fastboot-aws icon indicating copy to clipboard operation
fastboot-aws copied to clipboard
verified publisher icon ember-fastboot

Permission Error running `npm install` on elasticbeanstalk

Open sevab opened this issue 8 years ago • 17 comments

I've managed to successfully create an Elastic Beanstalk app following the documentation.

The ember app itself is zipped and deployed to S3 via ember-cli-deploy-elastic-beanstalk, which the eb server manages to successfully download and unzip, however a permission error is logged when fastboot-s3-downloader tries to run cd deploy-dist && npm install:

No FASTBOOT_REDIS_HOST or FASTBOOT_REDIS_PORT provided; caching is disabled.
[2016-12-27T17:04:27.885Z][m3467] downloading app
[2016-12-27T17:04:27.886Z][m3467] fetching current app version from cb-ember-assets-staging/fastboot-dist.json
[2016-12-27T17:04:28.007Z][m3467] got config { bucket: 'cb-ember-assets-staging',
  key: 'deploy-dist-be5a0f41c7886b05bfe3bbaa36f48985.zip' }
[2016-12-27T17:04:28.012Z][m3467] removing deploy-dist
[2016-12-27T17:04:28.023Z][m3467] saving S3 object cb-ember-assets-staging/deploy-dist-be5a0f41c7886b05bfe3bbaa36f48985.zip to deploy-dist-be5a0f41c7886b05bfe3bbaa36f48985.zip
[2016-12-27T17:04:28.234Z][m3467] unzipped deploy-dist-be5a0f41c7886b05bfe3bbaa36f48985.zip
[2016-12-27T17:04:28.881Z][m3467] error running command cd deploy-dist && npm install
[2016-12-27T17:04:28.881Z][m3467] npm WARN locking Error: EACCES: permission denied, open '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock'
npm WARN locking     at Error (native)
npm WARN locking  /tmp/.npm/_locks/staging-f212e8d64a01707f.lock failed { Error: EACCES: permission denied, open '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock'
npm WARN locking     at Error (native)
npm WARN locking   errno: -13,
npm WARN locking   code: 'EACCES',
npm WARN locking   syscall: 'open',
npm WARN locking   path: '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock' }
npm WARN deploy-dist No description
npm WARN deploy-dist No repository field.
npm WARN deploy-dist No license field.
npm ERR! Linux 4.4.35-33.55.amzn1.x86_64
npm ERR! argv "/opt/elasticbeanstalk/node-install/node-v6.9.1-linux-x64/bin/node" "/opt/elasticbeanstalk/node-install/node-v6.9.1-linux-x64/bin/npm" "install"
npm ERR! node v6.9.1
npm ERR! npm  v3.10.8
npm ERR! path /tmp/.npm/_locks/staging-f212e8d64a01707f.lock
npm ERR! code EACCES
npm ERR! errno -13
npm ERR! syscall open

npm ERR! Error: EACCES: permission denied, open '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock'
npm ERR!     at Error (native)
npm ERR!  { Error: EACCES: permission denied, open '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock'
npm ERR!     at Error (native)
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'open',
npm ERR!   path: '/tmp/.npm/_locks/staging-f212e8d64a01707f.lock' }
npm ERR!
npm ERR! Please try running this command again as root/Administrator.

npm ERR! Please include the following file with any support request:
npm ERR!     /var/app/current/deploy-dist/npm-debug.log

[2016-12-27T17:04:28.881Z][m3467] unable to install npm dependencies
[2016-12-27T17:04:28.882Z][m3467] subscribing to update notifications
[2016-12-27T17:04:28.918Z][m3467] forked worker 3530
[2016-12-27T17:04:28.919Z][m3467] worker online
No FASTBOOT_REDIS_HOST or FASTBOOT_REDIS_PORT provided; caching is disabled.
[2016-12-27T17:04:29.697Z][w3530] starting HTTP server
[2016-12-27T17:04:29.708Z][w3530] HTTP server started; url=http://:::8081

The server is able to start regardless, because ember-deploy includes node_modules as part of dist-deploy.zip, but it would be nice to avoid this error.

A brute force solution would be to have fastboot-s3-downloader run npm install with sudo, but that probably should be avoided.

Would appreciate any help if anyone dealt with this issue as well.

Things tried so far that didn't work:

sevab avatar Dec 27 '16 17:12 sevab

The solution is to add permissions to the nodejs user, so it can access /tmp/.npm. In ElasticBeanstalk this can be achieved by adding a file .ebextensions/00_change_npm_permissions.config with the following contents:

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/post/00_set_tmp_permissions.sh":
    mode: "000755"
    owner: root
    group: root
    content: |
      #!/usr/bin/env bash
      chown -R nodejs:nodejs /tmp/.npm

Then committing it into the repo and making an eb deploy.

I can submit a documentation PR regarding this.

sevab avatar Jan 13 '17 17:01 sevab

Thanks @sevab - this was very helpful :)

ghost avatar Jan 13 '17 22:01 ghost

Hi @sevab, where should I put .ebextensions/00_change_npm_permissions.config file?

IAmJulianAcosta avatar Mar 09 '17 23:03 IAmJulianAcosta

@IAmJulianAcosta in the .ebextensions directory at the root of your elasticbean project.

sevab avatar Mar 09 '17 23:03 sevab

Thanks @sevab it was very helpful indeed.

cubbuk avatar Mar 29 '17 15:03 cubbuk

Thanks! We had the same issue with the "sharp" library and that fixed the problem. Basically it would install correctly when launching a new environment, but not when doing an eb deploy. Leading to

51771 error code ELIFECYCLE
51772 error [email protected] install: `node-gyp rebuild`
51772 error Exit status 1
51773 error Failed at the [email protected] install script 'node-gyp rebuild'.

The permission config fixed it.

klemensz avatar Aug 03 '17 13:08 klemensz

Unrelated to fastboot, I had also permission denied errors when running node-gyp. I found out that while npm install was run by root, node-gyp invocations it started were run by the user ec2-user, which obviously lacked access to the root-owned directories /tmp/deployment/application/node_modules/, /tmp/.npm, and /tmp/.config.

My solution was to instruct npm to use the same user (i.e. root via unsafe-perm=true) - see https://stackoverflow.com/questions/46001516/beanstalk-node-js-deployment-node-gyp-fails-due-to-permission-denied/46001517#46001517

I wonder whether it would work also in this ☝️ case, instead of changing permissions on /tmp?

holyjak avatar Sep 01 '17 13:09 holyjak

@jakubholynet Interesting... actually I need to revert my comment from above, the permission config didn't fix the error (only temporarily). In the end moving away to another library that doesn't need node-gyp was the "solution" for us.

klemensz avatar Sep 01 '17 17:09 klemensz

@jakubholynet I faced with the similar problem, but I know that starting npm install from root it's not the best idea, so I've made following changes in my scripts

sudo -u ec2-user -H npm install --production

And then problem has been gone

nnn406 avatar Oct 19 '17 11:10 nnn406

Use .npmrc file to configure unsafe-perm to true for node-gyp commands on aws.

https://stackoverflow.com/questions/46001516/beanstalk-node-js-deployment-node-gyp-fails-due-to-permission-denied/46001517#46001517

sauravazad avatar Jan 09 '18 12:01 sauravazad

Thanks! tir. 9. jan. 2018 kl. 13.41 skrev sauravazad [email protected]:

Use .npmrc file to configure unsafe-perm to true for node-gyp commands on aws.

https://stackoverflow.com/questions/46001516/beanstalk-node-js-deployment-node-gyp-fails-due-to-permission-denied/46001517#46001517

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/tomdale/fastboot-aws/issues/4#issuecomment-356273164, or mute the thread https://github.com/notifications/unsubscribe-auth/AAmJPgQAnEljJPXyK8Az1qn1sy30-tCqks5tI15XgaJpZM4LWai5 .

holyjak avatar Jan 09 '18 14:01 holyjak

This does not work. Everyone has pointed to this link https://stackoverflow.com/questions/46001516/beanstalk-node-js-deployment-node-gyp-fails-due-to-permission-denied/46001517#46001517. However setting that unsafe-perm to true still doesn't work.

chuks avatar Jan 25 '18 02:01 chuks

@nnnikolay The documentation says that Elastic Beanstalks runs npm install --production by default: https://docs.aws.amazon.com/de_de/elasticbeanstalk/latest/dg/nodejs-platform-packagejson.html

klemensz avatar Oct 16 '18 12:10 klemensz

Hi there, I had the same issue, tried with .npmrc file that solved it. After a month got again a permission issue on /tmp/.npm, and /tmp/.config. It happen to be that those folders where suddenly missing from the environment. I needed to change the elastic beanstalk deployment configuration to "immutable" which force deployment from scratch. And that solved the issue. Hope it helps...

nbimc avatar Jan 07 '19 12:01 nbimc

If you do not already have a .ebextensions folder in the root of your project, create it. Then create a file in .ebextensions named 01_fix_permissions.config. EB knows to run files in the .ebextensions folder at the beginning of the deployment in order, which is why the “01” prefix is used. Inside this file enter the following:

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/pre/49_change_permissions.sh":
    mode: "000755"
    owner: root
    group: root
    content: |
      #!/usr/bin/env bash
      sudo chown -R ec2-user:ec2-user tmp/
      set -xe
      /opt/elasticbeanstalk/bin/healthd-track-pidfile --proxy nginx

bthiban avatar Jan 16 '19 06:01 bthiban

@jakubholynet I faced with the similar problem, but I know that starting npm install from root it's not the best idea, so I've made following changes in my scripts

sudo -u ec2-user -H npm install --production

And then problem has been gone

Which script?

junhua avatar Dec 19 '19 03:12 junhua

Add a file named .npmrc to the application with the content:

unsafe-perm=true Now use the following command before pushing it to ElasticBeanStalk:

git add .npmrc
 git commit -m"EB issue fix"

Now deploy your code. It should work.

akashgangrade avatar Jul 22 '20 09:07 akashgangrade