Error directories access

[mtangaro]

Dear onedata developers,
For the ELIXIR-ITALY use case we use Galaxy with Nginx as web server, exploiting the directory named nginx_upload_store, to upload data. During the upload procedure Nginx store data here.
I've created it on my space:

(.venv) [galaxy@galaxy-test galaxy]$ mkdir -p nginx_upload_store
(.venv) [galaxy@galaxy-test galaxy]$ ll
total 0
-rw-rw-r--. 1 1220087 1245641 5 May 23 15:59 ciao.txt
drwxr-xr-x. 1 1220087 1245641 0 May 31 09:49 _conda
drwxr-xr-x. 1 1220087 1245641 0 Jun 1 09:51 database
drwxr-xr-x. 1 1220087 1245641 0 Jun 1 09:51 job_work
drwxrwxr-x. 1 1220087 1245641 0 Jun 1 19:13 nginx_upload_store
-rw-rw-r--. 1 1220087 1245641 6 May 31 15:40 prova
drwxr-xr-x. 1 1220087 1245641 0 May 31 09:37 tool_deps

but running nginx:

`(.venv) [galaxy@galaxy-test galaxy]$ sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2017-06-01 19:12:20 UTC; 7s ago
Process: 12769 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 12768 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: [emerg] mkdir() "/data/galaxy/nginx_upload_store" failed (13: Permission denied)
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it nginx[12769]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: nginx.service: control process exited, code=exited status=1
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: Unit nginx.service entered failed state.
Jun 01 19:12:20 galaxy-test.cloud.ba.infn.it systemd[1]: nginx.service failed.`

For this reason I can't use onedata as storage to upload data.
Do you have any idea to solve this issue?

Best Regards,
Marco.

[luman75]

@mtangaro what is the UID for nginx process you are running. That case seems to be a UID mixup between owner of oneclient and nginx which usually runs on different account

[groundnuty]

@mtangaro can you elaborate a bit more? What is the architecture you are aiming at here?

[mtangaro]

I'm using "galaxy" as default user to run oneclient:

$ ps -aux | grep oneclient
galaxy    6027  1.0 17.9 1263932 367944 ?      Ssl  07:16   2:14 oneclient -H oneprovider-test.cloud.ba.infn.it -t MDAxNWxvY2F00aW9uIG9uZXpvbmUKMDAzYmlkZW500aWZpZXIgdWRJMGlndXgtMXlsUExsRlp3RV9QUTlQSWlBUGlOMnloRS1BajRiUlJidwowMDFhY2lkIHRpbWUgPCAxNTM2NjQ4Nzk2CjAwMmZzaWduYXR1cmUgloMSlNiVepWnNb5tHT2qbFihs1s57X00HmM01mB01cxSJkK /onedata --insecure -o nonempty

$ id -u galaxy
4001
 id -g galaxy
4001

To start nginx I've to user the superuser, of course. Then to use nginx worker I'm using "galaxy":

$ ps -aux | grep nginx
root     30851  0.0  0.1 172900  3084 ?        Ss   10:36   0:00 nginx: master process nginx
galaxy   30852  0.0  0.2 172900  5124 ?        S    10:36   0:00 nginx: worker process

This is the needed configuration to use nginx with the Galaxy workflow manager.

I've create the "nginx_upload_store" directory, on my space, mounted using oneclient using the galaxy user:

drwxrwxr-x 1 786371 1511344     0 Sep 15 10:42 nginx_upload_store/

[mtangaro]

So let me describe what's happening.
Galaxy exploits NGINX upload module, to upload files. Nginx store them in this "nginx_upload_store", then Galaxy move them to its database directory.
So NGINX needs the permissions on "nginx_upload_store" directory. I would avoid to create the nginx_upload_store directory on the VM and then move the files on onedata space.
I can allow you to access to the VM, if you need it.