1

I am deploying a Symfony 4.4 app to AWS ElasticBeanstalk and noticed that the cache wasn't cleared after each deploy.

The app was running fine though, exception made to the stale cache.

To resolve the cache issue I added the following file:

/.ebextensions/deploy.config

container_commands:
    01-clear-cache:
        command: php bin/console cache:clear --no-warmup --env=prod

That seems to clear the cache but then somehow it changes permissions so that I then get the error when trying to access the app.

Fatal error: Uncaught RuntimeException: Unable to write in the cache directory (/var/app/current/var/cache/prod)

Why does running cache:clear changes permissions and is there a way to avoid that happening, or at least how to resolve afterwards, ie, in the same/another .ebextensions file?

yivi
  • 42,438
  • 18
  • 116
  • 138
BernardA
  • 1,391
  • 19
  • 48

2 Answers2

1

These commands are run by the root user, as specified in the docs.

The specified commands run as the root user, and are processed in alphabetical order by name. Container commands are run from the staging directory, where your source code is extracted prior to being deployed to the application server. Any changes you make to your source code in the staging directory with a container command will be included when the source is deployed to its final location.

(Emphasis mine).

When re-creating the cache, the new directories are owned by root, and your PHP process can't write there if it needs to.

Execute your command so it runs using the same user than your PHP runtime. E.g. if it runs under the www-data user:

container_commands:
    01-clear-cache:
        command: sudo -u webapp php bin/console cache:clear --no-warmup --env=prod
yivi
  • 42,438
  • 18
  • 116
  • 138
  • Thanks. As it happens I only have the `root` user on EB. If there's a different PHP runtime user, where can I find it? – BernardA Mar 13 '20 at 10:23
  • Try with `ec2-user`. I don't know which user is used for PHP on EB. You could check the output of `phpinfo()` and look for `USER`. But the main take away is that the command is run by root, an your PHP process does not have permission to write on those new directories afterwards. – yivi Mar 13 '20 at 10:56
  • I created a demo app, and I believe the PHP user is `webapp`. – yivi Mar 13 '20 at 11:37
  • I can confirm that. I did output `phpinfo()` and under `Configuration-apache2handler`, `User/Group` => `webapp(498)/496 `. I run deploy again and all is fine. Thanks again! – BernardA Mar 13 '20 at 14:08
0

When using Ansible you can actually just use become: true as a mechanism to become a root user and become_user: xxx to become the desired user.

Example:

---
# roles/app/tasks/main.yml
- name: Run composer install
  become: true
  become_user: ubuntu
  composer:
    command: install
    working_dir: "{{ deploy_path }}"

Note that you have to define a variable called deploy_path.

Max
  • 226
  • 3
  • 9