Talk signaling server (high performance backend) service fails to start

[pjrobertson]

Steps To Reproduce

1. Install the high-performance singaling server using bash /var/scripts/menu.sh and then walking through the Additional Apps > Talk process
2. Attempt to start the service using systemctl start signaling
3. Note how the service exits, with the following error:

Aug 06 22:56:36 example.com systemd[1]: Started Nextcloud Talk signaling server.
Aug 06 22:56:37 example.com systemd[1]: signaling.service: Main process exited, code=killed, status=31/SYS
Aug 06 22:56:37 example.com systemd[1]: signaling.service: Failed with result 'signal'.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:18: Unknown key name 'ExecPaths' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:21: Unknown key name 'NoExecPaths' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:26: Unknown key name 'ProcSubset' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:34: Unknown key name 'ProtectProc' in section 'Service', ignoring.
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Scheduled restart job, restart counter is at 1.
Aug 06 22:56:39 example.com systemd[1]: Stopped Nextcloud Talk signaling server.
Aug 06 22:56:39 example.com systemd[1]: Started Nextcloud Talk signaling server.
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Main process exited, code=killed, status=31/SYS
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Failed with result 'signal'.
Aug 06 22:56:41 example.com systemd[1]: signaling.service: Scheduled restart job, restart counter is at 2.
Aug 06 22:56:41 example.com systemd[1]: Stopped Nextcloud Talk signaling server.

If I run signaling normalling with /usr/bin/signaling --config /etc/signaling/server.conf it's fine.

Expected Result

Signaling service should run normally, without exiting

Actual Result

Signaling service exits with the following messages:

Aug 06 22:56:36 example.com systemd[1]: Started Nextcloud Talk signaling server.
Aug 06 22:56:37 example.com systemd[1]: signaling.service: Main process exited, code=killed, status=31/SYS
Aug 06 22:56:37 example.com systemd[1]: signaling.service: Failed with result 'signal'.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:18: Unknown key name 'ExecPaths' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:21: Unknown key name 'NoExecPaths' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:26: Unknown key name 'ProcSubset' in section 'Service', ignoring.
Aug 06 22:56:37 example.com systemd[1]: /lib/systemd/system/signaling.service:34: Unknown key name 'ProtectProc' in section 'Service', ignoring.
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Scheduled restart job, restart counter is at 1.
Aug 06 22:56:39 example.com systemd[1]: Stopped Nextcloud Talk signaling server.
Aug 06 22:56:39 example.com systemd[1]: Started Nextcloud Talk signaling server.
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Main process exited, code=killed, status=31/SYS
Aug 06 22:56:39 example.com systemd[1]: signaling.service: Failed with result 'signal'.
Aug 06 22:56:41 example.com systemd[1]: signaling.service: Scheduled restart job, restart counter is at 2.
Aug 06 22:56:41 example.com systemd[1]: Stopped Nextcloud Talk signaling server.

Screenshots, Videos, or Pastebins

No response

Additional Context

I am running Ubuntu 20.04 LTS, set up approximately 1 year ago using the vm script. I note that the README now states that Ubuntu 22.04 LTS is required, however the upgrade path from 20.04 to 22.04 LTS has not yet been opened, so I have not updated.

I am wondering if this could be the issue. If so, then it's possible that this is a more 'general' issue for users that installed the VM on earlier versions of ubuntu (20.04), and whether the menu.sh script should check the version of Ubuntu and make sure it matches the required version in the README.

Build Version

24.0.3

Environment

By downloading the VM

Environment Details

Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.4 LTS
Release:	20.04
Codename:	focal
me@home:~# uname -r
5.4.0-122-generic

[kerberos11]

actually it's the same here. I just bought a new vm to upgrade this year and i thought it was something i did. I noticed there is a lot more included in the system.d service labelled as "hardening".. when I comment it out though it starts but my calls keep getting disconnected so something isn't working correctly.

Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy

also the signaling app just got updated 3 days ago (as of writing) and someone else commented there as well with the same issue https://github.com/strukturag/nextcloud-spreed-signaling/issues/315#issue-1331140153

[enoch85]

Cc @morph027

[morph027]

Has been fixed in my packaging repo already. Just need to create an PR to the upstream repo.

[enoch85]

@morph027 OK, thanks!

[enoch85]

@morph027 any update?

[TERABITNET]

@morph027 We are still waiting for fix update.

[morph027]

Sorry, was on vacation. Should be fixed in 1.0.0-3 from my repo already. Upstream patch is still missing, will try to add today as it's such a tiny change ;)

[morph027]

# apt-cache policy nextcloud-spreed-signaling
nextcloud-spreed-signaling:
  Installed: 1.0.0-3
  Candidate: 1.0.0-3
  Version table:
 *** 1.0.0-3 500
        500 https://packaging.gitlab.io/nextcloud-spreed-signaling signaling/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.0-2 500
        500 https://packaging.gitlab.io/nextcloud-spreed-signaling signaling/main amd64 Packages
# dpkg -L nextcloud-spreed-signaling
/.
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/signaling.service
/etc
/etc/signaling
/usr
/usr/bin
/usr/bin/signaling
/usr/share
/usr/share/signaling
/usr/share/signaling/server.conf
/usr/share/doc
/usr/share/doc/nextcloud-spreed-signaling
/usr/share/doc/nextcloud-spreed-signaling/changelog.Debian.gz
/usr/share/doc/nextcloud-spreed-signaling/changelog.gz
# cat /lib/systemd/system/signaling.service
[Unit]
Description=Nextcloud Talk signaling server
After=janus.service
ConditionPathExists=/etc/signaling/server.conf

[Service]
ExecStart=/usr/bin/signaling --config /etc/signaling/server.conf
User=signaling
Group=signaling
Restart=on-failure
RestartSec=2s

# Makes sure that /etc/signaling is owned by this service
ConfigurationDirectory=signaling

# Hardening - see systemd.exec(5)
CapabilityBoundingSet=
ExecPaths=/usr/bin/signaling /usr/lib
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoExecPaths=/
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~ @privileged

[Install]
WantedBy=multi-user.target
# systemctl status signaling.service 
● signaling.service - Nextcloud Talk signaling server
     Loaded: loaded (/lib/systemd/system/signaling.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-08-19 12:24:17 CEST; 1min 29s ago
   Main PID: 3789240 (signaling)
      Tasks: 6 (limit: 2274)
     Memory: 3.5M
     CGroup: /system.slice/signaling.service
             └─3789240 /usr/bin/signaling --config /etc/signaling/server.conf

[enoch85]

@TERABITNET Can you please confirm this is working as intended?

[TERABITNET]

UPDATE

Running the main menu script... Testing if network is OK... Checking connection... Posting notification to users that are admins, this might take a while... Posting 'Update script started!' to: Fetching latest packages with apt... [⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻W: GPG error: https://packaging.gitlab.io/nats-server nats InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 797DFE3F4F80269B E: The repository 'https://packaging.gitlab.io/nats-server nats InRelease' is not signed. W: GPG error: https://packaging.gitlab.io/nextcloud-spreed-signaling signaling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 797DFE3F4F80269B E: The repository 'https://packaging.gitlab.io/nextcloud-spreed-signaling signaling InRelease' is not signed. W: GPG error: https://packaging.gitlab.io/repo/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 797DFE3F4F80269B E: The repository 'https://packaging.gitlab.io/repo/ubuntu jammy InRelease' is not signed. E: The repository 'https://packaging.gitlab.io/janus/jammy jammy Release' does not have a Release file. ] dpkg-query: no packages found matching veracrypt Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

[TERABITNET]

Installation failed. Please run this script again to uninstall if you want to clean the system, or choose to reinstall if you want to try again. Logging can be found by typing: journalctl -lfu signaling

[TERABITNET]

[⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻E: The repository 'https://packaging.gitlab.io/janus/jammy jammy Release' does not have a Release file. ] dpkg-query: no packages found matching nats-server [⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻E: The repository 'https://packaging.gitlab.io/janus/jammy jammy Release' does not have a Release file. ] Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: nats-server 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 4538 kB of archives. After this operation, 11.9 MB of additional disk space will be used. Get:1 https://packaging.gitlab.io/nats-server nats/main amd64 nats-server amd64 2.8.1-p0 [4538 kB] Fetched 4538 kB in 4s (1200 kB/s) Selecting previously unselected package nats-server. (Reading database ... 177379 files and directories currently installed.) Preparing to unpack .../nats-server_2.8.1-p0_amd64.deb ... Unpacking nats-server (2.8.1-p0) ... Setting up nats-server (2.8.1-p0) ... Created symlink /etc/systemd/system/multi-user.target.wants/nats-server.service → /lib/systemd/system/nats-server.service. Scanning processes... Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host. 19230 [⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻E: The repository 'https://packaging.gitlab.io/janus/jammy jammy Release' does not have a Release file. ] dpkg-query: no packages found matching janus [⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻E: The repository 'https://packaging.gitlab.io/janus/jammy jammy Release' does not have a Release file. ]

[morph027]

Looks like a different issue, the GPG key is missing for some repos. E.g. my janus builds are not enabled for Ubuntu 22.04 Jammy (as it ships an up to date version). @enoch85 i will try to add an if/else to the installation script, probably tomorrow as i'm out for a night camping ;)

[enoch85]

OK @morph027, sounds good! Please have this in mind: https://github.com/nextcloud/vm/blob/master/lib.sh#L2047-L2079

[morph027]

added this one: https://github.com/nextcloud/vm/pull/2381

[morph027]

@TERABITNET : after PR has been reviewed, approved and merged, please manually remove the wrong repo files:

rm -f /etc/apt/trusted.gpg.d/morph027-janus.asc /etc/apt/sources.list.d/morph027-janus.list

[enoch85]

It's now merged. Please test and close if working @TERABITNET

[TERABITNET]

Failed... Not working

[morph027]

Any output? (Please use code formatting for logs)

[TERABITNET]

Please ... install now again

[TERABITNET]

Installation failed. :/ │ Please run this script again to uninstall if you want to clean the system, or choose to reinstall if you want to try again. Logging can be found by typing: journalctl -lfu signaling

[enoch85]

Same error here when testing. Don't know if this helps but;

oot@test:~# journalctl -lfu signaling
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: mcu_janus.go:318: Created Janus session 8073243523671130
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: mcu_janus.go:325: Created Janus handle 7761754940602041
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: main.go:263: Using janus MCU
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: hub.go:386: Using a timeout of 10s for MCU requests
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: backend_server.go:95: Using configured TURN API key
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: backend_server.go:96: Using configured shared TURN secret
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: backend_server.go:98: Adding "turn:test.danielhansson.nu:3478?transport=tcp" as TURN server
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: backend_server.go:98: Adding "turn:test.danielhansson.nu:3478?transport=udp" as TURN server
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: backend_server.go:105: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1
aug 23 20:27:45 test.danielhansson.nu signaling[3333413]: main.go:339: Listening on 127.0.0.1:8081

[TERABITNET]

Aug 24 15:55:29 my.domain.mn signaling[35801]: mcu_janus.go:318: Created Janus session 454954055245902 Aug 24 15:55:29 my.domain.mn signaling[35801]: mcu_janus.go:325: Created Janus handle 1639340805812466 Aug 24 15:55:29 my.domain.mn signaling[35801]: main.go:263: Using janus MCU Aug 24 15:55:29 my.domain.mn signaling[35801]: hub.go:386: Using a timeout of 10s for MCU requests Aug 24 15:55:29 my.domain.mn signaling[35801]: backend_server.go:95: Using configured TURN API key Aug 24 15:55:29 my.domain.mn signaling[35801]: backend_server.go:96: Using configured shared TURN secret Aug 24 15:55:29 my.domain.mn signaling[35801]: backend_server.go:98: Adding "turn:my.domain.mn:3478?transport=tcp" as TURN server Aug 24 15:55:29 my.domain.mn signaling[35801]: backend_server.go:98: Adding "turn:my.domain.mn:3478?transport=udp" as TURN server Aug 24 15:55:29 my.domain.mn signaling[35801]: backend_server.go:105: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1 Aug 24 15:55:29 my.domain.mn signaling[35801]: main.go:339: Listening on 127.0.0.1:8081

[enoch85]

@morph027 Do yo have any idea?

[morph027]

main.go:339: Listening on 127.0.0.1:8081 looks good for both services.

What does systemctl status signaling show?

[enoch85]

oot@test:~# systemctl status signaling 
● signaling.service - Nextcloud Talk signaling server
     Loaded: loaded (/lib/systemd/system/signaling.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-08-27 22:33:53 CEST; 28min ago
   Main PID: 1323 (signaling)
      Tasks: 7 (limit: 4568)
     Memory: 19.1M
        CPU: 283ms
     CGroup: /system.slice/signaling.service
             └─1323 /usr/bin/signaling --config /etc/signaling/server.conf

aug 27 22:33:53 test.danielhansson.nu signaling[1323]: mcu_janus.go:318: Created Janus session 3094298397527299
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: mcu_janus.go:325: Created Janus handle 5199128076360435
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: main.go:263: Using janus MCU
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: hub.go:386: Using a timeout of 10s for MCU requests
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: backend_server.go:95: Using configured TURN API key
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: backend_server.go:96: Using configured shared TURN secret
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: backend_server.go:98: Adding "turn:test.danielhansson.nu:3478?transport=tcp" as TURN server
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: backend_server.go:98: Adding "turn:test.danielhansson.nu:3478?transport=udp" as TURN server
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: backend_server.go:105: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1
aug 27 22:33:53 test.danielhansson.nu signaling[1323]: main.go:339: Listening on 127.0.0.1:8081

@morph027

[enoch85]

During reinstallation:

=x9jY
-----END PGP PUBLIC KEY BLOCK-----
[⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻W: GPG error: https://packaging.gitlab.io/nats-server nats InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 797DFE3F4F80269B
E: The repository 'https://packaging.gitlab.io/nats-server nats InRelease' is not signed.
]
dpkg-query: no packages found matching coturn
[⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻⣾⣽⣻W: GPG error: https://packaging.gitlab.io/nats-server nats InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 797DFE3F4F80269B
E: The repository 'https://packaging.gitlab.io/nats-server nats InRelease' is not signed.
]

[enoch85]

@TERABITNET Should be fixed now, please try again. Had a closer look at it.

@morph027 Would be nice if you could sign those nats packages!

[morph027]

Fixed signing...not sure what went wrong there

[TERABITNET]

Nice.. Thank you