unable to start celery container with permission denied error

[Sp-TT]

What happened

with latest version, try to start all containers. Celery failed to start

got below permission denied error

PermissionError: [Errno 13] Permission denied: '/opt/deploy/intel_owl/configuration/analyzer_config.json' 2022-02-22 03:54:02,268 - celery.utils.dispatch.signal - send - ERROR - Signal handler <bound method DjangoFixup.on_import_modules of <celery.fixups.django.DjangoFixup object at 0x7f5f79825f10>> raised: PermissionError(13, 'Permission denied') Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/celery/utils/dispatch/signal.py", line 276, in send response = receiver(signal=self, sender=sender, **named) File "/usr/local/lib/python3.9/site-packages/celery/fixups/django.py", line 82, in on_import_modules self.worker_fixup.validate_models() File "/usr/local/lib/python3.9/site-packages/celery/fixups/django.py", line 120, in validate_models self.django_setup() File "/usr/local/lib/python3.9/site-packages/celery/fixups/django.py", line 116, in django_setup django.setup() File "/usr/local/lib/python3.9/site-packages/django/init.py", line 24, in setup apps.populate(settings.INSTALLED_APPS) File "/usr/local/lib/python3.9/site-packages/django/apps/registry.py", line 122, in populate app_config.ready() File "/opt/deploy/intel_owl/api_app/analyzers_manager/apps.py", line 15, in ready AnalyzerConfigSerializer.read_and_verify_config() File "/usr/local/lib/python3.9/site-packages/cache_memoize/init.py", line 127, in inner cache_key = _make_cache_key(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/cache_memoize/init.py", line 104, in _default_make_cache_key (quote(str(x)) for x in args_rewrite(*args)), File "/opt/deploy/intel_owl/api_app/core/serializers.py", line 168, in args_rewrite=lambda cls: f"{cls.name}-{cls._md5_config_file()}", File "/opt/deploy/intel_owl/api_app/core/serializers.py", line 160, in _md5_config_file with open(fpath, "r") as fp: PermissionError: [Errno 13] Permission denied: '/opt/deploy/intel_owl/configuration/analyzer_config.json'

Environment

1. OS: Redhat7
2. IntelOwl version: v3.3.1

Error messages and logs

[mlodic]

hey, thanks for reporting this.

Some questions:

• did you install the new version from scratch or you did upgrade from a previous version? In case, which one?
• did you manually change the file with that error? analyzer_config.json. This is pretty common to customize the analyzers configuration. Can you please check the permissions on that file? go to your IntelOwl installation directory, then into the configuration folder and you'll find it
• how did you start the containers? did you use the startup script as stated in the documentation?

The point is that I can't reproduce your error. So it is most probably some error on your deployment side.

[Sp-TT]

Thanks for your quick response

Some questions:

• did you install the new version from scratch or you did upgrade from a previous version? In case, which one? It is a new installation.

• did you manually change the file with that error? analyzer_config.json. This is pretty common to customize the analyzers configuration. Can you please check the permissions on that file? go to your IntelOwl installation directory, then into the configuration folder and you'll find it

 I didn't change the file. Tried to change file permission to fix it, but failed. Used to be root permission, now as below. 

• how did you start the containers? did you use the startup script as stated in the documentation?

Start with the startup script.

python3 start.py prod up

Feels like it is the json file permission issue, any advise will be great.

[mlodic]

The good permissions should be www-data:www-data. Could you try to set the values to that user/group and restart the application?

[Sp-TT]

The good permissions should be www-data:www-data. Could you try to set the values to that user/group and restart the application?

set values to apache:apache, still same permission error. It is running on redhat server

[mlodic]

but the application run with the www-data user so if the files are not set with those permissions the application is not able to get them. It does not matter where you deployed this. Please give that a chance

[Sp-TT]

but the application run with the www-data user so if the files are not set with those permissions the application is not able to get them. It does not matter where you deployed this. Please give that a chance

Tried this and got same error

[mlodic]

I am crying 😢 . It is so difficult to help remotely for this kind of non-reproducible errors.

Have you restarted the application after that change? python3 start.py prod down && python3 start.py prod up

Did you mention that this occured with a first clean installation? Cause I'd suggest you to just re-try to install everything from a clean OS. Then, we have not tested on RedHat specifically (we test on Debian-like) but should not be a problem considering that everything runs inside Docker

[BenjaminH-Sogeti]

If you can't run the app under www-data (which is not recommended), I have found this workaround :

chmod 755 configuration/  
chmod 666 configuration/*.*

And in intel_owl.ini remove the specification to run as www-data user&group:

#chown = www-data:www-data  
...  
#uid = www-data  
#gid = www-data

[Sp-TT]

If you can't run the app under www-data (which is not recommended), I have found this workaround :

chmod 755 configuration/  
chmod 666 configuration/*.*

And in intel_owl.ini remove the specification to run as www-data user&group:

#chown = www-data:www-data  
...  
#uid = www-data  
#gid = www-data

Thanks, chmod 755 configuration/ solved this problem.