Cache permissions error when deploying with Capifony

Question

When I deploy with Capifony a Symfony2 project I get this error message in apache log when accessing a webpage:

PHP Fatal error: Uncaught exception 'RuntimeException' with message 'Failed to write cache file "/var/deploys/acme/releases/20150219150638/app/cache/prod/classes.php"

In order to avoid this, each time I deploy I have to execute chmod 777 -R cache for fixing the permissions, which doesn't seem to me like a good solution.

The cache is set in the writable_dirs option, so I don't know exactly why it gives a permissions error:

set :writable_dirs, ["app/cache", "app/logs", "app/sessions"]

I have the following deploy.rb configuration:

set :stages,        %w(production staging)
set :default_stage, "staging"
set :stage_dir,     "app/config"
require 'capistrano/ext/multistage'

set :application, "Api"
set :domain,      "<my_domain>"
set :deploy_to,   "/var/deploys/acme.com"
set :app_path,    "app"

set :repository,  "git@bitbucket.org:acme/api.git"
set :scm,         :git

set :model_manager, "doctrine"
# Or: `propel`

role :web,        domain
role :app,        domain, :primary => true

set  :keep_releases,  3

# Be more verbose by uncommenting the following line
logger.level = Logger::MAX_LEVEL

# Other options
set :user, "root"
set :use_sudo, false

# Symfony2 specific configuration
set :shared_files, ["app/config/parameters.yml"]
set :shared_children, [app_path + "/logs", web_path + "/uploads", "vendor"]
set :use_composer, true
set :update_vendors, true 
set :writable_dirs, ["app/cache", "app/logs", "app/sessions"]
set :webserver_user, "www-data"
set :permission_method, :chown
set :use_set_permissions, true
set :assets_install, true
set :dump_assetic_assets, true

task :upload_parameters do
  origin_file = "app/config/parameters.yml"
  destination_file = shared_path + "/app/config/parameters.yml"

  try_sudo "mkdir -p #{File.dirname(destination_file)}"
  top.upload(origin_file, destination_file)
end

after "deploy:setup", "upload_parameters"

UPDATE

The cache folder has the following permissions when deployed:

drwxrwxrwx 3 root root 4096 Feb 20 13:13 cache

Inside the cache folder, a prod folder is also created with these permissions:

drwxrwxr-x 7 root root 4096 Feb 20 13:13 prod

UPDATE 2

I use root as user because in the server the user root has my public ssh key. If I set another user in the config, it asks me for root password when deploying. However I have set the webserver_user variable in my config above. Also the user root it's not in the group www-data, should it be?

My capifony version it's 2.8.3. Here is an example of command it executes when setting permissions if chmod_alt is selected as settings permissions method:

getfacl --absolute-names --tabular ...

This error is also generated if I have chmod as setting permissions method.

Although the previous command gives an error, I think the command that provokes the roll back (with chmod_alt) is this one:

`echo stat /var/deploys/acme.devel/releases/20150226123037/app/sessions -c %U`

It generates the following error message (after which it makes a rollback):

cannot stat `/var/deploys/acme.devel/releases/20150226123037/app/sessions': 
No such file or directory

Which owner, group and permissions you have on `cache` directory before running `chmod 777 -R cache` ? — Hpatoio, Feb 20 '15 at 11:10
Don't deploy with `root` user!!!! Use a custom user that is in the same user group of the web server. — Matteo, Feb 20 '15 at 13:24
I'm deploying at the moment with another user that is part of the www-data group but the problem remains the same. — rfc1484, Feb 26 '15 at 15:37
Well, just to be sure. Does `/app/sessions` exists ? I mean, is in the repo ? — Hpatoio, Feb 26 '15 at 15:53

score 1 · Accepted Answer · answered Feb 27 '15 at 08:26

1

I have set the following parameters in my deploy.rb in order to make it work:

set :use_sudo, true
default_run_options[:pty] = true

And I have removed app/sessions from writable dirs option:

set :writable_dirs, ["app/cache", "app/logs"]

answered Feb 27 '15 at 08:26

rfc1484

9,441
16
72
123

score 0 · Answer 2 · answered Feb 20 '15 at 10:05

0

If you are using linux you could try to configure ACL for these directories to not override them each time you deploy.

See "Setting up Permissions" Part in installation documentation

I prefer method like

$ sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
$ sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs

answered Feb 20 '15 at 10:05

ScayTrase

1,810
23
36

I understand that. But Capifony it supposed to do that automatically for you, each time a deployment is made, a new deployment folder is created, so I would be applying manually permissions many times. In any case my host OS (debian 7), does not support acl permissions. – rfc1484 Feb 20 '15 at 10:17
1

The problem is that you are trying to create content (cache, log files) from one user (deployer) and access and modify it from another (web server). And just writeable dir is not enough, each created file by deployer should be accessible by web server. The last action symfony usually do is assets installation and cache warming which occurs after permissions changes as far as I see. This may lead to permissions error – ScayTrase Feb 20 '15 at 10:19
And to be clear, ACL is not problem of distributive, but of FS. you should just remount (no downtime required) your fs with acl options to make it acl capable – ScayTrase Feb 20 '15 at 10:21
You are quite right about ACL, however Capifony supports three permissions methods (chown, chmod and ACL). In my case I use chown (chmod gave me an error) and I think there should be some way to make it work with that permission method (although I'm not sure of course). I would like to avoid messing with the FS if possible. – rfc1484 Feb 20 '15 at 10:39
chmod can give you an error if you are giving wrong rights. chowning to web server users is more reliable, yes. I prefer chown too, and I make it last operation of the deployment (not capifonym but it does not matter) to make all files operable by web server user – ScayTrase Feb 20 '15 at 10:48

score 0 · Answer 3 · answered Feb 20 '15 at 13:51

0

Your system probably doesn't support chmod +a. Try using:

set :permission_method, :chmod_alt

answered Feb 20 '15 at 13:51

Hpatoio

1,785
1
15
22

Sorry for my late answer. It didn't work. If I use `:chmod_alt` it gives me `ACL` related error messages and it makes a deploy rollback. Error message example: `sh: 1: getfacl: not found` – rfc1484 Feb 25 '15 at 15:29
Why do you deploy as `root` ? Is the user `root` in the group `www-data` ? – Hpatoio Feb 25 '15 at 15:44
BTW which version of capifony do you have ? As you can see from here: https://github.com/everzet/capifony/blob/master/lib/symfony2/deploy.rb#L30 `chmod_alt` use a simple `chmod` so I don't understand from where `getfacl` comes from. – Hpatoio Feb 25 '15 at 15:49
I've updated the question with clarifications about your comments. – rfc1484 Feb 26 '15 at 12:50

Cache permissions error when deploying with Capifony

3 Answers3