Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-313

Apache configuration cannot be retrieved in case when Augeas is enabled but /tmp folder has "no exec" permissions (edit)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • None
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Hide
      JBoss Operations Network (ON) cannot retrieve a JBoss Web Server's Apache HTTP Server configuration when Augeas support is enabled and the JBoss Web Server `/tmp` directory has `noexec` permissions set.

      In this situation, the following message is displayed:

      ----
      No configuration was retrieved. This means that either the plugin failed to load the configuration or that configuration collection is merely switched off in the connection settings.
      ----

      You can workaround this issue by creating a new `tmp` folder for the JBoss ON agent:

      . `mkdir /home/tmp/jon`
      . `chown -R <jon_user>:<jon_user> /home/tmp/jon`
      . `chmod a+rwx /home/tmp/jon`
      . Edit the `rhq-agent-env.sh` file and add this `tmp` folder to `RHQ_AGENT_JAVA_OPTS`:
      +
      ----
      RHQ_AGENT_JAVA_OPTS="-Xms64m -Xmx128m -Djava.net.preferIPv4Stack=true -Djava.io.tmpdir=/home/tmp/jon"
      ----
      . Save the file and restart the agent.

      This issue is expected to to be fixed in a future update.
      Show
      JBoss Operations Network (ON) cannot retrieve a JBoss Web Server's Apache HTTP Server configuration when Augeas support is enabled and the JBoss Web Server `/tmp` directory has `noexec` permissions set. In this situation, the following message is displayed: ---- No configuration was retrieved. This means that either the plugin failed to load the configuration or that configuration collection is merely switched off in the connection settings. ---- You can workaround this issue by creating a new `tmp` folder for the JBoss ON agent: . `mkdir /home/tmp/jon` . `chown -R <jon_user>:<jon_user> /home/tmp/jon` . `chmod a+rwx /home/tmp/jon` . Edit the `rhq-agent-env.sh` file and add this `tmp` folder to `RHQ_AGENT_JAVA_OPTS`: + ---- RHQ_AGENT_JAVA_OPTS="-Xms64m -Xmx128m -Djava.net.preferIPv4Stack=true -Djava.io.tmpdir=/home/tmp/jon" ---- . Save the file and restart the agent. This issue is expected to to be fixed in a future update.
    • Workaround Exists
    • Hide

      To work around this, create a new tmp folder for JBoss ON:

      1. mkdir /home/tmp/jon
      2. chown -R <jon_user>:<jon_user> /home/tmp/jon
      3. chmod a+rwx /home/tmp/jon

      and then, edit rhq-agent-env.sh file to add this tmp folder to RHQ_AGENT_JAVA_OPTS:

      edit RHQ_AGENT_JAVA_OPTS="-Xms64m -Xmx128m -Djava.net.preferIPv4Stack=true -Djava.io.tmpdir=/home/tmp/jon"

      Save the file and restart the agent.

      Show
      To work around this, create a new tmp folder for JBoss ON: mkdir /home/tmp/jon chown -R <jon_user>:<jon_user> /home/tmp/jon chmod a+rwx /home/tmp/jon and then, edit rhq-agent-env.sh file to add this tmp folder to RHQ_AGENT_JAVA_OPTS: edit RHQ_AGENT_JAVA_OPTS="-Xms64m -Xmx128m -Djava.net.preferIPv4Stack=true -Djava.io.tmpdir=/home/tmp/jon" Save the file and restart the agent.
    • Hide

      How reproducible:
      Always

      Steps to Reproduce:
      1. Install and start JBoss ON Server and Agent and deploy plugins for EWS;
      2. Change permissions for /tmp folder to noexec - so direct execution of any binaries on the mounted filesystem is not allowed.
      3. Start Apache instance and let JBoss ON Agent discover it;
      4. Import discovered Apache instance and confirm that it's availability is green;
      5. From JBoss ON UI navigate to Apache instance -> Inventory -> Connection Settings and set "Enable augeas support" to Yes and save the change;
      6. From above page navigate to Configuration tab for this Apache instance.

      Actual results:
      Message "No configuration was retrieved. This means that either the plugin failed to load the configuration or that configuration collection is merely switched off in the connection settings." is showed at the top of the screen (green background) and no configuration is detected. The agent.log file shows:

      ***************************************************
      2014-09-29 12:01:01,613 WARN [InventoryManager.discovery-1] (rhq.core.pc.inventory.InventoryManager)- Failure during discovery for [Directory] Resources - failed after 15 ms.
      java.lang.Exception: Discovery component invocation failed.
      at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:309)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:724)
      Caused by: java.lang.UnsatisfiedLinkError: /tmp/jna6853304923111682447.tmp: /tmp/jna6853304923111682447.tmp: failed to map segment from shared object: Operation not permitted
      at java.lang.ClassLoader$NativeLibrary.load(Native Method)
      at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1957)
      at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1882)
      at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1843)
      at java.lang.Runtime.load0(Runtime.java:795)
      at java.lang.System.load(System.java:1061)
      at com.sun.jna.Native.loadNativeLibraryFromJar(Native.java:757)
      at com.sun.jna.Native.loadNativeLibrary(Native.java:681)
      at com.sun.jna.Native.<clinit>(Native.java:109)
      at net.augeas.jna.Aug.<clinit>(Unknown Source)
      at net.augeas.Augeas.<init>(Unknown Source)
      at net.augeas.Augeas.<init>(Unknown Source)
      at org.rhq.plugins.apache.ApacheServerComponent.isAugeasEnabled(ApacheServerComponent.java:1068)
      at org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.isAugeasEnabled(ApacheVirtualHostServiceComponent.java:666)
      at org.rhq.plugins.apache.ApacheDirectoryDiscoveryComponent.discoverResources(ApacheDirectoryDiscoveryComponent.java:64)
      at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:305)
      ... 5 more
      2014-09-29 12:01:01,615 WARN [InventoryManager.discovery-1] (rhq.core.pc.inventory.InventoryManager)- Failure during discovery for [IfModule] Resources - failed after 0 ms.
      java.lang.Exception: Discovery component invocation failed.
      at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:309)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
      at java.util.concurrent.FutureTask.run(FutureTask.java:166)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:724)
      Caused by: java.lang.NoClassDefFoundError: Could not initialize class net.augeas.jna.Aug
      at net.augeas.Augeas.<init>(Unknown Source)
      at net.augeas.Augeas.<init>(Unknown Source)
      at org.rhq.plugins.apache.ApacheServerComponent.isAugeasEnabled(ApacheServerComponent.java:1068)
      at org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.isAugeasEnabled(ApacheVirtualHostServiceComponent.java:666)
      at org.rhq.plugins.apache.ApacheIfModuleDiscoveryComponent.discoverResources(ApacheIfModuleDiscoveryComponent.java:53)
      at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:305)
      ... 5 more

      ***************************************************

      Expected results:
      No error is logged and configuration is properly discovered.

      Show
      How reproducible: Always Steps to Reproduce: 1. Install and start JBoss ON Server and Agent and deploy plugins for EWS; 2. Change permissions for /tmp folder to noexec - so direct execution of any binaries on the mounted filesystem is not allowed. 3. Start Apache instance and let JBoss ON Agent discover it; 4. Import discovered Apache instance and confirm that it's availability is green; 5. From JBoss ON UI navigate to Apache instance -> Inventory -> Connection Settings and set "Enable augeas support" to Yes and save the change; 6. From above page navigate to Configuration tab for this Apache instance. Actual results: Message "No configuration was retrieved. This means that either the plugin failed to load the configuration or that configuration collection is merely switched off in the connection settings." is showed at the top of the screen (green background) and no configuration is detected. The agent.log file shows: *************************************************** 2014-09-29 12:01:01,613 WARN [InventoryManager.discovery-1] (rhq.core.pc.inventory.InventoryManager)- Failure during discovery for [Directory] Resources - failed after 15 ms. java.lang.Exception: Discovery component invocation failed. at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:309) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) Caused by: java.lang.UnsatisfiedLinkError: /tmp/jna6853304923111682447.tmp: /tmp/jna6853304923111682447.tmp: failed to map segment from shared object: Operation not permitted at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1957) at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1882) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1843) at java.lang.Runtime.load0(Runtime.java:795) at java.lang.System.load(System.java:1061) at com.sun.jna.Native.loadNativeLibraryFromJar(Native.java:757) at com.sun.jna.Native.loadNativeLibrary(Native.java:681) at com.sun.jna.Native.<clinit>(Native.java:109) at net.augeas.jna.Aug.<clinit>(Unknown Source) at net.augeas.Augeas.<init>(Unknown Source) at net.augeas.Augeas.<init>(Unknown Source) at org.rhq.plugins.apache.ApacheServerComponent.isAugeasEnabled(ApacheServerComponent.java:1068) at org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.isAugeasEnabled(ApacheVirtualHostServiceComponent.java:666) at org.rhq.plugins.apache.ApacheDirectoryDiscoveryComponent.discoverResources(ApacheDirectoryDiscoveryComponent.java:64) at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:305) ... 5 more 2014-09-29 12:01:01,615 WARN [InventoryManager.discovery-1] (rhq.core.pc.inventory.InventoryManager)- Failure during discovery for [IfModule] Resources - failed after 0 ms. java.lang.Exception: Discovery component invocation failed. at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:309) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:724) Caused by: java.lang.NoClassDefFoundError: Could not initialize class net.augeas.jna.Aug at net.augeas.Augeas.<init>(Unknown Source) at net.augeas.Augeas.<init>(Unknown Source) at org.rhq.plugins.apache.ApacheServerComponent.isAugeasEnabled(ApacheServerComponent.java:1068) at org.rhq.plugins.apache.ApacheVirtualHostServiceComponent.isAugeasEnabled(ApacheVirtualHostServiceComponent.java:666) at org.rhq.plugins.apache.ApacheIfModuleDiscoveryComponent.discoverResources(ApacheIfModuleDiscoveryComponent.java:53) at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.rhq.core.pc.util.DiscoveryComponentProxyFactory$ComponentInvocationThread.call(DiscoveryComponentProxyFactory.java:305) ... 5 more *************************************************** Expected results: No error is logged and configuration is properly discovered.

      as reported by bkramer@redhat.com
      https://bugzilla.redhat.com/show_bug.cgi?id=1147484

      Description of problem:
      Apache configuration cannot be retrieved in case when Augeas is enabled but /tmp folder has "no exec" permissions

      Version-Release number of selected component (if applicable):
      JBoss ON 3.2.3

      blocks: https://bugzilla.redhat.com/show_bug.cgi?id=1147485

            mgottbur Michael Gottburg (Inactive)
            dknox_jira David Knox (Inactive)
            John Doyle, Larry O'Leary, Mark Yarborough, Michael Foley (Inactive)
            Jan Štefl Jan Štefl
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: