From 215251a122a8ac5dee89a861fb7f62da00b1831d Mon Sep 17 00:00:00 2001 From: anti Date: Fri, 24 Apr 2026 01:09:55 -0400 Subject: [PATCH] fix(deploy): template --group on the bus ExecStart too MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit decnet-bus.service.j2 ran with User={{ user }} / Group={{ group }} but the actual bus CLI invocation hardcoded --group decnet. The bus chowns /run/decnet/bus.sock to that group at 0660 — so when an operator ran `decnet init --group anti`, the socket ended up owned by decnet:decnet while every worker (agent, api, collector, forwarder, prober, updater) ran as anti and got EACCES on connect(). Each worker's bus-wiring catches the error, logs a warning, sets bus=None, and carries on — which is correct for the data-plane but silently kills Workers-panel heartbeats (run_health_heartbeat(None, ...) no-ops). So half the worker grid showed UNKNOWN even though systemctl confirmed the processes were alive. Swap the hardcoded --group decnet for --group {{ group }} so the socket is owned by the same group the workers run under. --- deploy/decnet-bus.service.j2 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/decnet-bus.service.j2 b/deploy/decnet-bus.service.j2 index 058056d0..8b1c7a43 100644 --- a/deploy/decnet-bus.service.j2 +++ b/deploy/decnet-bus.service.j2 @@ -12,14 +12,17 @@ WorkingDirectory={{ install_dir }} EnvironmentFile=-{{ install_dir }}/.env.local # /run/decnet is created automatically with the RuntimeDirectory= directive # below (mode 0755, owned by User/Group) and cleaned up on stop. The bus -# socket is placed inside it with 0660 perms so only the decnet group can -# connect. +# socket is placed inside it with 0660 perms so only the configured +# DECNET group (--group) can connect. That group is rendered here so +# `decnet init --group anti` results in a socket every worker running +# as anti can actually connect() to — otherwise every worker falls +# back to bus=None and the Workers panel sees no heartbeats. RuntimeDirectory=decnet RuntimeDirectoryMode=0755 Environment=DECNET_SYSTEM_LOGS=/var/log/decnet/decnet.bus.log ExecStart={{ venv_dir }}/bin/decnet bus \ --socket /run/decnet/bus.sock \ - --group decnet + --group {{ group }} StandardOutput=append:/var/log/decnet/decnet.bus.log StandardError=append:/var/log/decnet/decnet.bus.log