Run gunicorn like service - gunicorn

I want configure gunicorn in a service.
I have this configuration for the service :
[Unit]
Description=test
[Service]
WorkingDirectory=/var/www/cmdb
Type=forking
Restart=always
ExecStart=/var/www/test/bin/gunicorn --workers=4 --bind=0.0.0.0:8080 test.wsgi:application
[Install]
WantedBy=multi-user.target
My problem is that it doesn't run. I have this error when I start the service :
gunicorn.service: Main process exited, code=exited, status=203/EXEC
gunicorn.service: Unit entered failed state.
gunicorn.service: Failed with result 'exit-code'.
gunicorn.service: Start request repeated too quickly.
I don't find the mistakes in my configuration. Does someone have an idea ?

Assuming that you're running in a virtualenv, the gunicorn bin should be something like this:
/var/www/cmdb/venv/bin/gunicorn
Instead of
/var/www/test/bin/gunicorn
Anyway, I use something like this in my system and it work fine:
[Unit]
Description = SampleApp
After = network.target
[Service]
PIDFile = /run/cmdb/cmdb.pid
WorkingDirectory = /var/www/cmdb
ExecStartPre = /bin/mkdir /run/cmdb
ExecStart = /var/www/cmdb/venv/bin/gunicorn test.wsgi:application -b 0.0.0.0:8000 --pid /run/cmdb/cmdb.pid
ExecReload = /bin/kill -s HUP $MAINPID
ExecStop = /bin/kill -s TERM $MAINPID
ExecStopPost = /bin/rm -rf /run/cmdb
[Install]
WantedBy = multi-user.target
Note: this example use the root as the app user. I do recommend use an user to your app, with restricted permissions.

Related

Failed to start gunicorn.service: Unit gunicorn.service is masked

I am trying to deploy django web application on alibabacloud everything seems to be working perfectly(running gunicorn --bind 0.0.0.0:8000 project_name.wsgi on virtual environment)
Then after deactivating the virtual environment and setting up
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=admin
Group=www-data
WorkingDirectory=/home/admin/project_name
ExecStart=/home/admin/project_name/myprojectenv/bin/gunicorn --access-logfile - --workers 3 --bind
unix:/home/admin/project_name/project_name.sock project_name.wsgi:application
in /etc/systemd/system/gunicorn.service
then running sudo systemctl start gunicorn I keep getting the error
Failed to start gunicorn.service: Unit gunicorn.service is masked.
Please how can I fix this?
I have tried systemctl unmask gunicorn.socket but it keeps showing me the error
Unit gunicorn.socket does not exist, proceeding anyway.
Failed to unmask unit: The name org.freedesktop.PolicyKit1 was not provided
by any .service files

systemd podman This usually indicates unclean termination of a previous run, or service implementation deficiencies

I am running container with systemd/pod, when I want to deploy new image tag. stopping service, updating the service file and starting. but container failed to start.
systemd file.
[Unit]
Description=hello_api Podman Container
After=network.target
[Service]
Restart=on-failure
RestartSec=3
ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
ExecStartPre=-/usr/bin/podman rm hello_api
ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid -d -h modelenv \
--name hello_api --rm --ulimit=host -p "8001:8001" -p "8443:8443" 7963-hello_api:7.8
ExecStop=/usr/bin/sh -c "/usr/bin/podman rm -f `cat /%t/%n-cid`"
KillMode=none
Type=forking
PIDFile=/%t/%n-pid
[Install]
WantedBy=default.target
here is error message.
May 21 10:41:43 webserver systemd[1471]: hello_api.service: Found left-over process 22912 (conmon) in control group while starting unit. Ignoring.
May 21 10:41:43 webserver systemd[1471]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 21 10:41:43 webserver systemd[1471]: hello_api.service: Found left-over process 22922 (node) in control group while starting unit. Ignoring.
May 21 10:41:43 webserver systemd[1471]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 21 10:41:43 webserver systemd[1471]: hello_api.service: Found left-over process 22960 (node) in control group while starting unit. Ignoring.
May 21 10:41:43 webserver systemd[1471]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
May 21 10:41:44 webserver podman[24565]: 2020-05-21 10:41:44.586396547 -0400 EDT m=+1.090025069 container create 28eaf881f532339766cc96ec27a69d8ad588e07d4bfc70e65e7c54e8a5082933 (image=7963-hello_api:7.8, name=hello_api)
May 21 10:41:45 webserver podman[24565]: Error: error from slirp4netns while setting up port redirection: map[desc:bad request: add_hostfwd: slirp_add_hostfwd failed]
May 21 10:41:45 webserver systemd[1471]: hello_api.service: Control process exited, code=exited status=126
May 21 10:41:45 webserver systemd[1471]: hello_api.service: Failed with result 'exit-code'.
May 21 10:41:45 webserver systemd[1471]: Failed to start call_center_hello_api Podman Container.
why its giving this error, is there option to cleanly exit the old container?
I think we followed the same tutorial here: https://www.redhat.com/sysadmin/podman-shareable-systemd-services
"It’s important to set the kill mode to none. Otherwise, systemd will start competing with Podman to stop and kill the container processes. which can lead to various undesired side effects and invalid states"
I'm not sure if the behavior changed, but I removed the KillMode=none causing it to use the default KillMode=control-group. I have not had any problems managing the service since. Also, I removed the / from some of the commands because it was being duplicated:
ExecStartPre=/usr/bin/rm -f //run/user/1000/registry.service-pid //run/user/1000/registry.service-cid
It's now:
ExecStartPre=/usr/bin/rm -f /run/user/1000/registry.service-pid /run/user/1000/registry.service-cid
The full service file I use for running a docker registry:
[Unit]
Description=Image Registry
[Service]
Restart=on-failure
ExecStartPre=-/usr/bin/podman volume create registry
ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
ExecStart=/usr/bin/podman run --conmon-pidfile %t/%n-pid --cidfile %t/%n-cid -d -p 5000:5000 -v registry:/var/lib/registry --name registry docker.io/library/registry
ExecStop=/usr/bin/sh -c "/usr/bin/podman rm -f `cat %t/%n-cid`"
Type=forking
PIDFile=/%t/%n-pid
[Install]
WantedBy=multi-user.target

gunicorn daemon (active: failed) / curl(56) Recv Failure: Connection reset by peer

First thing, I am not sure if this is better here or on ask ubuntu (ubuntu did not have a 'gunicorn' tag so I think i'm in the right place). If it is not appropriate here just drop it in the comments and I'll close it.
I am following a digitalocean tutorial on deployment(https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04).I am up to gunicorn set up. I'm at my wits end trying to get this gunicorn to work, so I have come here. Anything in quotes is the name of the current section in the article. I got up to "Checking for the Gunicorn Socket File" and "check for the existence of the gunicorn.sock file within the /run directory:" before failure.
Check for socket file:
sudo systemctl status gunicorn.socket returns
Failed to dump process list, ignoring: No such file or directory
● gunicorn.socket - gunicorn socket
Loaded: loaded (/etc/systemd/system/gunicorn.socket; enabled; vendor pres
Active: active (listening) since Fri 2020-02-21 21:34:06 UTC; 1min 8s ago
Listen: /run/gunicorn.sock (Stream)
CGroup: /system.slice/gunicorn.socket
Check for existence of gunicorn.sock:
file /run/gunicorn.sock
output: /run/gunicorn.sock: socket
Upon "Testing socket activation", it fails:
sudo systemctl status gunicorn
output:
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service;
Active: failed (Result: exit-code) since Fri 2020-02-
Main PID: 15708 (code=exited, status=217/USER)
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: S
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[15708
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[15708
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: g
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: g
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: g
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: g
Feb 21 21:32:39 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: F
lines 1-13/13 (END)
It says to test socket activation, do the following:
curl --unix-socket /run/gunicorn.sock localhost
output(says I should see HTML):
curl: (56) Recv failure: Connection reset by peer
Not sure if I provided enough info. Below I will include my gunicorn.socket and gunicorn.service files as well as the layout of directories on my server.
gunicorn.socket:
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=/run/gunicorn.sock
[Install]
WantedBy=sockets.target
gunicorn.service:
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=justin
Group=www-data
WorkingDirectory=/home/justin/project
ExecStart=/home/justin/project/env/bin/gunicorn \
--access-logfile - \
--workers 3 \
--bind unix:/run/gunicorn.sock \
jobzumo.wsgi:application
[Install]
WantedBy=multi-user.target
Layout of server/project:
home/justin/project/
This project/ folder contains env(env/bin/gunicorn does exist), jobzumo(django project), manage.py and static.
The only thing I am thinking is that I may have created these gunicorn files while using root and now I am trying to modify them using the user justin? Not really sure what is going on here. If I did not provide enough info or if you need me to run any type of debug commands please let me know. Thanks for any help.
I had the exact same propblem following this tutorial. OP's answer did not help in my case but I found a solution here. Maybe it helps others stubmling over this.
Many thanks to RussellMolimock for the following comment, which I found there!
"Go back into your virtualenv with source
[your_project_env]/bin/activate and enter which gunicorn That will
return the path to your gunicorn exectuable.
Paste that into the path section of the ‘ExecStart’ value inside the
’/etc/systemd/system/gunicorn.service’ file, and run the ‘sudo
systemctl daemon-reload’ and 'sudo systemctl restart gunicorn’
commands to restart your daemon and try curling again with curl
–unix-socket /run/gunicorn.sock localhost
I hope this helps!"
I had to run the following two commands:
sudo ufw delete allow 8000
sudo ufw allow 'Nginx Full'
and now everything is working. Apparently this opens my firewall up to port 80. Not sure why as I don't specify port 80 there, but it is working.
I faced this error because Gunicorn was not able to read the environment variables. This helped me in defining the environment variables for Gunicorn.
I deleted the whole project folder in Ubuntu (home/user/project) and restarted from the beginning, and it worked. I have tried multiple solutions on the Internet, restarting the daemon and changing the path of gunicorn, all fail.

Fedora26 Systemd script not get executed

I created a simple systemd unit file(sysupdate.service) with following content to automate system updates, but got frustrated by complexity.
/etc/systemd/system/sysupdate.service:
[Unit]
Description=update system preferably after dnfdragora finished checking update
After=syslog.target network.target network-online.target auditd.service
[Service]
StandardInput=null
ExecStart=/mnt/0/sysupdate.sh
[Install]
WantedBy=multi-user.target
sysupdate.sh:
#!/bin/sh
exec &>> /mnt/0/sysupdate.log
echo $(date)
sudo dnf upgrade -y
echo '$?':$?
sudo youtube-dl -U
echo '$?':$?
sudo systemctl stop bluetooth.service
sudo systemctl disable bluetooth.service
sudo systemctl status bluetooth.service
echo '$?':$?
echo $(date)
The normal user has write privilege inside /mnt/0/.
sysupdate.sh was set "chmod uo+x".
Every time I commented out "service Type", "After" or "user" in service file, I always do:
sudo systemctl daemon-reload
The expected log file "/mnt/0/sysupdate.log" never gets created.
Why such simple automation is so difficult to get done?!
Latest status:
Even I executed as root the 2 lines of code given by "journalctl -xe":
SELinux is preventing (pdate.sh) from execute access on the file sysupdate.sh.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that (pdate.sh) should be allowed execute access on the sysupdate.sh file by defa
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(pdate.sh)' --raw | audit2allow -M my-pdatesh
# semodule -X 300 -i my-pdatesh.pp
There's still permission denied error in journal log.
I temporarily got it work by setting SELinux permissive.

MySql/MariaDB cannot change default datadir on Debian 9.1 server

I have a problem to move the default datadir of Maria DB to another partition, it appears to be very common but i tried everything I can without luck.
Mysql is installed as Mariadb 10.1.26 with the default debian package (apt-get install mysql-server) on a Debian 9.1 (stretch) server, mysqld -v returns mysqld 10.1.26-MariaDB-0+deb9u1
Default_mysql_datadir : /var/lib/mysql
New_mysql_datadir : /home/mysql
/var/lib/mysql is mounted to "/" (/dev/md3)
/home/mysql is mounted to "/home" (/dev/md4)
What I've tried
# systemctl stop mysql
# mv /var/lib/mysql /home
Change datadir in /etc/mysql/my.cnf
# datadir = /home/mysql
Check if the rights/permissions are ok
# chown -R mysql.mysql /home/mysql
apparmor is NOT installed nor running on the system though the /etc/apparmor.d/usr.sbin.mysqld file is existing with the following rules :
/home/mysql/ r,
/home/mysql/** rwk,
I even tried to create and empty /var/lib/mysq folder refering to this bug
But when I start I always get the same error :
# systemctl start mysql
[Warning] Can't create test file /home/mysql/<user>.lower-test
#007/usr/sbin/mysqld: Can't change dir to '/home/mysql/' (Errcode: 13 "Permission denied") 2017-09-07 0:16:59 140119808397888 [ERROR] Aborting
mariadb.service: Main process exited, code=exited, status=1/FAILURE
Failed to start MariaDB database server.
mariadb.service: Unit entered failed state.
mariadb.service: Failed with result 'exit-code'.
Any suggestion ?
Thanks
Services started by Systemd have additional filesystem restrictions imposed by systemd.
It should be possible to provide values to systemd [Service] directives ProtectHome= and/or ProtectSystem= and/or ReadWritePaths= to resolve this issue.
I have similar problem:
When I start the mysql services a message is shown:
Job for mariadb.service failed because the control process exited with error code.
See "systemctl status mariadb.service" and "journalctl -xe" for details.
if I change the datadir from /etc/mysql/my.cnf again as default; np