[RPKI] "Permission denied (13)" rsync errors
Compton, Rich A
Rich.Compton at charter.com
Thu Mar 5 00:07:08 UTC 2020
OK, I figured out what the issue is. It's SELinux that is was not permitting rsync to access that directory. I executed the command "sudo semanage permissive -a rsync_t" and it seems to have resolved the issue. Thanks for your help!
On 3/4/20, 10:39 AM, "RPKI on behalf of Compton, Rich A via RPKI" <rpki-bounces at lists.nlnetlabs.nl on behalf of rpki at lists.nlnetlabs.nl> wrote:
Hi, here are the log entries that have "rsync" in them after switching to -vv:
sudo grep routinator /var/log/messages | grep rsync | grep 'Mar 4 17:35:'
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsyncing from rsync://rpki.afrinic.net/repository/.
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsyncing from rsync://rpki.apnic.net/repository/.
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: Running command "rsync" "--contimeout=10" "--timeout=300" "-rltz" "--delete" "rsync://rpki.afrinic.net/repository/" "/home/routinator2/.rpki-cache/repository/rsync/rpki.afrinic.net/repository/"
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository: Running command "rsync" "--contimeout=10" "--timeout=300" "-rltz" "--delete" "rsync://rpki.apnic.net/repository/" "/home/routinator2/.rpki-cache/repository/rsync/rpki.apnic.net/repository/"
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: failed with status exit code: 10
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: rsync: failed to connect to rpki.afrinic.net (2001:42d0:af00:604::52): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: rsync: failed to connect to rpki.afrinic.net (2001:42d0:0:201::26): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: rsync: failed to connect to rpki.afrinic.net (196.216.2.26): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: rsync: failed to connect to rpki.afrinic.net (196.192.115.52): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository: rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.afrinic.net/repository/AfriNIC.cer: not found in local repository
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsyncing from rsync://repository.lacnic.net/rpki/.
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: Running command "rsync" "--contimeout=10" "--timeout=300" "-rltz" "--delete" "rsync://repository.lacnic.net/rpki/" "/home/routinator2/.rpki-cache/repository/rsync/repository.lacnic.net/rpki/"
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository: failed with status exit code: 10
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository: rsync: failed to connect to rpki.apnic.net (2001:dd8:9:2::101:18): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository: rsync: failed to connect to rpki.apnic.net (203.119.101.18): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository: rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer: not found in local repository
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsyncing from rsync://rpki.ripe.net/ta/.
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta: Running command "rsync" "--contimeout=10" "--timeout=300" "-rltz" "--delete" "rsync://rpki.ripe.net/ta/" "/home/routinator2/.rpki-cache/repository/rsync/rpki.ripe.net/ta/"
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta: failed with status exit code: 10
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta: rsync: failed to connect to rpki.ripe.net (2001:67c:2e8:22::c100:68a): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta: rsync: failed to connect to rpki.ripe.net (193.0.6.138): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta: rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer: not found in local repository
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsyncing from rsync://rpki.arin.net/repository/.
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: Running command "rsync" "--contimeout=10" "--timeout=300" "-rltz" "--delete" "rsync://rpki.arin.net/repository/" "/home/routinator2/.rpki-cache/repository/rsync/rpki.arin.net/repository/"
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: failed with status exit code: 10
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (2001:500:31::150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (2001:500:13::150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (2001:500:a9::150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (199.5.26.150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (199.212.0.150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync: failed to connect to rpki.arin.net (199.71.0.150): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository: rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://rpki.arin.net/repository/arin-rpki-ta.cer: not found in local repository
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: failed with status exit code: 10
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (2001:13c7:7002:4128::137): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (2001:13c7:7002:4128::185): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (2001:13c7:7002:4128::136): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (200.3.14.137): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (200.3.14.185): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync: failed to connect to repository.lacnic.net (200.3.14.136): Permission denied (13)
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki: rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
Mar 4 17:35:33 rpki-validator4 routinator[13655]: rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer: not found in local repository
On 3/4/20, 10:17 AM, "Martin Hoffmann" <martin at nlnetlabs.nl> wrote:
Compton, Rich A wrote:
> Hi, yes, all outbound traffic is permitted. The rsync commands when
> launched by routinator seem to work fine when I start it from the
> command line but the rsync commands get that error “Permission denied
> (13)” and seem to fail when routinator is launched by systemd.
Hm. Could you change the '-v' in your ExecStart line to '-vv' and post
the log content for one of those rsync runs? Not sure if this is to do
with Centos’ systemd or if we are overlooking something here ...
Kind regards,
Martin
>
> From: Martin Hoffmann <martin at nlnetlabs.nl>
> Date: Wednesday, March 4, 2020 at 4:23 AM
> To: "Compton, Rich A" <Rich.Compton at charter.com>
> Cc: Alex Band <alex at nlnetlabs.nl>, "rpki at lists.nlnetlabs.nl"
> <rpki at lists.nlnetlabs.nl> Subject: Re: [RPKI] "Permission denied
> (13)" rsync errors
>
> Hi Rich!
>
>
> On 3 Mar 2020, at 23:52, Compton, Rich A via RPKI
> <rpki at lists.nlnetlabs.nl<mailto:rpki at lists.nlnetlabs.nl>> wrote:
>
> Hi, yeah, I am starting routinator with a systemd script on Centos7.
> I think there is an issue with the rsync commands that are launched
> by routinator that prevent rsync from successfully putting files into
> the ".rpki-cache/repository/" directories.
>
> From your errors, RRDP works fine, so permission in that directory
> shouldn’t be the error.
>
> Rsync seems to complain about socket errors and not being allowed to
> connect. This may be a firewall issue. Rsync uses port 873. Is your
> machine allowed to connect out for that?
>
> Kind regards,
> Martin
>
>
> E-MAIL CONFIDENTIALITY NOTICE:
> The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or
> legally privileged information. If you are not the intended recipient
> of this message or if this message has been addressed to you in
> error, please immediately alert the sender by reply e-mail and then
> delete this message and any attachments. If you are not the intended
> recipient, you are notified that any use, dissemination,
> distribution, copying, or storage of this message or any attachment
> is strictly prohibited.
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
--
RPKI mailing list
RPKI at lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/rpki
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
More information about the RPKI
mailing list