3 issues on new build of 4.3.21 on CentOS 6
Hi all, I'm building the latest xymon into my own RPM, and on CentOS 6. The client works fine, but I have some issues with the server.
There are a lot of variables, that may be influencing my issues. My current environment is RHEL 5 and CentOS 5. But I want to get more up to date. Building an RPM for 4.3.21 on CentOS 5 proved impossible too much work for too little benefit because of rrdtools newer versions not compiling on CentOS5 and such. Thus the move to newer OS.
I'm also trying to use selinux. I'd always had it off or in permissive before, because I didn't want to deal with it. I'm making the effort now. We'll see how that goes.
So sorry for the roll up. Here are the issues:Disabled tests do not have the blue icon. The non-green page is showing the tests that are red or yellow. But if you click on the test, the page displays properly, blue background and the disable message is there. Also on the main pages, the icon remains red or yellow.Some pages, notably on the new server, I get "Status not available" on a number of tests. They range from my own scripts to xymonnet. Other tests do work, like the client built in ones.Cleared tests aren't clearing. This may well be the same issue as disable tests. I have a couple of tests that were red, but came green. But the page icon remains red.
Any ideas? I've fixed the selinux messages that come up in /var/log/messages.
Thanks, Paul.
Paul Root Lead Engineer CenturyLink Network Reliability Operations Center
390 Commerce Dr Woodbury, MN 55125 Direct: (651)312-5207 Paul.Root at centurylink.com
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
On Wed, October 28, 2015 9:25 am, Root, Paul T wrote:
Hi all, I'm building the latest xymon into my own RPM, and on CentOS 6. The client works fine, but I have some issues with the server.
There are a lot of variables, that may be influencing myissues. My current environment is RHEL 5 and CentOS 5. But I want to get more up to date. Building an RPM for 4.3.21 on CentOS 5 proved impossible too much work for too little benefit because of rrdtools newer versions not compiling on CentOS5 and such. Thus the move to newer OS.
I'm also trying to use selinux. I'd always had it off orin permissive before, because I didn't want to deal with it. I'm making the effort now. We'll see how that goes.
So sorry for the roll up. Here are the issues:
Disabled tests do not have the blue icon. The non-green page is
Hmm. This speaks to an issue with permissions for xymongen (unless you're using static HTML page generation for the status pages themselves). IIRC SELinux will require privs for altering/removing the files in the layout distinctly from the initial write. This is especially true if the timestamp of the gen'd pages isn't updating.
Some pages, notably on the new server, I get "Status not
That's strange. There really shouldn't be any distinction from an SELinux perspective between the various kinds of tests. You will need to enable CGIs to make port connections, but that would lead to failure to pick up any svcstatus at all.
Cleared tests aren't clearing. This may well be the same issue as
Could be the same issue.
SELinux was pretty tricky to get up and running at first. The policy files in the Terabithia RPMs are below, which *should* work when combined with the directory contexts indicated, modified as needed for your install layout.
Using xymoncmd and alterations to the initscript were somewhat tied in with this also, but some of the details escape me slightly there, to be honest. It was quite a while ago...
HTH, -jc
/usr/sbin/semanage fcontext -a -t initrc_var_run_t '/var/run/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_cache_t '/var/cache/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/share/xymon/cgi-bin(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/share/xymon/cgi-secure(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/libexec/xymon/cgiwrap' /usr/sbin/semanage fcontext -a -t httpd_sys_content_t '/var/lib/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t tmp_t '/var/lib/xymon/tmp(/.*)?'
/sbin/restorecon -R /usr/libexec/xymon/cgiwrap /usr/share/xymon/cgi-* /var/cache/xymon /var/run/xymon /var/lib/xymon /var/lib/xymon/tmp
for selinuxvariant in targeted strict; do /usr/sbin/semodule -s ${selinuxvariant} -i /usr/share/selinux/${selinuxvariant}/xymon.pp /usr/sbin/semodule -s ${selinuxvariant} -i /usr/share/selinux/${selinuxvariant}/xymon-client.pp done
/usr/sbin/setsebool -P httpd_can_network_connect on
Thanks, I'll give these a try.
-----Original Message----- From: J.C. Cleaver [mailto:cleaver at terabithia.org] Sent: Wednesday, October 28, 2015 2:36 PM To: Root, Paul T Cc: 'xymon' Subject: Re: [Xymon] 3 issues on new build of 4.3.21 on CentOS 6
On Wed, October 28, 2015 9:25 am, Root, Paul T wrote:
Hi all, I'm building the latest xymon into my own RPM, and on CentOS 6. The client works fine, but I have some issues with the server.
There are a lot of variables, that may be influencing myissues. My current environment is RHEL 5 and CentOS 5. But I want to get more up to date. Building an RPM for 4.3.21 on CentOS 5 proved impossible too much work for too little benefit because of rrdtools newer versions not compiling on CentOS5 and such. Thus the move to newer OS.
I'm also trying to use selinux. I'd always had it off orin permissive before, because I didn't want to deal with it. I'm making the effort now. We'll see how that goes.
So sorry for the roll up. Here are the issues:
Disabled tests do not have the blue icon. The non-green page is
Hmm. This speaks to an issue with permissions for xymongen (unless you're using static HTML page generation for the status pages themselves). IIRC SELinux will require privs for altering/removing the files in the layout distinctly from the initial write. This is especially true if the timestamp of the gen'd pages isn't updating.
Some pages, notably on the new server, I get "Status not
That's strange. There really shouldn't be any distinction from an SELinux perspective between the various kinds of tests. You will need to enable CGIs to make port connections, but that would lead to failure to pick up any svcstatus at all.
Cleared tests aren't clearing. This may well be the same issue as
Could be the same issue.
SELinux was pretty tricky to get up and running at first. The policy files in the Terabithia RPMs are below, which *should* work when combined with the directory contexts indicated, modified as needed for your install layout.
Using xymoncmd and alterations to the initscript were somewhat tied in with this also, but some of the details escape me slightly there, to be honest. It was quite a while ago...
HTH, -jc
/usr/sbin/semanage fcontext -a -t initrc_var_run_t '/var/run/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_cache_t '/var/cache/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/share/xymon/cgi-bin(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/share/xymon/cgi-secure(/.*)?' /usr/sbin/semanage fcontext -a -t httpd_sys_script_exec_t '/usr/libexec/xymon/cgiwrap' /usr/sbin/semanage fcontext -a -t httpd_sys_content_t '/var/lib/xymon(/.*)?' /usr/sbin/semanage fcontext -a -t tmp_t '/var/lib/xymon/tmp(/.*)?'
/sbin/restorecon -R /usr/libexec/xymon/cgiwrap /usr/share/xymon/cgi-* /var/cache/xymon /var/run/xymon /var/lib/xymon /var/lib/xymon/tmp
for selinuxvariant in targeted strict; do /usr/sbin/semodule -s ${selinuxvariant} -i /usr/share/selinux/${selinuxvariant}/xymon.pp /usr/sbin/semodule -s ${selinuxvariant} -i /usr/share/selinux/${selinuxvariant}/xymon-client.pp done
/usr/sbin/setsebool -P httpd_can_network_connect on This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
participants (2)
-
cleaver@terabithia.org
-
Paul.Root@CenturyLink.com