[SOLVED] Redis-server[xxx]: Can't open the log file: Read-only file system

Hello everyone,

I’m facing an unusual issue. I recently moved my Yunohost into an LXC container (where the create/restore backup commands worked like a charm, BTW) and I now get an error “Service redis-server is failed” in the diagnosis.

I observe the error when I try to:

  yunohost service restart redis-server

I get:

  redis-server[xxx]: *** FATAL CONFIG FILE ERROR ***
  redis-server[xxx]: Reading the configuration file, at line 171
  redis-server[xxx]: >>> 'logfile /var/log/redis/redis-server.log'
  redis-server[xxx]: Can't open the log file: Read-only file system

I believe my problem is not related to Yunohost but to my configuration of the container. I just hope someone here has been crazy enough to also install its Yunohost into a container and has encountered the same problem. If so, some help would be appreciated…

Thank you!
(Because I cannot install nextcloud as it must interact with redis-server.)

alb

Ps: maybe some useful informations as follows.

In the container:

# sed -n '171p' /etc/redis/redis.conf
logfile /var/log/redis/redis-server.log
# ls -l /var/log/ | grep redis
drwxr-s---  2 redis         adm         4096 Sep 18 11:50 redis
# grep ReadWriteDirectories /etc/systemd/system/redis.service
ReadWriteDirectories=-/var/lib/redis
ReadWriteDirectories=-/var/log/redis
ReadWriteDirectories=-/var/run/redis
ReadWriteDirectories=-/etc/redis
# mount | grep 'ro,'
proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
none on /proc/sys/kernel/random/boot_id type tmpfs (ro,nosuid,nodev,noexec,relatime,size=492k,mode=755)
# yunohost --version
yunohost:
  repo: stable
  version: 4.2.8.3
yunohost-admin:
  repo: stable
  version: 4.2.5
moulinette:
  repo: stable
  version: 4.2.4
ssowat:
  repo: stable
  version: 4.2.4

In the host:

$ uname -srvmo
Linux 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 GNU/Linux
$ man lxc | grep Version
Version 4.0.6                      2021-06-11                            lxc(7)

Note, here I removed the ip addresses:

$ cat /var/lib/lxc/yunohost/config

lxc.start.auto = 0

# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch    = linux64

# Container specific configuration
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.rootfs.path      = dir:/var/lib/lxc/yunohost/rootfs
lxc.uts.name         = yunohost

# Network configuration
lxc.net.0.type   = veth
lxc.net.0.link   = br0
lxc.net.0.flags  = up
lxc.net.0.hwaddr = ca:fe:ba:be:00:02
# ipv4:
lxc.net.0.ipv4.address = IPV4_PREFIX.2
lxc.net.0.ipv4.gateway = IPV4_PREFIX.1
# ipv6:
lxc.net.0.ipv6.address = IPV6_PREFIX::2
lxc.net.0.ipv6.gateway = IPV6_PREFIX::1

EDIT:

Hello everyone,

I came up with a dirty fix for this issue. I explain it here but I am pretty sure that this is not the appropriate solution.
If anyone has a better fix, I would be happy to know about it.

In the container:

I edited the following systemd configuration file for redis, and commented the line containing ReadOnlyDirectories=/.

vim /lib/systemd/system/redis-server.service
# comment the line "ReadOnlyDirectories=/"

Then I reloaded the deamon for systemd so that the changes are taken into account, and I restarted the service.

sudo systemctl daemon-reload
sudo systemctl restart redis-server.service

On the one hand, this allowed service redis-server to run and nextcloud to be installed properly.

On the other hand, well…

  1. This may cause problems as it feels like redis-server can now write at locations it is not supposed to. Also this may cause security issues (that I am not aware of) if someone can use redis-server to write at these locations.

  2. It feels like an upgrade of yunohost might overwrite file /lib/systemd/system/redis-server.service and the problem might appear again.

Conclusion:

If you have a better fix for this, feel free to share it with me and I will update this (closed) post again. In the meantime, I solved the issue, but I probably caused other problems.

alb

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.