XCOM for Linux install errors due to /tmp directory restrictions
search cancel

XCOM for Linux install errors due to /tmp directory restrictions

book

Article ID: 272693

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Linux PC

Issue/Introduction

XCOM for Linux 12.0 installation failures due to /tmp directory restrictions.
This was first reported under RHEL 8 based Amazon AWS AMI, but has since been reported on RHEL 9 under various environments

Findings so far:

1) Disabling SELinux does not help.

2) After the installation, there is no directory /opt/CA/SharedComponents, just /opt/CA/XCOM  and hence, the secure transfer fails due to missing CAPKI. 

3) The makelinks.sh fails during installation, so no symbolic links under /usr/ or /sbin or /bin

4) Even though xinetd is installed and started, the installer fails to detect it. 

5) Installer fails to detect the Glibc version, ldd version as well.


Installer log file details from directory /opt/CA/XCOM/Uninstaller/Logs:

1. Install log file 'CA_XCOM_Data_Transport_r12.0_SP00_(64-bit)_Install_*.log' shows 12 NonFatalErrors. Relevant extracts:
*****
Execute Script/Batch file:   Remove Log file
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   check ldd version
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script
...

Custom Action:            com.ca.xcom.installer.common.CheckGlibcVersion
                          Status: ERROR
                          Additional Notes: ERROR -     class com.ca.xcom.installer.common.CheckGlibcVersion.install() runtime exception:

Execute Script/Batch file:   Get redhat release
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script
...

Execute Script/Batch file:   Check if XCOM shared memory is still in use (Linux/AIX)
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   Get realpath of java version
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   check for xinetd service
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   Create Links
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   Install CA ETPKI
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   Set Permissions
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

...

Execute Script/Batch file:   Grant 777 permission on Log File 
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script

Execute Script/Batch file:   Grant 666 permission on history.inserts
                          Status: ERROR
                          Additional Notes: ERROR - Error while attempting to execute the installation script
*****


2. Install log file xcominstaller.log seems to confirm most of the above:
*****
{08/24/2023-13:26:11}Glibc version is 

{08/24/2023-13:26:12}Detected Redhat Enterprise Linux version is 

{08/24/2023-13:26:12}XCOM Shared Memory is not in use.

...

{08/24/2023-13:26:13}Realpath of Chosen Java:  , Error if any:, RC from realpath command: -1

...

{08/24/2023-13:26:13}XINETD package not found in RPM database.  Please make sure XINETD service is installed and running to function XCOM properly

...

{08/24/2023-13:26:17}makelinks script exited with return code -1.  Refer to /opt/CA/XCOM/makelinks.log file for details.

{08/24/2023-13:26:18}CAPKI Installation failed with exit code -1

...

{08/24/2023-13:26:21}======================================== Starting Post Install phase =========================================

{08/24/2023-13:26:21}updated global parameters successfully

{08/24/2023-13:26:21}updated global parameters successfully

{08/24/2023-13:26:21}New Group xcomadm created successfully

{08/24/2023-13:26:21}configssl.cnf updated successfully

{08/24/2023-13:26:22}file permissions updated successfully

{08/24/2023-13:26:22}=======================================================

{08/24/2023-13:26:22}Summary of intermittent Warnings from installer actions

{08/24/2023-13:26:22}No Success return code on ETPKI Install action. Failed with return code:-1

{08/24/2023-13:26:22}No Success return code on MakeLinks script execution. Failed with return code:-1

{08/24/2023-13:26:22}XINETD package not found in RPM database. Please make sure XINETD service is installed and running to function XCOM properly.

...

*****

Cause

The root cause of the installation issues was that /tmp did not have permission to execute (it was mounted with noexec). 

Resolution

It was not possible to mount /tmp with exec due to security/hardening.
Therefore used the environment variable IATEMPDIR to set the temporary directory to an alternate location after which the installation was successful.

Additional Information

Having SELinux in Enforcing mode can also cause /tmp directory restrictions and using IATEMPDIR can also be used as a workaround.

Powered by Wolken Software