Redis socket file disappears after reboot

redis

I installed redis and I am setting it to use a socket.

It works fine at the beginning but if I reboot the machine (ubuntu 14.04 via vagrant on virtualbox), Redis does not start anymore and displays this error in the log: Opening socket: bind: No such file or directory

When I look where the socket file is supposed to be, I understand the error message since the socket file is not there anymore.
Actually, the whole /var/run/redis directory does not exist anymore after I reboot.

Here is what I have in my config file:

# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 0

bind 127.0.0.1

unixsocket /var/run/redis/0.sock
unixsocketperm 755

Why would the socket file disappear?

Thanks

Best Answer

My guess is you are using ubuntu or some distro that mounts /var/run as tmpfs. So each reboot /var/run is cleaned out.

Run mount and if it lists /var/run seperately then that is the case

Related Solutions

Redis server does not create socket file

I had a similar issue but on a derivative of Arch Linux.

Redis had to be installed for OpenVAS and I was getting a permission error after attempting to start the service like this:

systemctl start redis.service

The error was visible using:

journalctl -xeu redis.service

as recommended by the systemctl command output.

When it attempted to create the Unix socket in /run (also linked from /var/run) it would fail because it could not create the file. I could manually created a redis subdirectory under /run using sudo and change the owner to the redis user then started redis but the directory kept disappearing later.

I tried re-installing with pacman because I was a bit lost but that didn't seem to help.

Solution in my case

After running

sudo systemctl enable redis.service

I can start the service and /run/redis (also linked as /var/run/redis) is present with a PID and Unix socket file as configured with the unixsocket entry in my config file.

I can confirm it's accessible with:

redis-cli -s /run/redis/redis.sock

After a reboot it's still good.

Centos – OpenVAS on CentOS7 Redis won’t start

Congratulations, you've found a bad Internet tutorial. It appears that the author of that tutorial never actually tested it himself to see if it works, because it doesn't work as-is. Worse, it appears that that tutorial is actually linked to from the official OpenVAS web site, which is going to mislead and frustrate a lot of people.

So, the reason redis is failing to start is because SELinux denies redis-server to write to /tmp. You can see this in your audit logs:

type=AVC msg=audit(1482284806.464:112): avc:  denied  { write } for  pid=1275 comm="redis-server" name="tmp" dev="dm-0" ino=33574981 scontext=system_u:system_r:redis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1482284806.464:112): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=7ffe55938670 a2=6e a3=7ffe55938614 items=0 ppid=1 pid=1275 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="redis-server" exe="/usr/bin/redis-server" subj=system_u:system_r:redis_t:s0 key=(null)

Rather than /tmp, the socket file should be located in /run/redis, for instance:

unixsocket /run/redis/redis.sock

This allows it to operate within the constraints SELinux imposes.

While editing /etc/redis.conf, be sure to check the bottom of the file for a second unixsocket directive that got added by openvas-setup and remove it as redundant.

Of course, generally on SELinux enabled systems, redis should be configured to listen to a TCP port on localhost, rather than using a socket, as other daemons might not be allowed to communicate with redis via a socket, but only via TCP. This isn't really an issue here as OpenVAS isn't (yet) SELinux-confined, but it also doesn't support contacting redis via TCP. The result of this is that this redis installation cannot be shared or reused with any other services than the local copy of OpenVAS.

But there's more than that wrong with this tutorial!

The second thing is that nowhere in it does OpenVAS ever get configured to actually use redis. It relies on the compiled in default, which as we have seen is wrong. To fix this requires setting a configuration directive in /etc/openvas/openvassd.conf, something which the tutorial never mentions:

kb_location = /run/redis/redis.sock

The third thing is that it uses a third party repo called atomic, which provides packages that conflict with packages in normal repos such as EPEL - which already provides redis and OpenVAS! It's not clear why atomic have done this, nor why this tutorial uses atomic to begin with. Using repositories with conflicting packages is potentially dangerous. If you continue with using atomic packages, you will need to be absolutely certain that this (virtual) machine is never used for anything else for any reason whatsoever.

Finally, once you get it installed, the web interface isn't actually reachable because the indicated port isn't open in the firewall. You also have to do this yourself.

firewall-cmd --add-port=9392/tcp    # though this opens it to the world
firewall-cmd --runtime-to-permanent

Once you're done, openvas-check-setup should say, among other things...

        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /run/redis/redis.sock
        OK: redis-server is running and listening on socket: /run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.

The irony is that it will then also say:

        ERROR: SELinux is enabled. For a working OpenVAS installation you need to disable it.
        FIX: Please disable SELinux.

Which appears to be completely gratuitous and unnecessary, as OpenVAS doesn't run confined by SELinux anyway.

Best Answer

Related Solutions

Redis server does not create socket file

Centos – OpenVAS on CentOS7 Redis won’t start

Related Topic