You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The plugin is unable to create the cert file and OEM_EVENT_FILE due to permissions. The plugin works well though. We could also see if we need to store the cert files. The error in the syslog is
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_discover.c:1733: OV_REST Discovery Completed
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1256: Failed to create the directory /var/lib/openhpi/ov_rest/cert, Permission denied
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1276: Failed to change the dir to /var/lib/openhpi/ov_rest/cert, Permission denied
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1292: Error opening the file SSLCert_9.pem
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1857: Error opening OEM_EVENT_FILE file: /var/lib/openhpi/ov_rest/oem_event_9.log
The text was updated successfully, but these errors were encountered:
Compiled the sources on RHEL 7.5 system using make rpm. Installed the rpm's using rpm -iUvh *.rpm and ran the daemon using systemctl start daemon. The cert directory has 600 permissions.
The problem is due to SELinux being enforced. The security context of the source and target are not matching. Packaging ov_rest and cert directories with 600 permission helps little bit as it allows the creation of cert files in that directory. We will not be able to package the cert files as there are three files for each one view ring and the file name depends on the instance id also.
One workaround for now is that user could stop the daemon and set the openhpid_t to the permissive mode using "semanage permissive -a openhpid_t" before restarting the daemon using systemctl. Looks like this setting is valid till the next reboot.
One of the other thing that may help to over come this problem is to create an openhpi user and make the /var/lib/openhpi directory owned by openhpi user. Take a look at sssd-common or trousers packages.
Not many packages do this, so by default SELinux is turned off even on the production machines as of now. This may not last forever.
Workaround for now.
Install policycoreutils-python-utils if not already installed
systemctl stop openhpid
semanage permissive -a openhpid_t as root
systemctl start openhpid
The plugin is unable to create the cert file and OEM_EVENT_FILE due to permissions. The plugin works well though. We could also see if we need to store the cert files. The error in the syslog is
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_discover.c:1733: OV_REST Discovery Completed
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1256: Failed to create the directory /var/lib/openhpi/ov_rest/cert, Permission denied
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1276: Failed to change the dir to /var/lib/openhpi/ov_rest/cert, Permission denied
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1292: Error opening the file SSLCert_9.pem
Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1857: Error opening OEM_EVENT_FILE file: /var/lib/openhpi/ov_rest/oem_event_9.log
The text was updated successfully, but these errors were encountered: