ejabberd as a service on CentOS 7

I have seen a few discussions of problems getting ejabberd to run as a service but no conclusive explanation of how to do it. After spending several hours banging my head on the problem, I finally succeeded. Here is what I had to do.

The root problem is that it appears that systemd and pkexec do not play nice together. After finding a cryptic log message about "refusing to render service to dead parents," I finally traced the problem to pkexec. I appears that pkexec does not like being launched as part of a double fork exec, and that systemd does exactly this. Rather than try to get the systemd maintainers to change this, or the pkexec maintainers to fix their issue with double forking, I tried modifying the ejabberdctl script to call for /bin/sh instead of /usr/bin/pkexec. This change worked, and ejabberdctl started running successfully when systemd called it.

Then came the permission problems. I had been running ejabberdctl from the command line during installation and configuration, which resulted in a /var/lib/ejabberd that was owned by root:root, so when systemd ran ejabberdctl as ejabberd:ejabberd, mnesia had no access to its files. chown'ing them to ejabberd:ejabberd fixed the access problem but then mnesia complained about changes in names or some such. In the end I just nuked the entire directory and re-created a blank /usr/lib/ejabberd and chown'ed the entire thing to ejabberd:ejabberd. Problem fixed.

The next issue was with access permissions to ejabberd log files. A round of chown fixed that. I also had some issues with the lock files in /var/lock/ejabberdctl. Removing all of these files helped.

Finally I had an issue with ejabberdctl running from the command line as root not being able to connect to the ejabberd process that was running as ejabberd:ejabberd. sudo -u ejabberd ejabberdctl fixed that for the command line, but I had scripts that were executing as root that needed to call ejabberdctl to register users...that got me some warnings from sudo about needing a tty connection. modifying /etc/sudoers to allow this to proceed fixed this problem.

So, the summary of how to get ejabberd to run as a service on CentOS 7 (and perhaps all systemd-based linuxes:
1. modify /usr/bin/ejabberdctl to modify it to use /bin/sh instead of /usr/bin/pkexec:
#!/usr/bin/pkexec /bin/sh needs to be #!/bin/sh
2. Either modify /usr/lib/systemd/system/ejabberd.service to run the service as root, or remove /var/lib/ejabberd and create a new, blank directory of the same name and chown it to ejabberd:ejabberd. If you modify the service, be sure to execute "systemctl daemon-reload" afterwards.
3. chown the contents of /var/log/ejabberd to ejabberd:ejabberd
4. delete the contents of /var/lock/ejabberdctl and make sure the directory is writable by user ejabberd

Good luck...it took me hours & hours to wade through all of this...

Just a note: the latest

Just a note: the latest version no longer uses pkexec in the bash scripts.

Cool. I'm stuck with 14.07

Cool. I'm stuck with 14.07 for now because for reasons I have not diagnosed, the ejabberd binary installer does not work on CentOS 7, and 14.07 is what is available in the EPEL repository. Would love to upgrade, however...

I have our 15.04 binary

I have our 15.04 binary installer working a a clean CentOS7 without problems.
please note use of pkexec comes from an extra packaging stage i'm not aware of so i can not help on this. i highly suggest to use standard ejabberdctl script which rely on /bin/sh indeed.

from default installation, you get /opt/ejabberd-15.04/bin/ejabberd.service. if you need some changes for CentOS/RHEL, please suggest a pull request on github so i can push upstream.

I've also encountered this

I've also encountered this while trying to build a package with ejabberd-15.10
In fact you can still use pkexec and ejabberd:
You just need to create a script with following content (ejabberd-15.10 installed ejabberdctl to /usr/sbin):
#!/bin/sh
/usr/bin/pkexec /usr/sbin/ejabberdctl "$@"

And actually point systemd service to your custom script. Also you'll need to fix polkit rules to allow /usr/sbin/ejabberdctl.

Syndicate content