ICDx installs but some services fail to start

book

Article ID: 208178

calendar_today

Updated On:

Products

ICDx Integrated Cyber Defense Exchange

Issue/Introduction

Following the installation or upgrade of Integrated Cyber Defense Exchange (ICDx), one or more required services fail to start:

[[email protected] icdx-installer-1.4.2-764]# ./installer install
Symantec Integrated Cyber Defense Exchange, version 1.4.2-764
Copyright (c) 2021 Broadcom. All Rights Reserved.
...
INFO [2021-02-08 10:31:24]   Installing RabbitMQ ...
INFO [2021-02-08 10:32:01] Restarting rabbitmq-server.service
ERROR[2021-02-08 10:32:01] Job for rabbitmq-server.service failed because the control process exited with error code. See "systemctl status rabbitmq-server.service" and "journalctl -xe" for details.
ERROR[2021-02-08 10:32:01] RabbitMQ install failed
ERROR[2021-02-08 10:32:01] exit status 1

The messages log shows that one or more services are getting permission denied for required files or directories:

Feb  8 14:30:09 icdx systemd: rabbitmq-server.service holdoff time over, scheduling restart.
Feb  8 14:30:09 icdx systemd: Stopped RabbitMQ broker.
Feb  8 14:30:09 icdx systemd: Starting RabbitMQ broker...
Feb  8 14:30:09 icdx rabbitmq-server: /usr/lib/rabbitmq/bin/rabbitmq-env: line 121: /etc/rabbitmq/rabbitmq-env.conf: Permission denied
Feb  8 14:30:09 icdx systemd: rabbitmq-server.service: main process exited, code=exited, status=1/FAILURE
Feb  8 14:30:09 icdx systemd: Failed to start RabbitMQ broker.
Feb  8 14:30:09 icdx systemd: Unit rabbitmq-server.service entered failed state.
Feb  8 14:30:09 icdx systemd: rabbitmq-server.service failed.

Cause

The installation process required the umask set to be set to '0022' in order for the installed files to have the correct permission. A more restrictive umask will cause the installed ICDx files and directories to be unreadable by the nginx and rabbitmq service accounts.

Environment

Release : 1.4

Component : nginx, rabbitmq

Resolution

This issue can be resolved as follows:

  1. Run the `umask` command and confirm that the result is not the required '0022' value 
    [[email protected]]# umask
    0077
  2. Uninstall the existing ICDx software 
    [[email protected]]# ./installer remove -force -clean
  3. Set the umask  
    [[email protected]]# umask 0022
  4. Re-run the ICDx installer 
    [[email protected]]# ./installer install
Powered by Wolken Software