Hey,
Before I make a ticket I wanted to verify expected behavior of the installer. On centos 6.4 I ran the "all in one" installer and everything under /usr/share/foreman had permissions of foreman:foreman. This is great, however since were using the apache passenger setup which runs under the apache user, apache cannot access many of the important items in the foreman directory required to run. One of these is the sqlite database (mysql would be different). Other issues are related to cache directory permissions.
example errors:
Rails Error: Unable to access log file. Please ensure that /usr/share/foreman/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
ActiveRecord::StatementInvalid (SQLite3::ReadOnlyException: attempt to write a readonly database: INSERT INTO "sessions" ("updated_at", "created_at", "data", "session_id") VALUES ('2013-03-20 21:08:31.419148', '2013-03-20 21:08:31.419148', 'BAh7BiIRb3JpZ2luYWxfdXJpIgYv
', '5a0ea800e8564d455dbc0a06a2fc86b4')):
chown -R apache:apache /usr/share/foreman fixes all these problems, except it won't handle the symlinks. So I had to also chown apache:apache the directories where the symlinks pointed to in /usr/share/foreman.
Did the installer miss a required step of chowning to apache user? Can we tell apache to use foreman user for that specific vhost? My main complaint is that I must add the apache user to the puppet group list, in addition to the installer not working out of the box.
Additionally I had to create the secret token (cd /usr/share/foreman && rake security:generate_token) which needs to be added to the installer post tasks.
Thanks,
Corey Osman
corey@logicminds.biz
Green IT and Data Center Automation Specialist
Dominic or Sam may correct me, as they spend more time on the Centos side
of things, but broadly speaking, it should all work, without the changes
you describe. Passenger should switch priviledges to the owner of the
config.ru in the application root (which would be owned by foreman:foreman)
and thus have access to all the of the application folder. I think the
focus of the efforts should be on why Passenger isn't doing that for you.
If it can't be solved, there's an option in the installer to specify what
user to run Foreman as - you could try setting that to 'apache'.
Greg
···
On 27 March 2013 18:21, Corey Osman wrote:
Hey,
Before I make a ticket I wanted to verify expected behavior of the
installer. On centos 6.4 I ran the “all in one” installer and everything
under /usr/share/foreman had permissions of foreman:foreman. This is
great, however since were using the apache passenger setup which runs under
the apache user, apache cannot access many of the important items in the
foreman directory required to run. One of these is the sqlite database
(mysql would be different). Other issues are related to cache directory
permissions.
Ok I am going to give it another go as maybe it was something I did. I'll
have a look at the config.ru, after the setup.
···
On Wednesday, March 27, 2013 11:34:53 AM UTC-7, Greg Sutcliffe wrote:
>
> On 27 March 2013 18:21, Corey Osman <co...@logicminds.biz > > wrote:
>
>> Hey,
>>
>> Before I make a ticket I wanted to verify expected behavior of the
>> installer. On centos 6.4 I ran the "all in one" installer and everything
>> under /usr/share/foreman had permissions of foreman:foreman. This is
>> great, however since were using the apache passenger setup which runs under
>> the apache user, apache cannot access many of the important items in the
>> foreman directory required to run. One of these is the sqlite database
>> (mysql would be different). Other issues are related to cache directory
>> permissions.
>>
>
> Dominic or Sam may correct me, as they spend more time on the Centos side
> of things, but broadly speaking, it should all work, without the changes
> you describe. Passenger should switch priviledges to the owner of the
> config.ru in the application root (which would be owned by
> foreman:foreman) and thus have access to all the of the application folder.
> I think the focus of the efforts should be on why Passenger isn't doing
> that for you.
>
> If it can't be solved, there's an option in the installer to specify what
> user to run Foreman as - you could try setting that to 'apache'.
>
> Greg
>
