence why I get the issue about reading username. I'm not too sure of how to track down what user it's being ran as from systemd.

I wanted to at least post my workaround for anyone else stuck here.

mooleshacat commented 2 years ago

Try adding into /etc/systemd/system/pihole-cloudsync-update.service the following under [service]

User=root
Group=root

It should look like:

[Unit]
Description=PiHole Cloud Sync Data Puller service
Wants=pihole-cloudsync-update.timer

[Service]
Type=oneshot
User=root
Group=root
ExecStart=/usr/local/bin/pihole-cloudsync/pihole-cloudsync --pull
Slice=pihole-cloudsync-update.slice

[Install]
WantedBy=multi-user.target

Actually if you use the same locations you can just backup the original, and use this one.

I'd remove the sudo it really should not be used inside a service file.