Following the installation or upgrade of Integrated Cyber Defense Exchange (ICDx), one or more required services fail to start:
[[email protected] icdx-installer-1.4.2-764]# ./installer install
Symantec Integrated Cyber Defense Exchange, version 1.4.2-764
Copyright (c) 2021 Broadcom. All Rights Reserved.
...
INFO [2021-02-08 10:31:24] Installing RabbitMQ ...
INFO [2021-02-08 10:32:01] Restarting rabbitmq-server.service
ERROR[2021-02-08 10:32:01] Job for rabbitmq-server.service failed because the control process exited with error code. See "systemctl status rabbitmq-server.service" and "journalctl -xe" for details.
ERROR[2021-02-08 10:32:01] RabbitMQ install failed
ERROR[2021-02-08 10:32:01] exit status 1
The messages log shows that one or more services are getting permission denied for required files or directories:
Feb 8 14:30:09 icdx systemd: rabbitmq-server.service holdoff time over, scheduling restart.
Feb 8 14:30:09 icdx systemd: Stopped RabbitMQ broker.
Feb 8 14:30:09 icdx systemd: Starting RabbitMQ broker...
Feb 8 14:30:09 icdx rabbitmq-server: /usr/lib/rabbitmq/bin/rabbitmq-env: line 121: /etc/rabbitmq/rabbitmq-env.conf: Permission denied
Feb 8 14:30:09 icdx systemd: rabbitmq-server.service: main process exited, code=exited, status=1/FAILURE
Feb 8 14:30:09 icdx systemd: Failed to start RabbitMQ broker.
Feb 8 14:30:09 icdx systemd: Unit rabbitmq-server.service entered failed state.
Feb 8 14:30:09 icdx systemd: rabbitmq-server.service failed.
The installation process required the umask set to be set to '0022' in order for the installed files to have the correct permission. A more restrictive umask will cause the installed ICDx files and directories to be unreadable by the nginx and rabbitmq service accounts.
Release : 1.4
Component : nginx, rabbitmq
This issue can be resolved as follows:
[[email protected]]# umask
0077
[[email protected]]# ./installer remove -force -clean
[[email protected]]# umask 0022
[[email protected]]# ./installer install