通过systemd运行时,openssl证书验证失败 [英] openssl certificate verify failling when running through systemd
问题描述
我有一个使用aws iot sdk连接到mqtt的python程序.当我从CLI运行程序时,这些程序可以运行,并且可以正常工作.但是当我尝试从systemd作为服务运行它时,它不起作用...而且我不知道为什么.我在下面找到了有关该问题的 2 个参考资料,但似乎没有一个能解决我的问题.
I have a python program that uses the aws iot sdk to connect to mqtt. The programs runs, and works without problems when I run it from the CLI. But when I try to run it from systemd as a service, it doesn't work... And I don't know why. I found these 2 references below about the problem, but it seems like none of them fixes my problem.
我收到这样的错误消息:
I receive an error message like this:
[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败:无法获取本地发行者证书(_ssl.c:1056)
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
更新:这是我当前的服务文件
UPDATE: this is my current service file
[Unit]
Description=GreenRpi
[Service]
User=pi
Group=pi
#PIDFile=/tmp/greenrpiofficial-99.pid
WorkingDirectory=/home/pi/experiments/GreenRpi/
ExecStart=/home/pi/experiments/GreenRpi/.venv/bin/python main.py somearg
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
推荐答案
您没有提供您的服务文件.通过systemd启动时,默认情况下,进程以root身份运行,请参见[1]
You didn't provide your service file. By default processes run as root when started via systemd, see [1]
User =,组=
User=, Group=
分别设置执行进程的UNIX用户或组.采用单个用户或组名,或数字ID作为参数.对于系统服务(由系统服务管理器运行的服务,即由PID 1管理)以及对于根用户的用户服务(由root的systemd --user实例管理的服务),默认值为"root",但User =可以用来指定其他用户.
Set the UNIX user or group that the processes are executed as, respectively. Takes a single user or group name, or a numeric ID as argument. For system services (services run by the system service manager, i.e. managed by PID 1) and for user services of the root user (services managed by root's instance of systemd --user), the default is "root", but User= may be used to specify a different user.
当证书仅对当前用户可用时,您应该使用与该用户相同的身份来运行服务
When the certificiate is only available to current user you should run your service as the same user with
[Service]
User=<your desired username>
工作目录也不同.您的第一个链接未涵盖此内容.可以通过 WorkingDirectory =
Also the working directory is different. This is not covered in your first link. This can be set via WorkingDirectory=
[1] https://www.freedesktop.org/软件/systemd/man/systemd.exec.html
这篇关于通过systemd运行时,openssl证书验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!