Error: load keypair error: ... permission denied

Setup and configuration
1

Greetings,

on entering the follwing command
sudo systemctl start loraserver

and sudo systemctl status loraserver
im getting the follwing log

LOG
● loraserver.service - LoRa Server
Loaded: loaded (/lib/systemd/system/loraserver.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Tue 2018-09-04 07:49:59 UTC; 10s ago
Docs: https://docs.loraserver.io
Process: 23999 ExecStart=/usr/bin/loraserver (code=exited, status=1/FAILURE)
Main PID: 23999 (code=exited, status=1/FAILURE)

Sep 04 07:49:59 ttn-gateway systemd[1]: loraserver.service: Failed with result ‘exit-code’.
Sep 04 07:49:59 ttn-gateway systemd[1]: loraserver.service: Service hold-off time over, scheduling restart.
Sep 04 07:49:59 ttn-gateway systemd[1]: Stopped LoRa Server.
Sep 04 07:49:59 ttn-gateway systemd[1]: loraserver.service: Start request repeated too quickly.
Sep 04 07:49:59 ttn-gateway systemd[1]: Failed to start LoRa Server.
Sep 04 07:49:59 ttn-gateway systemd[1]: loraserver.service: Unit entered failed state.
Sep 04 07:49:59 ttn-gateway systemd[1]: loraserver.service: Failed with result ‘start-limit-hit’.
Sep 04 07:50:03 ttn-gateway systemd[1]: loraserver.service: Start request repeated too quickly.
Sep 04 07:50:03 ttn-gateway systemd[1]: Failed to start LoRa Server.
Sep 04 07:50:03 ttn-gateway systemd[1]: loraserver.service: Failed with result ‘start-limit-hit’.

same goes for lora-app-server

on entering the follwing command
sudo systemctl start lora-app-server

and sudo systemctl status lora-app-server
im getting the follwing log

LOG
● lora-app-server.service - LoRa App Server
Loaded: loaded (/lib/systemd/system/lora-app-server.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit-hit) since Tue 2018-09-04 07:51:39 UTC; 3s ago
Docs: https://docs.loraserver.io
Process: 27641 ExecStart=/usr/bin/lora-app-server (code=exited, status=1/FAILURE)
Main PID: 27641 (code=exited, status=1/FAILURE)

Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Failed with result ‘exit-code’.
Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Service hold-off time over, scheduling restart.
Sep 04 07:51:39 ttn-gateway systemd[1]: Stopped LoRa App Server.
Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Start request repeated too quickly.
Sep 04 07:51:39 ttn-gateway systemd[1]: Failed to start LoRa App Server.
Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:51:39 ttn-gateway systemd[1]: lora-app-server.service: Failed with result ‘start-limit-hit’.

I was able to get the web ui when i enter

loraserver

LOG

root@ttn-gateway:/home/machinekit# loraserver
INFO[0000] starting LoRa Server band=EU_863_870 docs=“h ttps://docs.loraserver.io/” net_id=000000 version=2.0.2
INFO[0000] setup redis connection pool url=“redis://localhost: 6379”
INFO[0000] connecting to postgresql
INFO[0000] backend/gateway: connecting to mqtt broker server=“tcp://localhost :1883”
INFO[0000] configuring join-server client ca_cert=/home/machineki t/loraserver-certificates-master/certs/ca/ca.pem server=“http://localhost:8003” tls_cert=/home/machinekit/loraserver-certificates-master/certs/loraserver/api/se rver/loraserver-api-server.pem tls_key=/home/machinekit/loraserver-certificates- master/certs/loraserver/api/server/loraserver-api-server-key.pem
INFO[0000] no network-controller configured
INFO[0000] applying database migrations
INFO[0000] backend/gateway: connected to mqtt server
INFO[0000] backend/gateway: subscribing to rx topic qos=0 topic=gateway/+/r x
INFO[0000] backend/gateway: subscribing to stats topic qos=0 topic=gateway/+/s tats
INFO[0000] migrations applied count=0
INFO[0000] starting api server bind=“0.0.0.0:8000” ca- cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls-cert=/h ome/machinekit/loraserver-certificates-master/certs/loraserver/api/server/lorase rver-api-server.pem tls-key=/home/machinekit/loraserver-certificates-master/cert s/loraserver/api/server/loraserver-api-server-key.pem
INFO[0000] starting downlink device-queue scheduler

lora-app-server

LOG

root@ttn-gateway:/home/machinekit# lora-app-server
INFO[0000] starting LoRa App Server docs=“https://www.loras erver.io/” version=2.0.1
INFO[0000] connecting to postgresql
INFO[0000] setup redis connection pool
INFO[0000] handler/mqtt: TLS config is empty
INFO[0000] handler/mqtt: connecting to mqtt broker server=“tcp://localhost :1883”
INFO[0000] applying database migrations
INFO[0000] handler/mqtt: connected to mqtt broker
INFO[0000] handler/mqtt: subscribing to tx topic qos=0 topic=application /+/device/+/tx
INFO[0000] migrations applied count=0
INFO[0000] starting application-server api bind=“0.0.0.0:8001” ca- cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls-cert=/h ome/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/l ora-app-server-api-server.pem tls-key=/home/machinekit/loraserver-certificates-m aster/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
INFO[0000] starting join-server api bind=“0.0.0.0:8003” ca_ cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls_cert=/h ome/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/ser ver/lora-app-server-join-api-server.pem tls_key=/home/machinekit/loraserver-cert ificates-master/certs/lora-app-server/join-api/server/lora-app-server-join-api-s erver-key.pem
INFO[0000] starting client api server bind=“0.0.0.0:8080” tls -cert=/etc/lora-app-server/certs/http.pem tls-key=/etc/lora-app-server/certs/htt p-key.pem
INFO[0000] registering rest api handler and documentation endpoint path=/api

How can I get loraserver and lora-app-server run via systemctl?

2

I’m not sure. You need to inspect the logs, e.g. using journalctl. You’ll find examples on www.loraserver.io in the install documentation.

3

Thansk for replying @brocaar

root@Beaglebone:/home/machinekit# journalctl -u loraserver -f

Sep 04 07:28:53 Beaglebone systemd[1]: Started LoRa Server.
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=info msg=“starting LoRa Server” band=EU_863_870 docs=“https://docs.loraserver.io/” net_id=000000 version=2.0.2
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=info msg=“setup redis connection pool” url=“redis://localhost:6379”
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=info msg=“connecting to postgresql”
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=info msg=“backend/gateway: connecting to mqtt broker” server=“tcp://localhost:1883”
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=info msg=“configuring join-server client” ca_cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem server=“http://localhost:8003” tls_cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client.pem tls_key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem
Sep 04 07:28:53 Beaglebone loraserver[10709]: time=“2018-09-04T07:28:53Z” level=fatal msg=“create new join-server client error: load x509 keypair error: open /home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem: permission denied”
Sep 04 07:28:53 Beaglebone systemd[1]: loraserver.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 07:28:53 Beaglebone systemd[1]: loraserver.service: Unit entered failed state.
Sep 04 07:28:53 Beaglebone systemd[1]: loraserver.service: Failed with result ‘exit-code’.
Sep 04 07:28:53 Beaglebone systemd[1]: loraserver.service: Service hold-off time over, scheduling restart.
Sep 04 07:28:53 Beaglebone systemd[1]: Stopped LoRa Server.
Sep 04 07:28:55 Beaglebone systemd[1]: Started LoRa Server.
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=info msg=“starting LoRa Server” band=EU_863_870 docs=“https://docs.loraserver.io/” net_id=000000 version=2.0.2
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=info msg=“setup redis connection pool” url=“redis://localhost:6379”
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=info msg=“connecting to postgresql”
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=info msg=“backend/gateway: connecting to mqtt broker” server=“tcp://localhost:1883”
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=info msg=“configuring join-server client” ca_cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem server=“http://localhost:8003” tls_cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client.pem tls_key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem
Sep 04 07:28:55 Beaglebone loraserver[10808]: time=“2018-09-04T07:28:55Z” level=fatal msg=“create new join-server client error: load x509 keypair error: open /home/machinekit/loraserver-certificates-master/certs/lora-app-server/join-api/client/lora-app-server-join-api-client-key.pem: permission denied”
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Unit entered failed state.
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Failed with result ‘exit-code’.
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Service hold-off time over, scheduling restart.
Sep 04 07:28:55 Beaglebone systemd[1]: Stopped LoRa Server.
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Start request repeated too quickly.
Sep 04 07:28:55 Beaglebone systemd[1]: Failed to start LoRa Server.
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Unit entered failed state.
Sep 04 07:28:55 Beaglebone systemd[1]: loraserver.service: Failed with result ‘start-limit-hit’.

root@Beaglebone:/home/machinekit# journalctl -u lora-app-server -f

– Logs begin at Tue 2018-09-04 07:23:01 UTC. –
Sep 04 07:30:06 Beaglebone lora-app-server[13375]: time=“2018-09-04T07:30:06Z” level=info msg=“migrations applied” count=0
Sep 04 07:30:06 Beaglebone lora-app-server[13375]: time=“2018-09-04T07:30:06Z” level=info msg=“starting application-server api” bind=“0.0.0.0:8001” ca-cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls-cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server.pem tls-key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
Sep 04 07:30:06 Beaglebone systemd[1]: lora-app-server.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 07:30:06 Beaglebone systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:30:06 Beaglebone systemd[1]: lora-app-server.service: Failed with result ‘exit-code’.
Sep 04 07:30:06 Beaglebone systemd[1]: lora-app-server.service: Service hold-off time over, scheduling restart.
Sep 04 07:30:06 Beaglebone systemd[1]: Stopped LoRa App Server.
Sep 04 07:30:07 Beaglebone systemd[1]: Started LoRa App Server.
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“starting LoRa App Server” docs=“https://www.loraserver.io/” version=2.0.1
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“connecting to postgresql”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“setup redis connection pool”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: TLS config is empty”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: connecting to mqtt broker” server=“tcp://localhost:1883”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“applying database migrations”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: connected to mqtt broker”
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: subscribing to tx topic” qos=0 topic=application/+/device/+/tx
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“migrations applied” count=0
Sep 04 07:30:08 Beaglebone lora-app-server[13472]: time=“2018-09-04T07:30:08Z” level=info msg=“starting application-server api” bind=“0.0.0.0:8001” ca-cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls-cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server.pem tls-key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
Sep 04 07:30:08 Beaglebone systemd[1]: lora-app-server.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 07:30:08 Beaglebone systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:30:08 Beaglebone systemd[1]: lora-app-server.service: Failed with result ‘exit-code’.
Sep 04 07:30:08 Beaglebone systemd[1]: lora-app-server.service: Service hold-off time over, scheduling restart.
Sep 04 07:30:08 Beaglebone systemd[1]: Stopped LoRa App Server.
Sep 04 07:30:08 Beaglebone systemd[1]: Started LoRa App Server.
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“starting LoRa App Server” docs=“https://www.loraserver.io/” version=2.0.1
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“connecting to postgresql”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“setup redis connection pool”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: TLS config is empty”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: connecting to mqtt broker” server=“tcp://localhost:1883”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“applying database migrations”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: connected to mqtt broker”
Sep 04 07:30:08 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:08Z” level=info msg=“handler/mqtt: subscribing to tx topic” qos=0 topic=application/+/device/+/tx
Sep 04 07:30:09 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:09Z” level=info msg=“migrations applied” count=0
Sep 04 07:30:09 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:09Z” level=info msg=“starting application-server api” bind=“0.0.0.0:8001” ca-cert=/home/machinekit/loraserver-certificates-master/certs/ca/ca.pem tls-cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server.pem tls-key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
Sep 04 07:30:09 Beaglebone lora-app-server[13505]: time=“2018-09-04T07:30:09Z” level=fatal msg=“load key-pair error: open /home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem: permission denied” cert=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server.pem key=/home/machinekit/loraserver-certificates-master/certs/lora-app-server/api/server/lora-app-server-api-server-key.pem
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Main process exited, code=exited, status=1/FAILURE
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Failed with result ‘exit-code’.
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Service hold-off time over, scheduling restart.
Sep 04 07:30:09 Beaglebone systemd[1]: Stopped LoRa App Server.
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Start request repeated too quickly.
Sep 04 07:30:09 Beaglebone systemd[1]: Failed to start LoRa App Server.
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Unit entered failed state.
Sep 04 07:30:09 Beaglebone systemd[1]: lora-app-server.service: Failed with result ‘start-limit-hit’.

5

If you grep on “fatal” you’ll find the issues :slight_smile:

6

Thank you so much @brocaar and apologies for my delayed response
load x509 key pair error is generated because of failing to get transport credentials am I wrong here?

0. Shoud I be changing the tls cert and key for loraserver under join-server client credential from lora-app-server-join-api-client.pem and lora-app-server-join-api-client-key.pem respectively to some other key?

1. However I didnt understand why theres a denial of permission when I’m operating under root (considering if this is access issue).?

2. I cant understand why the UI loads when I run loraserver and lora-app-server manually?

3. Is it conficting because it expects another file format other than .pem (apologies if Im way too off with this question (although it doesnt explain why other key in .pem file got accepted))?

7

permission denied

This indicates that the loraserver / lora-app-server processes are unable to load the certificates since they don’t have access to these files.

Please see the user and group assigned to /etc/loraserver and /etc/lora-app-server directories and change the certificate user / group according to these values.

See also: https://www.linode.com/docs/tools-reference/linux-users-and-groups/

1 Like
8

@brocaar
Thanks for resolving. It works like a charm now.

1 Like