Kong: Kong fails to start,/usr/local/share/lua/5.1/kong/cmd/start.lua:37: Permission denied

Created on 20 Apr 2019 · 14Comments · Source: Kong/kong

Please read the CONTRIBUTING.md guidelines to learn on which channels you can
seek for help and ask general questions:

https://github.com/Kong/kong/blob/master/CONTRIBUTING.md#where-to-seek-for-help

Summary

SUMMARY_GOES_HERE

Steps To Reproduce

1.kong start -c /etc/kong/kong.conf -v

My roles and databases

postgres=# \l
                                  List of databases
   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   
-----------+----------+----------+-------------+-------------+-----------------------
 kong      | kong     | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 kong1     | jozef    | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 mydb      | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
           |          |          |             |             | postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
           |          |          |             |             | postgres=CTc/postgres

postgres-# \du
                                   List of roles
 Role name |                         Attributes                         | Member of 
-----------+------------------------------------------------------------+-----------
 Ben       |                                                            | {}
 jozef     | Create role, Create DB                                     | {}
 kong      |                                                            | {}
 miki      |                                                            | {}
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}

3.
4.

Additional Details & Logs

Kong version ($ kong version)
1.1.0
Kong debug-level startup logs ($ kong start --vv)

kong start --vv
2019/04/20 08:21:25 [verbose] Kong: 1.1.0
2019/04/20 08:21:25 [debug] ngx_lua: 10013
2019/04/20 08:21:25 [debug] nginx: 1013006
2019/04/20 08:21:25 [debug] Lua: LuaJIT 2.1.0-beta3
2019/04/20 08:21:25 [verbose] reading config file at /etc/kong/kong.conf
2019/04/20 08:21:25 [debug] reading environment variables
2019/04/20 08:21:25 [debug] admin_access_log = "logs/admin_access.log"
2019/04/20 08:21:25 [debug] admin_error_log = "logs/error.log"
2019/04/20 08:21:25 [debug] admin_listen = {"127.0.0.1:8001","127.0.0.1:8444 ssl"}
2019/04/20 08:21:25 [debug] anonymous_reports = true
2019/04/20 08:21:25 [debug] cassandra_consistency = "ONE"
2019/04/20 08:21:25 [debug] cassandra_contact_points = {"127.0.0.1"}
2019/04/20 08:21:25 [debug] cassandra_data_centers = {"dc1:2","dc2:3"}
2019/04/20 08:21:25 [debug] cassandra_keyspace = "kong"
2019/04/20 08:21:25 [debug] cassandra_lb_policy = "RequestRoundRobin"
2019/04/20 08:21:25 [debug] cassandra_port = 9042
2019/04/20 08:21:25 [debug] cassandra_repl_factor = 1
2019/04/20 08:21:25 [debug] cassandra_repl_strategy = "SimpleStrategy"
2019/04/20 08:21:25 [debug] cassandra_schema_consensus_timeout = 10000
2019/04/20 08:21:25 [debug] cassandra_ssl = false
2019/04/20 08:21:25 [debug] cassandra_ssl_verify = false
2019/04/20 08:21:25 [debug] cassandra_timeout = 5000
2019/04/20 08:21:25 [debug] cassandra_username = "kong"
2019/04/20 08:21:25 [debug] client_body_buffer_size = "8k"
2019/04/20 08:21:25 [debug] client_max_body_size = "0"
2019/04/20 08:21:25 [debug] client_ssl = false
2019/04/20 08:21:25 [debug] database = "postgres"
2019/04/20 08:21:25 [debug] db_cache_ttl = 0
2019/04/20 08:21:25 [debug] db_resurrect_ttl = 30
2019/04/20 08:21:25 [debug] db_update_frequency = 5
2019/04/20 08:21:25 [debug] db_update_propagation = 0
2019/04/20 08:21:25 [debug] dns_error_ttl = 1
2019/04/20 08:21:25 [debug] dns_hostsfile = "/etc/hosts"
2019/04/20 08:21:25 [debug] dns_no_sync = false
2019/04/20 08:21:25 [debug] dns_not_found_ttl = 30
2019/04/20 08:21:25 [debug] dns_order = {"LAST","SRV","A","CNAME"}
2019/04/20 08:21:25 [debug] dns_resolver = {}
2019/04/20 08:21:25 [debug] dns_stale_ttl = 4
2019/04/20 08:21:25 [debug] error_default_type = "text/plain"
2019/04/20 08:21:25 [debug] headers = {"server_tokens","latency_tokens"}
2019/04/20 08:21:25 [debug] log_level = "notice"
2019/04/20 08:21:25 [debug] lua_package_cpath = ""
2019/04/20 08:21:25 [debug] lua_package_path = "./?.lua;./?/init.lua;"
2019/04/20 08:21:25 [debug] lua_socket_pool_size = 30
2019/04/20 08:21:25 [debug] lua_ssl_verify_depth = 1
2019/04/20 08:21:25 [debug] mem_cache_size = "128m"
2019/04/20 08:21:25 [debug] nginx_admin_directives = {}
2019/04/20 08:21:25 [debug] nginx_daemon = "on"
2019/04/20 08:21:25 [debug] nginx_http_directives = {}
2019/04/20 08:21:25 [debug] nginx_optimizations = true
2019/04/20 08:21:25 [debug] nginx_proxy_directives = {}
2019/04/20 08:21:25 [debug] nginx_sproxy_directives = {}
2019/04/20 08:21:25 [debug] nginx_stream_directives = {}
2019/04/20 08:21:25 [debug] nginx_user = "nobody nobody"
2019/04/20 08:21:25 [debug] nginx_worker_processes = "auto"
2019/04/20 08:21:25 [debug] origins = {}
2019/04/20 08:21:25 [debug] pg_database = "kong"
2019/04/20 08:21:25 [debug] pg_host = "127.0.0.1"
2019/04/20 08:21:25 [debug] pg_password = "******"
2019/04/20 08:21:25 [debug] pg_port = 5432
2019/04/20 08:21:25 [debug] pg_ssl = false
2019/04/20 08:21:25 [debug] pg_ssl_verify = false
2019/04/20 08:21:25 [debug] pg_timeout = 5000
2019/04/20 08:21:25 [debug] pg_user = "kong"
2019/04/20 08:21:25 [debug] plugins = {"bundled"}
2019/04/20 08:21:25 [debug] prefix = "/usr/local/kong/"
2019/04/20 08:21:25 [debug] proxy_access_log = "logs/access.log"
2019/04/20 08:21:25 [debug] proxy_error_log = "logs/error.log"
2019/04/20 08:21:25 [debug] proxy_listen = {"0.0.0.0:8000","0.0.0.0:8443 ssl"}
2019/04/20 08:21:25 [debug] real_ip_header = "X-Real-IP"
2019/04/20 08:21:25 [debug] real_ip_recursive = "off"
2019/04/20 08:21:25 [debug] ssl_cipher_suite = "modern"
2019/04/20 08:21:25 [debug] ssl_ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
2019/04/20 08:21:25 [debug] stream_listen = {"off"}
2019/04/20 08:21:25 [debug] trusted_ips = {}
2019/04/20 08:21:25 [debug] upstream_keepalive = 60
2019/04/20 08:21:25 [verbose] prefix in use: /usr/local/kong
2019/04/20 08:21:25 [debug] loading subsystems migrations...
2019/04/20 08:21:25 [verbose] retrieving database schema state...
2019/04/20 08:21:25 [verbose] schema state retrieved
2019/04/20 08:21:25 [verbose] preparing nginx prefix directory at /usr/local/kong
2019/04/20 08:21:25 [verbose] could not start Kong, stopping services
2019/04/20 08:21:25 [verbose] stopped services
Error: 
/usr/local/share/lua/5.1/kong/cmd/start.lua:61: /usr/local/share/lua/5.1/kong/cmd/start.lua:37: Permission denied
stack traceback:
    [C]: in function 'error'
    /usr/local/share/lua/5.1/kong/cmd/start.lua:61: in function 'cmd_exec'
    /usr/local/share/lua/5.1/kong/cmd/init.lua:88: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:88>
    [C]: in function 'xpcall'
    /usr/local/share/lua/5.1/kong/cmd/init.lua:88: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:45>
    /usr/local/bin/kong:7: in function 'file_gen'
    init_worker_by_lua:47: in function <init_worker_by_lua:45>
    [C]: in function 'xpcall'
    init_worker_by_lua:54: in function <init_worker_by_lua:52>

Kong error logs (<KONG_PREFIX>/logs/error.log)
Kong configuration (the output of a GET request to Kong's Admin port - see
https://docs.konghq.com/latest/admin-api/#retrieve-node-information)
Operating system
Ubuntu 18.04

Source

MilenkoM

Most helpful comment

@MilenkoM that looks like Postgres log message. Probably nothing bad, and I hardly think it has anything to do with your issues. Did you try:

$ sudo chmod -R 777 /usr/local/kong

Before starting Kong? Also the content of your /usr/local/kong looks a bit strange. Can you try to use other prefix (https://docs.konghq.com/1.1.x/configuration/#prefix)?

bungle on 23 Apr 2019

👍2

All 14 comments

Can you check if this has any effect:
https://github.com/Kong/kong/pull/4506

bungle on 20 Apr 2019

Also do you have /usr/local/kong that is writable? It looks like you do not have correct permissions in KONG_PREFIX.

bungle on 20 Apr 2019

I think so.
root@miki:/usr/local# ls -lia kong
total 76
6554396 drwxr-xr-x 5 root root 4096 апр 19 08:44 .
6553606 drwxr-xr-x 13 root root 4096 апр 19 08:44 ..
6562765 drwxr-xr-x 2 root root 4096 апр 19 08:44 bin
6554732 -rw-r--r-- 1 root root 55501 мар 27 02:09 COPYRIGHT
6554949 drwxr-xr-x 3 root root 4096 апр 19 08:44 include
6562768 drwxr-xr-x 4 root root 4096 апр 19 08:44 lib

On Sat, 20 Apr 2019 at 10:13, Aapo Talvensaari notifications@github.com
wrote:

Also do you have /usr/local/kong that is writable?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/Kong/kong/issues/4529#issuecomment-485068873, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ADGXD6D2TOVPOTJI6S6UOU3PRLGAZANCNFSM4HHJBYTQ
.

MilenkoM on 20 Apr 2019

I am struggling to understand what should I really do. That commit c1fbfa7 puzzles me.

MilenkoM on 20 Apr 2019

How did you install and OS details?

hutchic on 20 Apr 2019

if you want to make quick test, then:
sudo chmod -R 777 /usr/local/kong

There are two users:

the one that starts nginx master process (and start kong)
the one that is used to run nginx workers

bungle on 20 Apr 2019

👍1

forget that commit for now as this is not a pg problem. My mistake.

bungle on 20 Apr 2019

How did you install and OS details?
Ubuntu 18.04. I used the link from the standard repo for Bionic download. After that
sudo dpkg -i kong-community-edition-1.1.0.bionic.all.deb

I edited kong.conf by uncommenting only these lines

database = postgres             

pg_host = 127.0.0.1             
pg_port = 5432                  
pg_timeout = 5000              
pg_user = kong                 
pg_password = mysecretpassword
pg_database = kong

MilenkoM on 20 Apr 2019

I can't reproduce

docker run -d --name kong-database \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
postgres:9.6

curl -L -o kong.deb https://bintray.com/kong/kong-community-edition-deb/download_file?file_path=dists/kong-community-edition-1.1.0.bio
nic.all.deb
dpkg -i kong.deb
apt-get install -f

export POSTGRES_USER=kong
export POSTGRES_DB=kong
kong migrations bootstrap
... SNIP ...
23 migrations processed
23 executed
database is up-to-date
kong start --vv
2019/04/20 12:49:35 [verbose] Kong: 1.1.0
2019/04/20 12:49:35 [debug] ngx_lua: 10013
2019/04/20 12:49:35 [debug] nginx: 1013006
2019/04/20 12:49:35 [debug] Lua: LuaJIT 2.1.0-beta3
2019/04/20 12:49:35 [verbose] no config file found at /etc/kong/kong.conf
2019/04/20 12:49:35 [verbose] no config file found at /etc/kong.conf
2019/04/20 12:49:35 [verbose] no config file, skip loadin
... SNIP ...
2019/04/20 12:49:35 [debug] searching for OpenResty 'nginx' executable
2019/04/20 12:49:35 [debug] /usr/local/openresty/nginx/sbin/nginx -v: 'nginx version: openresty/1.13.6.2'
2019/04/20 12:49:35 [debug] found OpenResty 'nginx' executable at /usr/local/openresty/nginx/sbin/nginx
2019/04/20 12:49:35 [debug] sending signal to pid at: /usr/local/kong/pids/nginx.pid
2019/04/20 12:49:35 [debug] kill -0 `cat /usr/local/kong/pids/nginx.pid` >/dev/null 2>&1
2019/04/20 12:49:35 [debug] starting nginx: /usr/local/openresty/nginx/sbin/nginx -p /usr/local/kong -c nginx.conf
2019/04/20 12:49:35 [debug] nginx started
2019/04/20 12:49:35 [info] Kong started

System information

root@ip-172-31-24-121:/# lsb_release -a
LSB Version:    core-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic
root@ip-172-31-24-121:/# uname -a
Linux ip-172-31-24-121 4.4.0-1079-aws #89-Ubuntu SMP Tue Mar 26 15:25:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

hutchic on 20 Apr 2019

I believe this is a duplicate and your problem would be resolved with the suggestions here: https://github.com/Kong/kong/issues/2690#issuecomment-314457853

hutchic on 20 Apr 2019

2019-04-20 17:34:34.005 CEST [1400] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2019-04-20 17:34:34.006 CEST [1400] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2019-04-20 17:34:34.039 CEST [1419] LOG:  database system was shut down at 2019-04-20 13:55:55 CEST
2019-04-20 17:34:34.054 CEST [1400] LOG:  database system is ready to accept connections
2019-04-20 17:34:34.574 CEST [1708] [unknown]@[unknown] LOG:  incomplete startup packet

Output root@miki:/var/log/postgresql#

What does unknown mean?

MilenkoM on 20 Apr 2019

@MilenkoM that looks like Postgres log message. Probably nothing bad, and I hardly think it has anything to do with your issues. Did you try:

$ sudo chmod -R 777 /usr/local/kong

Before starting Kong? Also the content of your /usr/local/kong looks a bit strange. Can you try to use other prefix (https://docs.konghq.com/1.1.x/configuration/#prefix)?

bungle on 23 Apr 2019

👍2

I changed permissions now,works perfect.
sudo chmod -R 777 /usr/local/kong

You can close the issue.

MilenkoM on 24 Apr 2019

👍1

Just want to say thank you guys. This fixed issue I had with Kong were not able to load AdminAPI for my plugin, even though Luarock package and module was installed properly.