Installation on CentOS 8.1 appeared successful but unable to start

Core Machine (Operating system/System info/Roon build number)
Linux (CentOS 8.1)

stable[root@ares RoonServer]# cat /opt/RoonServer/VERSION
100700521
1.7 (build 521) stable
stable[root@ares RoonServer]#

Network Details (Including networking gear model/manufacturer and if on WiFi/Ethernet)
Gigabit wired home ethernet, 4x Ruckus Wireless Access Points with controller.

Audio Devices (Specify what device you’re using and its connection type - USB/HDMI/etc.)
Squeezeboxes and Logitech Transporter.

Description Of Issue
Attempted to install Roon Server on CentOS 8.1 (recent and popular Linux distribution based on RHEL). The installation script appears to have succeeded, but the roonserver service can’t be started (see log of installation below).

Appreciate any suggestions.
Mike

 [root@ares roon]# ls -l
total 20
-rwxr-x---. 1 root root 16672 Feb 23 22:00 roonserver-installer-linuxx64.sh

[root@ares roon]# ./roonserver-installer-linuxx64.sh 

--------------------------------------------------------------------------------------

Welcome to the RoonServer installer

This installer sets up RoonServer to run on linux with the following settings:

 - RoonServer will be installed in /opt/RoonServer
 - RoonServer's data will be stored in /var/roon/RoonServer
 - RoonServer will be configured to run as a system service
 - RoonServer will run as root

These settings are suitable for turning a dedicated or semi-dedicated device
into an appliance that runs RoonServer

If you want customize how RoonServer is installed, see:

   http://kb.roonlabs.com/LinuxInstall

--------------------------------------------------------------------------------------

Do you want to install RoonServer on this machine? [Y/n] Y

Downloading RoonServer_linuxx64.tar.bz2 to /tmp/tmp.xEhgwR3coo/RoonServer_linuxx64.tar.bz2

##################################################################################################################################################################### 100.0%

Unpacking RoonServer_linuxx64.tar.bz2...Done

Checking to see if RoonServer can run on this machine 

    Checking for Binary Compatibility                            [   OK   ]
    Checking for ALSA Libraries                                  [   OK   ]
    Checking for ffmpeg or avconv                               which: no avconv in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
 [   OK   ]
    Checking for the mount.cifs command                          [   OK   ]
    Testing ulimit -n 8192                                       [   OK   ]

STATUS: SUCCESS


Copying Files...Done
Failed to stop roonserver.service: Unit roonserver.service not loaded.

Installing /etc/systemd/system/roonserver.service

Enabling service roonserver...
Created symlink /etc/systemd/system/multi-user.target.wants/roonserver.service → /etc/systemd/system/roonserver.service.
Service Enabled

Starting service roonserver...
Service Started

--------------------------------------------------------------------------------------

All Done! RoonServer should be running on your machine now.

--------------------------------------------------------------------------------------


[root@ares var]# systemctl status roonserver
● roonserver.service - RoonServer
   Loaded: loaded (/etc/systemd/system/roonserver.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2020-02-23 22:01:04 EST; 2min 49s ago
  Process: 15172 ExecStart=/opt/RoonServer/start.sh (code=exited, status=203/EXEC)
 Main PID: 15172 (code=exited, status=203/EXEC)

Feb 23 22:01:04 ares systemd[1]: Started RoonServer.
Feb 23 22:01:04 ares systemd[1]: roonserver.service: Main process exited, code=exited, status=203/EXEC
Feb 23 22:01:04 ares systemd[1]: roonserver.service: Failed with result 'exit-code'.

 [root@ares var]# systemctl start roonserver
[root@ares var]# systemctl status roonserver
● roonserver.service - RoonServer
   Loaded: loaded (/etc/systemd/system/roonserver.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2020-02-23 22:04:36 EST; 3s ago
  Process: 15233 ExecStart=/opt/RoonServer/start.sh (code=exited, status=203/EXEC)
 Main PID: 15233 (code=exited, status=203/EXEC)

Feb 23 22:04:36 ares systemd[1]: Started RoonServer.
Feb 23 22:04:36 ares systemd[1]: roonserver.service: Main process exited, code=exited, status=203/EXEC
Feb 23 22:04:36 ares systemd[1]: roonserver.service: Failed with result 'exit-code'.
[root@ares var]#

Hi @Michael_Phelps and welcome to the forum.

Disclaimer: I’m just a fellow Roon user that tries to help others. I use Cockpit, Webmin and WinSCP to administrate my headless CentOS 7 based Roon server so please don’t expect me to provide you with terminal commands.

This is not very helpful. You might want to have a look into your system logs and into the Roon logs as well. From the installation guide:

Log File Location.

If you used the easy installer , log files can be found in /var/roon/RoonServer/Logs , /var/roon/RAATServer/Logs , and /var/roon/RoonBridge/Logs .

Out of my memory I would suspect that the Roon server process has insufficient SELinux rights.

Update: Should you manage to get your Roon server running you might also have to setup appropriate firewall rules to be able to connect to it with your Roon Remotes.

Hi @Michael_Phelps,

This error indicates that the install script is missing, can you please confirm - if you navigate manually to /opt/RoonServer/, do you see start.sh listed in the directory?

To provide some follow up, I looked at the system logs, and it looks like the problem was with SELinux:

Feb 23 22:28:27 ares systemd[1]: Started RoonServer.

Feb 23 22:28:27 ares systemd[15689]: roonserver.service: Failed to execute command: Permission denied

Feb 23 22:28:27 ares systemd[15689]: roonserver.service: Failed at step EXEC spawning /opt/RoonServer/start.sh: Permission denied

Feb 23 22:28:27 ares dbus-daemon[2018]: [system] Activating service name=‘org.fedoraproject.Setroubleshootd’ requested by ‘:1.126’ (uid=0 pid=1989 comm="/usr/sbin/sedispatch " label=“system_u:system_r:auditd_t:s0”) (using servicehelper)

Feb 23 22:28:27 ares systemd[1]: roonserver.service: Main process exited, code=exited, status=203/EXEC

Feb 23 22:28:27 ares systemd[1]: roonserver.service: Failed with result ‘exit-code’.

Feb 23 22:28:27 ares dbus-daemon[2018]: [system] Successfully activated service ‘org.fedoraproject.Setroubleshootd’

Feb 23 22:28:28 ares setroubleshoot[15692]: failed to retrieve rpm info for /opt/RoonServer/start.sh

Feb 23 22:28:28 ares setroubleshoot[15692]: SELinux is preventing /usr/lib/systemd/systemd from execute_no_trans access on the file /opt/RoonServer/start.sh. For complete SELinux messages run: sealert -l 4cdc1556-4b57-431f-8ef0-454ccf9e589f

Feb 23 22:28:28 ares platform-python[15692]: SELinux is preventing /usr/lib/systemd/systemd from execute_no_trans access on the file /opt/RoonServer/start.sh.#012#012***** Plugin restorecon (99.5 confidence) suggests *******************#012#012If you want to fix the label. #012/opt/RoonServer/start.sh default label should be usr_t.#012Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.#012Do#012# /sbin/restorecon -v /opt/RoonServer/start.sh#012#012 Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that systemd should be allowed execute_no_trans access on the start.sh file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c ‘(start.sh)’ --raw | audit2allow -M my-startsh#012# semodule -X 300 -i my-startsh.pp#012

So to try to fix this:

[root@ares opt]# restorecon -rv /opt/RoonServer

[root@ares opt]# systemctl status roonserver
● roonserver.service - RoonServer
Loaded: loaded (/etc/systemd/system/roonserver.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 22:38:35 EST; 16h ago
Main PID: 15883 (start.sh)
Tasks: 50 (limit: 26213)
Memory: 117.9M
CGroup: /system.slice/roonserver.service
├─15883 /bin/bash /opt/RoonServer/start.sh
├─15887 /opt/RoonServer/RoonMono/bin/RoonServer --debug --gc=sgen --server RoonServer.exe
├─15898 /opt/RoonServer/RoonMono/bin/RoonAppliance --debug --gc=sgen --server RoonAppliance.exe>
├─15900 /opt/RoonServer/Server/processreaper 15898
└─15937 /opt/RoonServer/RoonMono/bin/RAATServer --debug --gc=sgen --server RAATServer.exe

Feb 23 22:38:35 ares systemd[1]: Started RoonServer.
Feb 23 22:38:35 ares start.sh[15883]: 00:00:00.001 Warn: get lock file path: /tmp/.rn>
Feb 23 22:38:35 ares start.sh[15883]: 00:00:00.042 Trace: [childprocess] using unix ch>
Feb 23 22:38:36 ares start.sh[15883]: Initializing
Feb 23 22:38:36 ares start.sh[15883]: Started
Feb 23 22:38:37 ares start.sh[15883]: aac_fixed decoder found, checking libavcodec ver>
Feb 23 22:38:37 ares start.sh[15883]: has mp3float: 1, aac_fixed: 1
Feb 23 22:38:41 ares start.sh[15883]: Running
[root@ares opt]#

So it looks like roon server is up and running.

I then opened up the firewall ports as described elsewhere in these forums:

[root@ares ~]# firewall-cmd --add-port=9100-9200/tcp
success
[root@ares ~]# firewall-cmd --add-port=9103/udp
success
[root@ares ~]#

Since this is a headless linux server (running Roon Server), I installed Roon on my iMac to try to administer it. It didn’t initially show up, but when I left it for a while, Roon on the Mac seems to have detected the linux server.

Fingers crossed for a successful connection!

Mike

Hi @Michael_Phelps,

Thanks for the update, sounds like you’re on your way to getting Roon up-and-running.

After getting some connection from Roon on my iMac to the roon server on the headless linux box and getting things started, I’m having difficulties again connecting to the linux roon server.

The Mac got rebooted a little while ago, and Roon now says:

Remote Connection
Waiting for Remote Core…
Roon is still trying to connect, but it’s taking longer than normal.

The same thing happens when I try to connect the Roon app on my iPhone. (I haven’t yet succeeded in ever getting that app to connect. Even touching “Help” and giving it the roon server’s IP address doesn’t work.)

Clearly, something works because I initially got the Mac Roon to connect to the linux server. The firewall settings on the roon server appear correct:

[root@ares ~]# firewall-cmd --list-ports

9000/tcp 3483/tcp 3483/udp 32400/tcp 32469/tcp 8324/tcp 3005/tcp 32412/udp 32413/udp 32414/udp 32410/udp 1900/udp 5353/udp 80/tcp 9100-9200/tcp 9103/udp

I checked the switch and the switch settings clearly show IGMP settings as Disabled. (See picture of switch settings.)

Is there something simple I’ve missed here? It shouldn’t be this difficult to connect to this server.

Mike

D_link_DGS3426P_switch_settings1644×2486 460 KB

Hello @Michael_Phelps,

Managed switches are sometimes trickier to get working properly with Roon, please see our Networking Best Practices Guide on this matter.

I would suggest you try enabling IGMP Proxying on the switch and checking to see if you have a “flow control” setting and enable that as well.

If you would like to eliminate the switch as a possible source of the issue, you could also try connecting the Core + Remote via an un-managed one as a test.

The best method to make sure that it’s not the firewall blocking something is IMHO to disable the firewall, restart the Roon service and try to connect again. If it still doesn’t work then check the system logs again. I would also leave the firewall off during testing different switch settings or doing other network related troubleshooting, just to ensure that actual changes in behavior aren’t masked by a maybe blocking firewall. As soon as you’re able to consistently connect your Remotes to the Core, re-enabling the firewall will show if the firewall is correctly configured or was/is part of the problem.

Blackjack,

You’re right, the firewall was the issue. Not the switch.

When I disabled the firewall:

[root@ares ~]# systemctl stop firewalld

I was suddenly able to connect to the Roon server on my Linux box!

OK, so now that the firewall is isolated as the culprit, I dug more into this. I tried various methods for enabling multicast, such as adding the igmp protocol and using direct or rich rules, but none of those worked.

In the end, I determined that some of the information in the Roon forums had a typo. The UDP port that needs to be enabled is 9003, not 9103.

[root@ares etc]# firewall-cmd --permanent --remove-port=9103/udp
success
[root@ares etc]# firewall-cmd --permanent --add-port=9003/udp
success
[root@ares etc]# firewall-cmd --reload
success
[root@ares etc]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources: 
  services: cockpit dhcpv6-client http roon-server rsyncd samba ssh
  ports: 9000/tcp 3483/tcp 3483/udp 32400/tcp 32469/tcp 8324/tcp 3005/tcp 32412/udp 32413/udp 32414/udp 32410/udp 1900/udp 5353/udp 80/tcp 9100-9200/tcp 9003/udp
  protocols: icmp
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Now I’m able to access the CentOS 8-based Roon server!

Thanks so much for the assistance!

Mike

Rather than make the firewall changes permanent, as in your example, I went ahead and added the commands to /etc/systemd/system/roonserver.service:

[Unit]
Description=RoonServer
After=network-online.target

[Service]
Type=simple
User=root
Environment=ROON_DATAROOT=/var/roon
Environment=ROON_ID_DIR=/var/roon
ExecStartPre=/usr/bin/firewall-cmd --add-port=9100-9200/tcp
ExecStartPre=/usr/bin/firewall-cmd --add-port=9003/udp
ExecStart=/opt/RoonServer/start.sh
Restart=on-abort
ExecStopPost=/usr/bin/firewall-cmd --remove-port=9100-9200/tcp
ExecStopPost=/usr/bin/firewall-cmd --remove-port=9003/udp



[Install]
WantedBy=multi-user.target

This has the added benefit of only opening the ports when the service is started

Adam,

That seems like a very elegant solution to the firewall problem!

Perhaps Roon should make something like that a default for installation.

Mike

Mike - Agreed, the entire linux installation is incredibly ugly. I’m looking at a couple of install guides and trying to make a consolidated guide for Fedora/RHEL that will work with the firewall, SELinux & not run as root. -

** I edited the previous post to add removing the firewall ports on stop.

Hi @anon72169592,

Thanks for the suggestion, I’ll forward it to our documentation team to see if this is something we can include.

One thing which I do want to mention is that Roon uses dynamic ports, so the exceptions you currently have in place may not be valid if Roon uses a port that is not on that list.

In cases such as these, an application-level firewall exception is suggested.

Could you drop me a link to that, I’m finding the lists of ports online are not working out over time (Especially with all devices I have)

Hi @anon72169592,

This thread might be of interest to you:

Hi, glad you got it working. Rather than issuing firewall commands, I put the port and igmp protocol settings in a firewalld rule file per my gist, then in the roonserver.service systemd unit I add and remove the roon-server rules:

...
# I installed Roon so that it runs with user permissions instead of as root;
# this required some SELinux fussing around,
# and automounting network media drives probably won't work.
User=roon
...
# Enable/disable roon-server firewall rules before/after ('+' runs the commands as root).
ExecStartPre=+/usr/bin/firewall-cmd --add-service=roon-server
ExecStart=/opt/RoonServer/start.sh
ExecStopPost=+/usr/bin/firewall-cmd --remove-service=roon-server

The slight benefit of this indirection is if you look in the firewall GUI that comes standard withe Fedora, you’ll see a roon-server service that you can turn on and off.

I’m looking at a couple of install guides and trying to make a consolidated guide for Fedora/RHEL that will work with the firewall, SELinux & not run as root.

I was able to do that, as you see above I start the systemd service (different from the firewall service, you’re in a maze of services ) as User=roon and it works, although I have a simple Roon setup without any music streaming services or network media storage. I did indeed have to mess around with SELinux security and be careful setting some directory paths and permissions. I would be happy to drag out my old notes to help. If you work on this in a separate thread let me know here since I don’t follow the roonlabs fora very carefully.

@noris , it’s understandable but unfortunate that Roon core server installs and runs on Linux as root. It would be nice to move away from that.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.