Install issues when not root


(Thornburg) #1
  1. Why is every thread here closed? There are several relevant threads where I feel like it would make more sense to post my individual questions, but every old thread is closed (whether or not the problem was actually solved). Doesn’t this make it hard to identify when several people are having the same problem?

  2. The install directions are no good. I had to cobble together answers from multiple sets of directions to get it working. ALSO, why in the world would I ever run a remote script without seeing its contents? This is the worst installation method ever.

  3. I eventually got Docker & Discourse running. Everything was fine, except I couldn’t SSH into the docker container. I’ve seen multiple statements that this is supposed to be “automatic” now. It’s not. How do I fix it? I’ve seen comments about copying a key somewhere, but no one says where I get the key (or even what key it is).

  4. The upgrade doesn’t work. It looks to me like it’s trying to do operations that require admin privileges without using sudo. Normally I would just SSH and run the commands with sudo myself, but I can’t (see 3).

Seriously regretting choosing this “modern” forum solution instead of an old standby.

P.S. I’m a professional linux admin and systems analyst. If I have this much trouble, what is the rest of the planet going to do?


(Ben T) #2

Only one part has you run scripts against your actual system. The http://get.docker.io/ script handles a lot of the variables and performs some basic checks. You can always read it before running it, and you can always install those packages by hand. Every thing else runs inside a separate container that is isolated from the main system; the launcher script is simply copying the configuration file into environment variables and instructing docker to pull the correct images.

I’ve had problems with this too… but I always thought it was something I was doing wrong. In fact, I just fired up a plain ubuntu vm and the key still did not copy correctly. I’ve got a vm packaged with the issue if needed.

I took some time and thought about this. It looks like it works if you bootstrap while fully logged in as root; and not if you escalate via sudo. If you go the sudo route, it tries to create a key for the non-root user but never copies it over.

What does not work exactly? Commands are being run against the docker container and not your actual system, so it does not require real or sudo root access. What step does it seem to hang on?


(Thornburg) #3

The “upgrade docker manager” part (which I have to run first) just returns a bunch of lines which end (Operation not permitted).

Here’s a snippet:

$ cd /var/www/discourse/plugins/docker_manager && git fetch && git reset --hard HEAD@{upstream}
error: unable to unlink old '.gitignore' (Operation not permitted)
error: unable to unlink old 'README.md' (Operation not permitted)
error: unable to unlink old 'app/controllers/docker_manager/admin_controller.rb' (Operation not permitted)
error: unable to unlink old 'app/controllers/docker_manager/application_controller.rb' (Operation not permitted)
error: unable to unlink old 'app/views/docker_manager/admin/index.html.erb' (Operation not permitted)

(Jeff Atwood) #4

@techapj can you repro this? If so we should fix the installer.


(Kane York) #5

As a guess… What user is that being run as?

The ./launcher ssh app should be dropping you in as root in the container.

Also, that ssh key generation problem sounds like a bug with the launcher script – it should be using $HOME, but it is using /root. (or maybe a custom location, e.g. save to `./ssh_key!)


(Thornburg) #6

As a guess… What user is that being run as?

The ./launcher ssh app should be dropping you in as root in the container.

Also, that ssh key generation problem sounds like a bug with the launcher script – it should be using $HOME, but it is using /root. (or maybe a custom location, e.g. save to `./ssh_key!)

I don’t know if that question was directed at me, but if I run ./launcher without sudo, I get an insufficient permissions error. If I run it under sudo, it asks me for root’s password when I try to SSH.


(Sam Saffron) #7

Yeah there are no provisions for account elevation in launcher, I am pretty sure this would be happening. Fixing is tricky bash voodoo.


(Thornburg) #8

Does anyone have any additional advice that might help me solve this?

I’m still unable to update.


(Sam Saffron) #9

Why not just run it under root?


(Thornburg) #10

Run what under root? I can’t SSH into the box, and the GUI upgrade doesn’t give me any option to change the way it runs.

Are you suggesting I reinstall using root instead of sudo?

Requiring root is a horrible security practice. I’m not sure that I want to use a product that requires it in order to work properly.


(Jeff Atwood) #11

Within the context of an already isolated VM or LXC container, it can make sense. And since our only recommended and supported install is Docker…


(Sam Saffron) #12

Run launcher as root, that is all.

su
./launcher bootstrap app

We handle all the permissions correctly inside the box and since you are already running sudo to execute launcher, well, there is no big diff.


(Thornburg) #13

Not liking this at all.

For one, your install guide should mention that you do all this stuff as root, and that it won’t work right if you sudo instead.

Also, having to su every time I restart my server is uncool. Or will I be able to use “start” without being root after I bootstrap as root?


(Thornburg) #14

I ran

./launcher boostrap app (as root)

and

./launcher start app (as root)

And I still get the same errors. The upgrade says “operation not permitted” if I run it through the gui, and ssh still asks for root’s password, even when run as root.


(Thornburg) #15

Nice.

Now it’s completely broken.

There was an error writing to the database, so no posts could be made (by any user).

I figured it might be a result of the mixed use of root (su) vs sudo, so I re-bootstrapped with sudo (since that’s the original configuration), and now it isn’t working at all.

The container refuses all connections, even though it’s “listening” on the correct ports.

UPDATE: A full server reboot got the connections working again, but it’s still impossible to create posts (500: Internal Server Error).

I did not change any settings or do anything of interest on the server between when it was working and when it failed.


(Jeff Atwood) #16

One thing that can cause Postgres database corruption is if somehow multiple Docker containers are trying to write to the database at the same time – remember that the database (and file uploads) are outside the Docker container, that’s why destroying and rebuilding containers doesn’t lose anything.


(Thornburg) #17

Discourse is the only container I have. I never used Docker before installing Discourse. I’ve never had two containers at the same time.

Nothing outside of Discourse uses Postgres.

Actually, my machine is currently reporting that Postgres isn’t even installed, which seems impossible, since I can still see all the posts/etc that were made before Discourse broke.

Or does the Postgres instance live entirely inside the container, invisible to the host machine?

EDIT: Postgres is listening on a few ports, so it’s clearly installed and running, whatever apt may tell me.


(Thornburg) #18

Did
./launcher destroy
./launcher bootstrap
./launcher start

All as root.

It’s working, for the moment. Including SSH.


(Jeff Atwood) #19

You can simply do ./launcher rebuild app instead of those three commands, it is equivalent.