Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs)
Hi JC,
This may be off-topic for everyone else as I'm talking about an unofficial RPM (I know), but just to get this into the mailing list archive...
I want to install xymon server on a system, but it will be forwarding its results to another xymon server and therefore I have no need for web pages, RRD files, etc. In fact, I think I only need xymond, xymonnet and an add-on monitor. (Plus xymon-client.) When I try and install your RPM, it wants to install all sorts of things I don't want like apache and libX11 (see below).
Installing:
xymon
Installing for dependencies:
apr
apr-util
apr-util-ldap
audit-libs-python
cairo
dejavu-fonts-common
dejavu-lgc-sans-mono-fonts
dejavu-sans-mono-fonts
fontconfig
fontpackages-filesystem
fping
freetype
httpd
httpd-tools
libX11
libX11-common
libXau
libXft
libXrender
libcgroup
libselinux-python
libsemanage-python
libthai
libxcb
mailcap
net-snmp-libs
pango
pixman
policycoreutils-python
rrdtool
setools-libs
setools-libs-python
Transaction Summary
Install 33 Package(s)
How should I do a minimal install? (I have your repo mirrored, but you can't exclude dependencies with yum AFAIK.) I just did a:
sudo rpm -i fping-3.10-2.el6.x86_64.rpm
<no errors>
sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
<output below> warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root /var/tmp/rpm-tmp.5gv8Df: line 30: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 31: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 32: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 33: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 34: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 35: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 36: /usr/sbin/semanage: No such file or directory
Realizing that I probably needed /usr/sbin/semanage at least, I did:
sudo rpm -e xymon
warning: /etc/xymon/hosts.cfg saved as /etc/xymon/hosts.cfg.rpmsave
sudo rm -fR /etc/xymon
sudo yum install setools-libs-python
sudo yum install policycoreutils-python
And what the heck, it's just one package that I may use and xymon wants it directly, rather than a dependency of a dependency, so:
sudo yum install net-snmp-libs
sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root
Should I have any problems that you foresee?
Thanks and kind regards,
SebA
Hi,
Yes, in a case such as yours the main xymon server RPM is going to pull in a few things that you don't need. Primarily, it's httpd (and whatever httpd pulls in, such as apr and whatnot) and rrdtool (and cairo, some display libs).
The reason httpd is a hard dependency is that some things are configured to be owned by the apache user, and the xymon.conf apache snippet is dropped in the directory.
It should be safe to install xymon with --nodeps to bypass those two packages, although you'll get some complaints as it installs. Assuming you're running ping checks, you'll want to manually pull in 'fping'. You can ignore net-snmp-libs if you're not going to be using xymon-snmpcollect.
The semanage stuff from policycoreutils-python is SELinux. Aside from the error output, it should be safe to ignore that as well.
Alas, you're correct in that yum will attempt to continue to pull in dependencies when they're available, so you'll continue to get these warnings.
I'd given consideration to splitting things out into xymon-xymonnet, xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really, really old version of the RPM did just that), but it really felt like more complexity (and effort) than it was worth, especially since the upstream had had unified things together.
If there's enough demand, I'm open to creating sub-packages for it. But it does rather significantly increase complexity for people doing installs since they have to think of the different components coming in. The flip side is that for cases such as yours, or in micro-sized cloud/container environments, you can install the base RPM and avoid bringing in other dependencies.
One thing I can fix right away, though is wrapping the errors out of the semanage calls. Although the RPM is built with SELinux in mind, if the toolset isn't present there's no reason to annoy the user with the messages. I'll put that in the next update for sure.
Regards,
-jc
On Thu, March 12, 2015 11:28 am, SebA wrote:
Hi JC,
This may be off-topic for everyone else as I'm talking about an unofficial RPM (I know), but just to get this into the mailing list archive...
I want to install xymon server on a system, but it will be forwarding its results to another xymon server and therefore I have no need for web pages, RRD files, etc. In fact, I think I only need xymond, xymonnet and an add-on monitor. (Plus xymon-client.) When I try and install your RPM, it wants to install all sorts of things I don't want like apache and libX11 (see below).
Installing: xymon Installing for dependencies: apr apr-util apr-util-ldap audit-libs-python cairo dejavu-fonts-common dejavu-lgc-sans-mono-fonts dejavu-sans-mono-fonts fontconfig fontpackages-filesystem fping freetype httpd httpd-tools libX11 libX11-common libXau libXft libXrender libcgroup libselinux-python libsemanage-python libthai libxcb mailcap net-snmp-libs pango pixman policycoreutils-python rrdtool setools-libs setools-libs-python
Transaction Summary
Install 33 Package(s)
How should I do a minimal install? (I have your repo mirrored, but you can't exclude dependencies with yum AFAIK.) I just did a:
sudo rpm -i fping-3.10-2.el6.x86_64.rpm
<no errors>
sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
<output below> warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root /var/tmp/rpm-tmp.5gv8Df: line 30: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 31: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 32: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 33: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 34: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 35: /usr/sbin/semanage: No such file or directory /var/tmp/rpm-tmp.5gv8Df: line 36: /usr/sbin/semanage: No such file or directory
Realizing that I probably needed /usr/sbin/semanage at least, I did:
sudo rpm -e xymon
warning: /etc/xymon/hosts.cfg saved as /etc/xymon/hosts.cfg.rpmsave
sudo rm -fR /etc/xymon
sudo yum install setools-libs-python
sudo yum install policycoreutils-python
And what the heck, it's just one package that I may use and xymon wants it directly, rather than a dependency of a dependency, so:
sudo yum install net-snmp-libs
sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
warning: user apache does not exist - using root warning: group apache does not exist - using root warning: user apache does not exist - using root warning: group apache does not exist - using root
Should I have any problems that you foresee?
Thanks and kind regards,
SebA
-----Original Message----- From: J.C. Cleaver [mailto:cleaver at terabithia.org] Sent: 13 March 2015 03:24 To: SebA Cc: 'Xymon MailingList' Subject: Re: Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs)
Hi,
Yes, in a case such as yours the main xymon server RPM is going to pull in a few things that you don't need. Primarily, it's httpd (and whatever httpd pulls in, such as apr and whatnot) and rrdtool (and cairo, some display libs).
The reason httpd is a hard dependency is that some things are configured to be owned by the apache user, and the xymon.conf apache snippet is dropped in the directory.
Understood.
It should be safe to install xymon with --nodeps to bypass those two packages, although you'll get some complaints as it installs. Assuming you're running ping checks, you'll want to manually pull in 'fping'. You can ignore net-snmp-libs if you're not going to be using xymon-snmpcollect.
The semanage stuff from policycoreutils-python is SELinux. Aside from the error output, it should be safe to ignore that as well.
The (mini-)server does have SELinux enabled and enforced though, so I assumed that I would need the tools the RPM wants for configuring everything correctly for SELinux?
Alas, you're correct in that yum will attempt to continue to pull in dependencies when they're available, so you'll continue to get these warnings.
Actually, I hadn't considered that it might continue trying to get httpd et al whenever I do a yum update, but it does not seem to be doing it so far. I suppose it will if a new xymon package is available...
I'd given consideration to splitting things out into xymon-xymonnet, xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really, really old version of the RPM did just that), but it really felt like more complexity (and effort) than it was worth, especially since the upstream had had unified things together.
If there's enough demand, I'm open to creating sub-packages for it. But it does rather significantly increase complexity for people doing installs since they have to think of the different components coming in. The flip side is that for cases such as yours, or in micro-sized cloud/container environments, you can install the base RPM and avoid bringing in other dependencies.
And for the security nuts who don't want things installed that they don't need.
One thing I can fix right away, though is wrapping the errors out of the semanage calls. Although the RPM is built with SELinux in mind, if the toolset isn't present there's no reason to annoy the user with the messages. I'll put that in the next update for sure.
Only if it can still configure SELinux correctly using other methods? chcon was already installed and available (part of coreutils)... Otherwise I would rather know there was a problem.
Regards,
-jc
Kind regards,
SebA
On Fri, March 13, 2015 2:51 am, SebA wrote:
The semanage stuff from policycoreutils-python is SELinux. Aside from the error output, it should be safe to ignore that as well.
The (mini-)server does have SELinux enabled and enforced though, so I assumed that I would need the tools the RPM wants for configuring everything correctly for SELinux?
Yeah, does sound like you'd had policycoreutils installed, but not policycoreutils-python. For loadable policies modification, semanage really is the tool most appropriate for the job. (I actually kind of find it a little odd it's not in the base package, or @base package set.)
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm...
Alas, you're correct in that yum will attempt to continue to pull in dependencies when they're available, so you'll continue to get these warnings.
Actually, I hadn't considered that it might continue trying to get httpd et al whenever I do a yum update, but it does not seem to be doing it so far. I suppose it will if a new xymon package is available...
Correct. "yum check" might complain too about existing errors.
I'd given consideration to splitting things out into xymon-xymonnet, xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really, really old version of the RPM did just that), but it really felt like more complexity (and effort) than it was worth, especially since the upstream had had unified things together.
If there's enough demand, I'm open to creating sub-packages for it. But it does rather significantly increase complexity for people doing installs since they have to think of the different components coming in. The flip side is that for cases such as yours, or in micro-sized cloud/container environments, you can install the base RPM and avoid bringing in other dependencies.
And for the security nuts who don't want things installed that they don't need.
Quite true.
To do this right will also mean breaking out the various utilities (xymongen, xymonnet, xymonproxy, etc.) into their own tasks.d/ snippets instead of the monolithic tasks.cfg given out now...
This is something that might be best done at a 4.4.x release, to help ease transition pain.
Only if it can still configure SELinux correctly using other methods? chcon was already installed and available (part of coreutils)... Otherwise I would rather know there was a problem.
Policy loading and context setting again really ought to be done with semanage, otherwise you're not making a permanent change.
Regards,
-jc
Thanks for the additional info JC. Much appreciated.
Kind regards,
SebA
-----Original Message----- From: J.C. Cleaver [mailto:cleaver at terabithia.org] Sent: 14 March 2015 02:22 To: SebA Cc: 'Xymon MailingList' Subject: RE: Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs)
On Fri, March 13, 2015 2:51 am, SebA wrote:
The semanage stuff from policycoreutils-python is SELinux. Aside from the error output, it should be safe to ignore that as well.
The (mini-)server does have SELinux enabled and enforced though, so I assumed that I would need the tools the RPM wants for configuring everything correctly for SELinux?
Yeah, does sound like you'd had policycoreutils installed, but not policycoreutils-python. For loadable policies modification, semanage really is the tool most appropriate for the job. (I actually kind of find it a little odd it's not in the base package, or @base package set.)
https://access.redhat.com/documentation/en-US/Red_Hat_Enterpri se_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced _Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_sema nage_fcontext.html
Alas, you're correct in that yum will attempt to continue
to pull in
dependencies when they're available, so you'll continue to get these warnings.
Actually, I hadn't considered that it might continue trying to get httpd et al whenever I do a yum update, but it does not seem to be doing it so far. I suppose it will if a new xymon package is available...
Correct. "yum check" might complain too about existing errors.
I'd given consideration to splitting things out into xymon-xymonnet, xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really, really old version of the RPM did just that), but it really felt like more complexity (and effort) than it was worth, especially since the upstream had had unified things together.
If there's enough demand, I'm open to creating sub-packages for it. But it does rather significantly increase complexity for people doing installs since they have to think of the different components coming in. The flip side is that for cases such as yours, or in micro-sized cloud/container environments, you can install the base RPM and avoid bringing in other dependencies.
And for the security nuts who don't want things installed that they don't need.
Quite true.
To do this right will also mean breaking out the various utilities (xymongen, xymonnet, xymonproxy, etc.) into their own tasks.d/ snippets instead of the monolithic tasks.cfg given out now...
This is something that might be best done at a 4.4.x release, to help ease transition pain.
Only if it can still configure SELinux correctly using other methods? chcon was already installed and available (part of coreutils)... Otherwise I would rather know there was a problem.
Policy loading and context setting again really ought to be done with semanage, otherwise you're not making a permanent change.
Regards,
-jc
On Thu, 12 Mar 2015, J.C. Cleaver wrote:
Hi,
Yes, in a case such as yours the main xymon server RPM is going to pull in a few things that you don't need. Primarily, it's httpd (and whatever httpd pulls in, such as apr and whatnot) and rrdtool (and cairo, some display libs).
The reason httpd is a hard dependency is that some things are configured to be owned by the apache user, and the xymon.conf apache snippet is dropped in the directory.
It should be safe to install xymon with --nodeps to bypass those two packages, although you'll get some complaints as it installs. Assuming you're running ping checks, you'll want to manually pull in 'fping'. You can ignore net-snmp-libs if you're not going to be using xymon-snmpcollect.
The semanage stuff from policycoreutils-python is SELinux. Aside from the error output, it should be safe to ignore that as well.
Alas, you're correct in that yum will attempt to continue to pull in dependencies when they're available, so you'll continue to get these warnings.
I'd given consideration to splitting things out into xymon-xymonnet, xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really, really old version of the RPM did just that), but it really felt like more complexity (and effort) than it was worth, especially since the upstream had had unified things together.
If there's enough demand, I'm open to creating sub-packages for it. But it does rather significantly increase complexity for people doing installs since they have to think of the different components coming in. The flip side is that for cases such as yours, or in micro-sized cloud/container environments, you can install the base RPM and avoid bringing in other dependencies.
If you decide to split things, would it be possible to create an rpm that pulls in as deps all of the pieces so that the people who need what is contained in the current rpms still get a complete installation?
Something similar to the following is what I am thinking about:
(shadow pts8) # rpm -qi srvadmin-all Name : srvadmin-all Version : 7.4.0 Release : 4.1.1.el6 Architecture: x86_64 Install Date: Wed 28 Jan 2015 04:26:54 PM EST Group : System/Configuration/Hardware Size : 9 License : Proprietary Signature : DSA/SHA1, Wed 13 Mar 2013 03:01:09 AM EDT, Key ID ca77951d23b66a9d Source RPM : srvadmin-7.4.0-4.1.1.el6.src.rpm Build Date : Wed 13 Mar 2013 03:01:00 AM EDT Build Host : OMLOBSWV87 Relocations : (not relocatable) Vendor : Dell Inc URL : http://support.dell.com Summary : Meta package for installing all Server Administrator features, 7.4.0 Description : Meta package that contains dependency information to automatically pull in all base and optional Server Administrator Features. (shadow pts8) #
Regards,
-- Tom me at tdiehl.org Spamtrap address me123 at tdiehl.org
participants (3)
-
cleaver@terabithia.org
-
me@tdiehl.org
-
spah@syntec.co.uk