systemd does not start service - Failed at step USER spawning

Question

I am trying to write a systemd service script. Its starts with root user creating nonlogin user and gives him privileges. Then the nologin user starts the application.

I am on rhel-7.5 (Maipo) with Linux-5.0.7-2019.05.28.x86_64. Here is what I tried.

/root/myhome/my_setup.sh:

#!/bin/bash

# Create nologin user with workingdir. Make hime owner for DB files, binary files he runs.
crdb_setup() {
    /bin/mkdir -p /var/lib/lsraj /root/crdb || return $?
    /usr/bin/getent group lsraj || /usr/sbin/groupadd -g 990 lsraj|| return $?
    /usr/bin/getent passwd lsraj || /usr/sbin/useradd -u 990 -g 990 \
        -c 'CRDB User' -d /var/lib/lsraj -s /sbin/nologin -M -K UMASK=022 lsraj || return $?
    /bin/chown lsraj:lsraj /var/lib/lsraj /root/crdb /root/myhome/cockroach || return $?
}

crdb_setup


[root@lsraj ~]# 
total 99896
-rwxr-xr-x 1 root root 102285942 Jun 18 16:54 cockroach
-rwxr-xr-x 1 root root       521 Jun 18 17:07 my_setup.sh
[root@lsraj ~]# 

Service script:

[root@lsraj~]# cat /usr/lib/systemd/system/lsraj.service 
[Unit]
Description=Cockroach Database Service
After=network.target syslog.target

[Service]
Type=notify
# run the script with root privileges. The script creates user and gives him privileges.
ExecStartPre=+/root/myhome/my_setup.sh
User=lsraj
Group=lsraj
WorkingDirectory=/var/lib/lsraj
ExecStart=/root/myhome/cockroach start --insecure --host=localhost --store=/root/crdb
ExecStop=/root/myhome/cockroach quit --insecure --host=localhost
StandardOutput=journal
Restart=on-failure
RestartSec=60s
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=cockroachdb
[Install]
WantedBy=multi-user.target
[root@lsraj~]# 


Jun 18 17:30:51 lsraj systemd: [/usr/lib/systemd/system/lsraj.service:8] Executable path is not absolute, ignoring: +/root/myhome/my_setup.sh
Jun 18 17:30:51 lsraj systemd: Starting Cockroach Database Service...
Jun 18 17:30:51 lsraj systemd: Failed at step USER spawning /root/myhome/cockroach: No such process
Jun 18 17:30:51 lsraj systemd: lsraj.service: main process exited, code=exited, status=217/USER
Jun 18 17:30:51 lsraj systemd: Failed at step USER spawning /root/myhome/cockroach: No such process
Jun 18 17:30:51 lsraj systemd: lsraj.service: control process exited, code=exited status=217
Jun 18 17:30:51 lsraj systemd: Failed to start Cockroach Database Service.
Jun 18 17:30:51 lsraj systemd: Unit lsraj.service entered failed state.
Jun 18 17:30:51 lsraj systemd: lsraj.service failed.

Answer 1

I've moved my comment here to support richer formatting.

I can not advise on your need for the '+', I am only reading the error message for you which says systemd is ignoring the ExecStartPre path because it is not absolute.

Maybe this is a feature that exists in freedesktop.org, but my Redhat 7.6 release (which is what you indicate that you are using) does not include a similar statement (or table) in the systemd.service unit file man page. Plus you are getting a very clear error message about that line in your unit file.

The man page it mentions "-" and "@", but none of the others...

Here is an extract from the man page (and I've provided a link above to the full page).

       ExecStartPre=, ExecStartPost=
           Additional commands that are executed before or after the command in ExecStart=, respectively. Syntax is the same as for ExecStart=, except that multiple command lines are
           allowed and the commands are executed one after the other, serially.

           If any of those commands (not prefixed with "-") fail, the rest are not executed and the unit is considered failed.

           Note that ExecStartPre= may not be used to start long-running processes. All processes forked off by processes invoked via ExecStartPre= will be killed before the next service
           process is run.

I suggest trying to remove the "+" first and see what happens, then progress from there.