We have updated our Terms of Service, Code of Conduct, and Addendum.

Cribl Stream Worker on RHEL with SELinux

Options
JH Liew
JH Liew Posts: 10
edited June 7 in Stream

Hi, have anyone successfully deployed Cribl on RHEL based host that comes with SELinux enabled?

While I have managed to get Cribl manually run, I've hit into issues when trying to enable Cribl on boot as a service. Looking at the entries from "journal -xe", it's throwing up errors to do with SELinux denying the processs because of cribl.pid file unlinking permission.

After running the suggested actions as interim fix for SELinux, systemd were able to launch Cribl process but only to see that it fail right after, with slightly different message about "protocol failure" which doesn't give much of a clue what went wrong.

Comments

  • JH Liew
    JH Liew Posts: 10
    edited June 11
    Options

    SELinux is preventing systemd from unlink access on the file cribl.pid.

    ***** Plugin catchall_labels (83.8 confidence) suggests *******************

    If you want to allow systemd to have unlink access on the cribl.pid file
    Then you need to change the label on cribl.pid
    Do
    semanage fcontext -a -t FILE_TYPE 'cribl.pid'
    where FILE_TYPE is one of the following: ......
    Then execute:
    restorecon -v 'cribl.pid'

    ***** Plugin catchall (17.1 confidence) suggests **************************

    If you believe that systemd should be allowed unlink access on the cribl.pid file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    ausearch -c 'systemd' --raw | audit2allow -M my-systemd
    semodule -X 300 -i my-systemd.pp


    Above was the original message seen. After applying all the suggested command, the error turned into this:

    Jun 11 16:56:11 <hostname> systemd[1]: Starting Systemd service file for Cribl Stream....
    -- Subject: Unit cribl.service has begun start-up
    -- Defined-By: systemd
    -- Support: https://access.redhat.com/support

    -- Unit cribl.service has begun starting up.

    Jun 11 16:56:14 <hostname> cribl[4374]: Starting...

    Jun 11 16:56:17 <hostname> cribl[4374]: .......

    Jun 11 16:56:17 <hostname>1 cribl[4374]: Cribl started

    Jun 11 16:56:17 <hostname> cribl[4374]: Address: http://<host ip address>:9000

    Jun 11 16:56:17 <hostname> cribl[4374]: Mode: worker

    Jun 11 16:56:17 <hostname> cribl[4374]: Status: Up

    Jun 11 16:56:17 <hostname> cribl[4374]: Software Version: 4.6.1-aafa694f

    Jun 11 16:56:17 <hostname> cribl[4374]: Master: <leader ip address>:4200

    Jun 11 16:56:17 <hostname> cribl[4374]: PID: 4387

    Jun 11 16:56:17 <hostname> cribl[4374]: GUID: 37e85857-aa53-4997-ad80-2bf7a1f879a2

    Jun 11 16:56:17 <hostname> systemd[1]: cribl.service: New main PID 4387 does not exist or is a zombie.

    Jun 11 16:56:17 <hostname> systemd[1]: cribl.service: Failed with result 'protocol'.

    -- Subject: Unit failed
    -- Defined-By: systemd

    -- Support: https://access.redhat.com/support

    -- The unit cribl.service has entered the 'failed' state with result 'protocol'.

    Jun 11 16:56:17 <hostname> systemd[1]: Failed to start Systemd service file for Cribl Stream..
    -- Subject: Unit cribl.service has failed

    -- Defined-By: systemd

    -- Support: https://access.redhat.com/support

    -- Unit cribl.service has failed.

  • JH Liew
    JH Liew Posts: 10
    Options

    Appreciate if someone has a good knowledge on RHEL Linux on how to go about resolving this. Thanks!

  • nthusiast
    nthusiast Posts: 6
    Options

    Let me know if this helps. Whenever I see SELinux I follow these steps for install

  • JH Liew
    JH Liew Posts: 10
    Options

    Thanks - I actually managed to resolve the problem.

    It was related to a permission issue that was missed on one other folder that Cribl need access to

    /tmp/cribl_stream