Cribl Stream Worker on RHEL with SELinux

JH Liew · June 7

Hi, have anyone successfully deployed Cribl on RHEL based host that comes with SELinux enabled?

While I have managed to get Cribl manually run, I've hit into issues when trying to enable Cribl on boot as a service. Looking at the entries from "journal -xe", it's throwing up errors to do with SELinux denying the processs because of cribl.pid file unlinking permission.

After running the suggested actions as interim fix for SELinux, systemd were able to launch Cribl process but only to see that it fail right after, with slightly different message about "protocol failure" which doesn't give much of a clue what went wrong.

JH Liew · June 11

SELinux is preventing systemd from unlink access on the file cribl.pid.

***** Plugin catchall_labels (83.8 confidence) suggests *******************

If you want to allow systemd to have unlink access on the cribl.pid file
Then you need to change the label on cribl.pid
Do
semanage fcontext -a -t FILE_TYPE 'cribl.pid'
where FILE_TYPE is one of the following: ......
Then execute:
restorecon -v 'cribl.pid'

***** Plugin catchall (17.1 confidence) suggests **************************

If you believe that systemd should be allowed unlink access on the cribl.pid file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
ausearch -c 'systemd' --raw | audit2allow -M my-systemd
semodule -X 300 -i my-systemd.pp

Above was the original message seen. After applying all the suggested command, the error turned into this:

Jun 11 16:56:11 <hostname> systemd[1]: Starting Systemd service file for Cribl Stream.... -- Subject: Unit cribl.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support

-- Unit cribl.service has begun starting up.

Jun 11 16:56:14 <hostname> cribl[4374]: Starting...

Jun 11 16:56:17 <hostname> cribl[4374]: .......

Jun 11 16:56:17 <hostname>1 cribl[4374]: Cribl started

Jun 11 16:56:17 <hostname> cribl[4374]: Address: http://<host ip address>:9000

Jun 11 16:56:17 <hostname> cribl[4374]: Mode: worker

Jun 11 16:56:17 <hostname> cribl[4374]: Status: Up

Jun 11 16:56:17 <hostname> cribl[4374]: Software Version: 4.6.1-aafa694f

Jun 11 16:56:17 <hostname> cribl[4374]: Master: <leader ip address>:4200

Jun 11 16:56:17 <hostname> cribl[4374]: PID: 4387

Jun 11 16:56:17 <hostname> cribl[4374]: GUID: 37e85857-aa53-4997-ad80-2bf7a1f879a2

Jun 11 16:56:17 <hostname> systemd[1]: cribl.service: New main PID 4387 does not exist or is a zombie.

Jun 11 16:56:17 <hostname> systemd[1]: cribl.service: Failed with result 'protocol'.

-- Subject: Unit failed -- Defined-By: systemd

-- Support: https://access.redhat.com/support

-- The unit cribl.service has entered the 'failed' state with result 'protocol'.

Jun 11 16:56:17 <hostname> systemd[1]: Failed to start Systemd service file for Cribl Stream.. -- Subject: Unit cribl.service has failed

-- Defined-By: systemd

-- Support: https://access.redhat.com/support

-- Unit cribl.service has failed.

JH Liew · June 11

Appreciate if someone has a good knowledge on RHEL Linux on how to go about resolving this. Thanks!

nthusiast · June 14

SELinux Install.pdf

Let me know if this helps. Whenever I see SELinux I follow these steps for install

JH Liew · June 21

Thanks - I actually managed to resolve the problem.

It was related to a permission issue that was missed on one other folder that Cribl need access to

/tmp/cribl_stream

Cribl Stream Worker on RHEL with SELinux

Comments

Categories