icinga2 icon indicating copy to clipboard operation
icinga2 copied to clipboard

Published 20 hours ago verified publisher icon Icinga

boost::filesystem::copy_file: Permission denied failure running node wizard on FreeBSD 12.1

Open bcstechdept opened this issue 4 years ago • 10 comments

Describe the bug

Icinga node wizard crashes with the following error on FreeBSD 12.1 (tested on -p1 and -p2):

Reconfiguring Icinga...
critical/cli: Cannot disable feature 'notification'. Unlinking target file '/usr/local/etc/icinga2/features-enabled/notification.conf' failed with error code 13, "Permission denied".
critical/cli: Cannot disable feature(s): notification
Enabling feature api. Make sure to restart Icinga 2 for these changes to take effect.
critical/cli: Cannot enable feature 'api'. Linking source '../features-available/api.conf' to target file '/usr/local/etc/icinga2/features-enabled/api.conf' failed with error code 13, "Permission denied".
critical/cli: Cannot enable feature(s): api
critical/Application: Error: boost::filesystem::copy_file: Permission denied: "/usr/local/etc/icinga2/features-available/api.conf", "/usr/local/etc/icinga2/features-available/api.conf.orig"

The crash appears to occur when the node wizard is attempting to configure the available modules.
It is still possible to set up Icinga manually.

To Reproduce

Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include configuration, logs, etc. to reproduce, if relevant.

  1. Install FreeBSD 12.1
  2. Install Icinga2 via pkg (pkg install icinga2 monitoring-plugins)
  3. Run icinga2 node wizard with sudo, doas, or as root
  4. Walk through node the node wizard
  5. Observe crash

Expected behavior

Node wizard to finish successfully

Screenshots

N/A

Your Environment

Include as many relevant details about the environment you experienced the problem in

  • Version used (icinga2 --version): version: r2.11.2-1

  • Operating System and version: FreeBSD 12.1-RELEASE-p2 GENERIC

  • Enabled features (icinga2 feature list): api, checker, mainlog

  • Icinga Web 2 version and modules (System - About): N/A

  • Config validation (icinga2 daemon -C):
    [2020-02-25 14:41:44 -0800] information/cli: Icinga application loader (version: r2.11.2-1) [2020-02-25 14:41:44 -0800] information/cli: Loading configuration file(s). [2020-02-25 14:41:44 -0800] information/ConfigItem: Committing config item(s). [2020-02-25 14:41:44 -0800] information/ApiListener: My API identity: vault-01.domain.tld [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 1 ApiListener. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 235 CheckCommands. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 1 FileLogger. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 3 Endpoints. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 1 IcingaApplication. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 3 Zones. [2020-02-25 14:41:44 -0800] information/ConfigItem: Instantiated 1 CheckerComponent. [2020-02-25 14:41:44 -0800] information/ScriptGlobal: Dumping variables to file '/var/cache/icinga2/icinga2.vars' [2020-02-25 14:41:44 -0800] information/cli: Finished validating the configuration file(s).

  • If you run multiple Icinga 2 instances, the zones.conf file (or icinga2 object list --type Endpoint and icinga2 object list --type Zone) from all affected nodes.
    Node wizard does not reach the point where it modifies icinga2.conf or zones.conf

Additional context

Tried running node wizard with sudo, doas, and elevating to root. Tried with zsh, bash, and csh.

report.1582668793.103486.txt

bcstechdept avatar Feb 25 '20 22:02 bcstechdept

@bsdlme Can you please have a look here? I don't have a FreeBSD at hand and I remember you saying that you needed to adopt permissions and "run as".

@bcstechdept did you create an issue upstream in ports already too, or can you link it?

dnsmichi avatar Feb 26 '20 08:02 dnsmichi

Hi @dnsmichi, I have not created an issue upstream in the ports system or notified the maintainer yet. I am certainly willing to do so.

bcstechdept avatar Feb 26 '20 15:02 bcstechdept

I have the same issue

djschilling avatar Oct 09 '20 14:10 djschilling

I'm also having this issue in FreeBSD 12.1 p8.

imp1sh avatar Nov 01 '20 12:11 imp1sh

Same issue here: 12.2-RELEASE-p2

Caught unhandled exception.
Current time: 2021-01-04 23:49:16 +0000

  Application version: r2.12.1-1

System information:
  Platform: FreeBSD
  Platform version: 12.2-RELEASE-p2
  Kernel: FreeBSD
  Kernel version: 12.2-RELEASE-p2
  Architecture: amd64

Build information:
  Compiler: Clang 8.0.1
  Build host: 121amd64-quarterly-job-06
  OpenSSL version: OpenSSL 1.1.1h-freebsd  22 Sep 2020

Application information:

General paths:
  Config directory: /usr/local/etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /var/run/icinga2

Old paths (deprecated):
  Installation root: /usr/local
  Sysconf directory: /usr/local/etc
  Run directory (base): /var/run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/local/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /var/run/icinga2/icinga2.pid

Error: boost::filesystem::copy_file: Permission denied: "/usr/local/etc/icinga2/features-available/api.conf", "/usr/local/etc/icinga2/features-available/api.conf.orig"


        (0) 0x8013bffa9 <__cxa_rethrow+0x159> at /lib/libcxxrt.so.1
        (1) 0x58b192 <__cxa_throw+0x1c2> at /usr/local/lib/icinga2/sbin/icinga2
        (2) 0x800d6b180 <_ZN5boost10filesystem16filesystem_error14get_empty_pathEv+0x4a0> at /usr/local/lib/libboost_filesystem.so.1.72.0
        (3) 0x800d6f801 <_ZN5boost10filesystem6detail9copy_fileERKNS0_4pathES4_NS1_11copy_optionEPNS_6system10error_codeE+0x391> at /usr/local/lib/libboost_filesystem.so.1.72.0
        (4) 0x5ca59b <__cxa_throw+0x3f5cb> at /usr/local/lib/icinga2/sbin/icinga2
        (5) 0x89c2da <_ZNSt3__117__assoc_sub_stateD2Ev+0x18d7ca> at /usr/local/lib/icinga2/sbin/icinga2
        (6) 0x8c4cde <_ZNSt3__117__assoc_sub_stateD2Ev+0x1b61ce> at /usr/local/lib/icinga2/sbin/icinga2
        (7) 0x8bfeba <_ZNSt3__117__assoc_sub_stateD2Ev+0x1b13aa> at /usr/local/lib/icinga2/sbin/icinga2
        (8) 0x53ebf5 <_ZTVN5boost16exception_detail10clone_implINS0_19error_info_injectorISt12out_of_rangeEEEE+0x27df35> at /usr/local/lib/icinga2/sbin/icinga2
        (9) 0x53b3aa <_ZTVN5boost16exception_detail10clone_implINS0_19error_info_injectorISt12out_of_rangeEEEE+0x27a6ea> at /usr/local/lib/icinga2/sbin/icinga2



***
* This would indicate a runtime problem or configuration error. If you believe this is a bug in Icinga 2
* please submit a bug report at https://github.com/Icinga/icinga2 and include this stack trace as well as any other
* information that might be useful in order to reproduce this problem.
***
Failed to launch GDB: No such file or directory

8la avatar Jan 04 '21 23:01 8la

A workaround is to chown icinga:icinga /usr/local/etc/icinga2/features-available/ before running running icinga2 node setup. I suspect the node setup code drops privileges to the icinga user at some point, and that's why we get permission denied errors.

oyxnaut avatar Feb 22 '21 15:02 oyxnaut

Yes, chown'ing is a vaild workaround for this.

bsdlme avatar Feb 23 '21 13:02 bsdlme

OK folks, is this issue Icinga side or packaging side?

Al2Klimov avatar Oct 12 '21 16:10 Al2Klimov

I mean: could the FreeBSD packages chown, so that this works?

Al2Klimov avatar Feb 15 '22 17:02 Al2Klimov

Yes, but I no longer maintain the FreeBSD port. @joneum is the new maintainer and can implement it.

bsdlme avatar May 12 '22 08:05 bsdlme

In contrast to FreeBSD (tested 12.x) /etc/icinga2/features-available belongs to the Icinga user on Linux. This is a packaging problem.

Al2Klimov avatar Sep 20 '22 11:09 Al2Klimov