installation issue
1,486 views
Skip to first unread message
Andrew Meyer
Sep 25, 2020, 1:08:45 PM9/25/20
to NetBox
I am working on getting netbox set up on CentOS 8. I have everything installed and configured after going through the documentation. When I go to start the netbox and netbox-rq service it fails. Checking /var/log/messages results in this:
Sep 25 12:04:12 netbox-centos systemd[26958]: netbox-rq.service: Failed to execute command: Permission denied
Sep 25 12:04:12 netbox-centos systemd[26958]: netbox-rq.service: Failed at step EXEC spawning /opt/netbox/venv/bin/python3: Permission denied
Sep 25 12:04:12 netbox-centos systemd[26959]: netbox.service: Failed to execute command: Permission denied
Sep 25 12:04:12 netbox-centos systemd[26959]: netbox.service: Failed at step EXEC spawning /opt/netbox/venv/bin/gunicorn: Permission denied
Sep 25 12:04:12 netbox-centos systemd[1]: netbox-rq.service: Main process exited, code=exited, status=203/EXEC
Sep 25 12:04:12 netbox-centos systemd[1]: netbox-rq.service: Failed with result 'exit-code'.
Sep 25 12:04:12 netbox-centos systemd[1]: netbox.service: Main process exited, code=exited, status=203/EXEC
Sep 25 12:04:12 netbox-centos systemd[1]: netbox.service: Failed with result 'exit-code'.
Sep 25 12:04:12 netbox-centos systemd[26958]: netbox-rq.service: Failed at step EXEC spawning /opt/netbox/venv/bin/python3: Permission denied
Sep 25 12:04:12 netbox-centos systemd[26959]: netbox.service: Failed to execute command: Permission denied
Sep 25 12:04:12 netbox-centos systemd[26959]: netbox.service: Failed at step EXEC spawning /opt/netbox/venv/bin/gunicorn: Permission denied
Sep 25 12:04:12 netbox-centos systemd[1]: netbox-rq.service: Main process exited, code=exited, status=203/EXEC
Sep 25 12:04:12 netbox-centos systemd[1]: netbox-rq.service: Failed with result 'exit-code'.
Sep 25 12:04:12 netbox-centos systemd[1]: netbox.service: Main process exited, code=exited, status=203/EXEC
Sep 25 12:04:12 netbox-centos systemd[1]: netbox.service: Failed with result 'exit-code'.
Permission for /opt/netbox is root:root. Directions didn't really say to change that though. Not sure what the issue is...any help is greatly appreciated!
Rob Duffy
Sep 25, 2020, 1:09:48 PM9/25/20
to Andrew Meyer, NetBox
Try starting it with sudo.
sudo systemctl start netbox netbox-rq
--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/f474b8ed-5fa7-4436-a036-7453fde541ebn%40googlegroups.com.
Andrew Meyer
Sep 25, 2020, 1:22:47 PM9/25/20
to NetBox
That's what I am doing.
Rob Duffy
Sep 25, 2020, 1:32:43 PM9/25/20
to Andrew Meyer, NetBox
You might have to su root and run it there. Can you paste the contents of your /etc/systemd/system/netbox.service file?
Here are my permissions and systemd file.
netbox@netbox:~$ ls -lah /opt/
total 12K
drwxr-xr-x 3 root root 4.0K Sep 27 2017 .
drwxr-xr-x 22 root root 4.0K Oct 1 2017 ..
drwxr-xr-x 10 root root 4.0K Jun 22 15:37 netbox
netbox@netbox:~$ cat /etc/systemd/system/netbox
netbox-rq.service netbox.service
netbox@netbox:~$ cat /etc/systemd/system/netbox.service
[Unit]
Description=NetBox WSGI Service
Documentation=https://netbox.readthedocs.io/en/stable/
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=netbox
Group=netbox
PIDFile=/var/tmp/netbox.pid
WorkingDirectory=/opt/netbox
ExecStart=/opt/netbox/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
Restart=on-failure
RestartSec=30
PrivateTmp=true
[Install]
WantedBy=multi-user.target
total 12K
drwxr-xr-x 3 root root 4.0K Sep 27 2017 .
drwxr-xr-x 22 root root 4.0K Oct 1 2017 ..
drwxr-xr-x 10 root root 4.0K Jun 22 15:37 netbox
netbox@netbox:~$ cat /etc/systemd/system/netbox
netbox-rq.service netbox.service
netbox@netbox:~$ cat /etc/systemd/system/netbox.service
[Unit]
Description=NetBox WSGI Service
Documentation=https://netbox.readthedocs.io/en/stable/
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=netbox
Group=netbox
PIDFile=/var/tmp/netbox.pid
WorkingDirectory=/opt/netbox
ExecStart=/opt/netbox/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
Restart=on-failure
RestartSec=30
PrivateTmp=true
[Install]
WantedBy=multi-user.target
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/28ad955b-c8a3-4833-8615-663342a2c3a4n%40googlegroups.com.
Andrew Meyer
Sep 25, 2020, 1:36:30 PM9/25/20
to NetBox
Changed permissions from root to netbox for owner and group and fixed the issue.
Andrew Meyer
Sep 25, 2020, 1:56:53 PM9/25/20
to NetBox
Welp sort of fixed it. Now i'm getting this after dealing with SELinux
Sep 25 12:54:24 netbox-centos systemd[1]: netbox.service: Service RestartSec=30s expired, scheduling restart.
Sep 25 12:54:24 netbox-centos systemd[1]: netbox.service: Scheduled restart job, restart counter is at 8.
Sep 25 12:54:24 netbox-centos systemd[1]: Stopped NetBox WSGI Service.
Sep 25 12:54:24 netbox-centos systemd[1]: Started NetBox WSGI Service.
Sep 25 12:54:25 netbox-centos gunicorn[1986]: Traceback (most recent call last):
Sep 25 12:54:25 netbox-centos gunicorn[1986]: File "/opt/netbox/venv/bin/gunicorn", line 7, in <module>
Sep 25 12:54:25 netbox-centos gunicorn[1986]: from gunicorn.app.wsgiapp import run
Sep 25 12:54:25 netbox-centos gunicorn[1986]: ModuleNotFoundError: No module named 'gunicorn'
Sep 25 12:54:25 netbox-centos systemd[1]: netbox.service: Main process exited, code=exited, status=1/FAILURE
Sep 25 12:54:25 netbox-centos systemd[1]: netbox.service: Failed with result 'exit-code'.
Sep 25 12:54:28 netbox-centos dbus-daemon[957]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.21' (uid=0 pid=926 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Sep 25 12:54:28 netbox-centos dbus-daemon[1991]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted
Sep 25 12:54:28 netbox-centos dbus-daemon[957]: [system] Successfully activated service 'org.fedoraproject.Setroublesho
Sep 25 12:54:24 netbox-centos systemd[1]: netbox.service: Scheduled restart job, restart counter is at 8.
Sep 25 12:54:24 netbox-centos systemd[1]: Stopped NetBox WSGI Service.
Sep 25 12:54:24 netbox-centos systemd[1]: Started NetBox WSGI Service.
Sep 25 12:54:25 netbox-centos gunicorn[1986]: Traceback (most recent call last):
Sep 25 12:54:25 netbox-centos gunicorn[1986]: File "/opt/netbox/venv/bin/gunicorn", line 7, in <module>
Sep 25 12:54:25 netbox-centos gunicorn[1986]: from gunicorn.app.wsgiapp import run
Sep 25 12:54:25 netbox-centos gunicorn[1986]: ModuleNotFoundError: No module named 'gunicorn'
Sep 25 12:54:25 netbox-centos systemd[1]: netbox.service: Main process exited, code=exited, status=1/FAILURE
Sep 25 12:54:25 netbox-centos systemd[1]: netbox.service: Failed with result 'exit-code'.
Sep 25 12:54:28 netbox-centos dbus-daemon[957]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.21' (uid=0 pid=926 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Sep 25 12:54:28 netbox-centos dbus-daemon[1991]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted
Sep 25 12:54:28 netbox-centos dbus-daemon[957]: [system] Successfully activated service 'org.fedoraproject.Setroublesho
Andrew Meyer
Sep 25, 2020, 5:32:29 PM9/25/20
to Rob Duffy, NetBox
So for some reason this didn't make it to the google group. But I have httpd_can_network_connect
httpd_can_network_connect_db and http_can_network_relay on. As for the semanage fcontext I have it set to httpd_sys_rw_content_t for /opt/netbox.
I am about to try your last line.
Please remember to reply to all if there are multiple recipients.
314-277-3307 (Cell)
314-266-4837 (Google Voice)
On Fri, Sep 25, 2020 at 1:59 PM Rob Duffy <r...@duffy.tech> wrote:
You can either disable SELinux or update your SELinux contexts. I run Netbox on Ubuntu so this hasn't been tested. You might need to modify the Python binary name in the last command.setsebool -P httpd_can_network_connect on;setsebool httpd_can_network_connect on
semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox
runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8000 --insecure
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/4fbf07d5-def0-4463-9bee-e42156d37014n%40googlegroups.com.
Rob Duffy
Sep 25, 2020, 5:32:29 PM9/25/20
to Andrew Meyer, NetBox
You can either disable SELinux or update your SELinux contexts. I run Netbox on Ubuntu so this hasn't been tested. You might need to modify the Python binary name in the last command.
setsebool -P httpd_can_network_connect on;setsebool httpd_can_network_connect on
semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox
runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8000 --insecure
semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox
runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8000 --insecure
On Fri, 25 Sep 2020 at 18:56, Andrew Meyer <andre...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/4fbf07d5-def0-4463-9bee-e42156d37014n%40googlegroups.com.
Andrew Meyer
Sep 25, 2020, 9:20:44 PM9/25/20
to NetBox
So I allowed the boolean options through already.
But then tried the the runcon command and got this:
[ameyer@netbox-centos ~]$ runcon -u system_u -r object_r -t httpd_sys_rw_content_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8000 --insecure
runcon: ‘python3.6’: Permission denied
[ameyer@netbox-centos ~]$ sudo runcon -u system_u -r object_r -t httpd_sys_rw_content_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8000 --insecure
runcon: ‘python3.6’: Permission denied
[ameyer@netbox-centos ~]$
Paul Townsend
Sep 26, 2020, 5:28:01 AM9/26/20
to netbox-...@googlegroups.com
FWIW, I run NetBox on CentOS 8 with SELinux and didn't have any of these
issues.
The only path that needs netbox:netbox ownership is
/opt/netbox/netbox/media, and the only SELinux change needed was
"setsebool -P httpd_can_network_connect 1" to get the reverse proxy
working.
issues.
The only path that needs netbox:netbox ownership is
/opt/netbox/netbox/media, and the only SELinux change needed was
"setsebool -P httpd_can_network_connect 1" to get the reverse proxy
working.
Andrew Meyer
Sep 26, 2020, 3:28:38 PM9/26/20
to NetBox
Interesting.
Reply all
Reply to author
Forward
0 new messages