I’m trying to write my first NixOS service definition, and am hitting a wall. As a quick overview, I am trying to run the gns3server and have been referencing the upstream systemd config. I can run my server as my normal user, both from the shell and as a systemd unit. When I attempt to set the systemd user to a “dedicated” user for this service I get failures indicating the users’ home directory is not writable, but when I ls -la this same directory it appears the permissions are correct.
INFO run.py:221 Copyright (c) 2007-2020 GNS3 Technologies Inc.
INFO run.py:224 Config file /nix/store/83iwwyml1pl9pridm6c2x4r5424yix6k-gns3Config.ini loaded
INFO run.py:245 Running with Python 3.7.6 and has PID 5720
INFO run.py:79 Current locale is en_US.UTF-8
INFO web_server.py:294 Starting server on 0.0.0.0:3080
ERROR symbols.py:117 Could not create symbol directory '/srv/gns3/gns3Server/GNS3/symbols': [Errno 13] Permission denied: '/srv/gns3/gns
INFO __init__.py:62 Load controller configuration file /nix/store/gns3_controller.conf
INFO __init__.py:66 Controller is starting
CRITICAL web_server.py:87 Could not start the server: [Errno 13] Permission denied: '/srv/gns3/gns3Server'
Nov 22 14:31:06 larry-server systemd[1]: gns3Server.service: Succeeded.
sudo ls -la /srv/gns3 shows:
drwx------ 2 gns3 gns3 4096 Nov 22 14:34 gns3Server
Is there something basic I’m missing? if the gns3 user is the owner and has write permissions, why can’t it create directories in there?
Any help appreciated, I’ve been banging my head against this for hours and am pretty sure there’s something fundamental I’m missing…
Difficult to say exactly without seeing your configuration file. There are a number of paths you can set in the configuration file, so we would need to see what you’ve done there. If you haven’t set any paths then maybe default values are causing some troubles. Just an idea.
Config file is pretty bare-bones and just a placeholder for now:
[server]
host = 0.0.0.0
port = 5555
I don’t think it’s related, because when I change the user in the systemd config to “my” user it works (so same config), and the logs tell me exactly which path has a permissions issue which I check with ls -la
@nixinator:
Thanks for letting me know PermissionsStartOnly is deprecated. Since I’m no longer running an ExecPreStart phase, it should be redundant at this point and I should remove it. The discussion you linked turned me on to systemd.tmpfiles.rules which seems like a good thread for me to pull on as well.
@freezeboy:
The file in the nix/store that doesn’t have a hash is also an good observation, I don’t know what that config file is but it’s separate from the one I’m passing in. I wonder if I need to set a path in the config I provide gns3server to control that path. Thanks for pointing it out.
@nobbz
I’ll check the permissions of /srv/ and /srv/gns3 when I have access to the machine next. I let nixosusers.users.createHome create those directories, so they should be whatever the defaults are in nixos.
I really appreciate everyone’s input, I’ll reply with where these ideas lead me as soon as I can!
total 12
drwxr-xr-x 3 root root 4096 Nov 22 14:34 .
drwxr-xr-x 17 root root 4096 Nov 22 14:34 ..
drwx------ 3 root root 4096 Nov 22 14:34 gns3
@nixinator:
Removing the PermissionsStartOnly makes no difference (as expected).
@freezeboy:
I’m still looking for more details on that configuration file, so far haven’t been able to dig up much. That file does not exist in the nix store obvously, and upon closer inspection of the logs when I run as “my” user, this does create an error - but the service seems to start up anyway. When I try to start the server from my shell, it looks for this controller config in ~/.confg/gns3 which is not a path I set up explicitly.
I also came across this issue, which seems to imply that GNS3 infers where to find this gns3_controller.conf based on the path of the configuration file passed to it, which may explain why it looks in the nix store.
Woo! That does seem to get me further thanks. Do you know how to get nixos to generate these folders with these permissions applied when the user is created?
So I’ve got this “working” to some extent. @aanderse’s suggestion to use systemd.tmpfiles.rules was very helpful, once I did that I was able to overcome the permissions issue and have the required paths created for me by a nixos rebuild.
With that resolved, the second problem I hit was the strange config file with no hash in the nix store which @freezeboy noted. Based on this I think that gns3server infers where the controller config should be based on the path of the server config. Since I was writing my server config to the nix store and passing it in, gns3server tried to find the controller config there. The answer again was to use systemd.tmpfiles.rules and copy the config file into the desired /srv/gns3/gns3Server/ path. Symlinking might work just as well, but I didn’t try that. Tried it and it works fine.
With that all done, I can get the server to start and can successfully connect to it from a remote gns3 client. However, I haven’t been able to really test it. Anytime I try to import an appliance in the gui, the client crashes. @nixinator it seems you may have some experience with gns3 on Nixos, are you aware of this issue or do you know a workaround?
My current (hacky) config is below. Once I can get a client working to test it, I think it would be fairly straightforward for me to cleanup/modularize it based on other services in nixpkgs and put a pull request together for broader feedback.
mainly permission problems when running gns3 in a nix-shell. Gns3 seems like a ‘drive by commit’.
I appreciate you efforts trying to get it running as a module, send me your best working test module PR, and i’ll try it out here, and do some testing and debug for you.
It certainly worth doing.