Solved

I couldn't install Commserve on Linux

  • 27 October 2021
  • 44 replies
  • 877 views

Userlevel 2
Badge +7

Hi,

I saw Commvault bring Commserve Linux feature in Feature Release 25. So i wanted to test it. I created Linux package as described here;

https://documentation.commvault.com/11.25/expert/2696_downloading_software_for_unix_linux_and_macintosh_computers_using_download_manager.html

I installed fresh RHEL 8.3. I’m trying to setup as described here;

https://documentation.commvault.com/11.25/expert/132361_installing_commserve_server_in_linux_environment.html

In my screen i don’t see Create a new CommCell Group option. My screen;

 

Could you help me for this issue. Thank you.

icon

Best answer by Carl Manzi 2 December 2021, 01:26

View original

44 replies

Userlevel 5
Badge +11

This is the software kit needed (it should show 11.25.6)

Store (commvault.com)

 

I’m in active communication with Mike. 

Userlevel 5
Badge +11

Hi,

I saw Commvault bring Commserve Linux feature in Feature Release 25. So i wanted to test it. I created Linux package as described here;

https://documentation.commvault.com/11.25/expert/2696_downloading_software_for_unix_linux_and_macintosh_computers_using_download_manager.html

I installed fresh RHEL 8.3. I’m trying to setup as described here;

https://documentation.commvault.com/11.25/expert/132361_installing_commserve_server_in_linux_environment.html

In my screen i don’t see Create a new CommCell Group option. My screen;

 

Could you help me for this issue. Thank you.

 

Please reach out to me directly: mfasulo@commvault.com

Userlevel 2
Badge +7

Hi,

I downloaded “11.25 Linux MediaKit (Early Release)” again and I can see Commserve option now.

Thank you @MFasulo  @Mike Struening  

I’m going to try install Commserve.

Userlevel 2
Badge +7

Hi,

Installation is done.

 

FYI @MFasulo @Mike Struening 

Userlevel 7
Badge +23

@ibrahimemrekaya , are you sure you downloaded the right package?

I’m going to verify, though I believe this is what you need:

https://cloud.commvault.com/webconsole/softwarestore/#!/130/725/21137

I spoke to the great @MFasulo who advised that he can help you directly.

Userlevel 5
Badge +11

 

Have got this installed on Centos 8.4 as well after a strange problem with Commvault not being able to run any services. /var/log/message showed permission errors and mentioned “re-labelling” so I ran “touch /.autorelabel” and rebooted and CV services came online after the boot.

 

When you did the install did you leave the default permission set?  

 

 

Userlevel 1
Badge +3

@Mike London UK, could you try one more thing?

 

Revert to snapshot again and then run restorecon on the directories:

restorecon -Rv /opt/commvault /cvlt

Now retry install and see if it behaves correctly.

Userlevel 1
Badge +3

Thanks @Mike London UK. I’ll be putting together a KB article for this.

I believe the cause here is the creation of the filesystems for Commvault. By default they have the unlabeled_t type which prevented systemd from interacting with their contents, among other problems most likely.

New directories automatically inherit the SELinux context of their parent, but that doesn’t apply to mount points. We saw in /etc/selinux/targeted/contexts/files/file_contexts that everything under /opt would get context system_u:object_r:usr_t:s0, but that needs to be applied with restorecon.

Userlevel 2
Badge +7

Hi, 

 

It probably won’t help much, but I works in my lab

I’m running on CentOS

CentOS Linux release 7.7.1908 (Core)

my unpacked install package is 7G in size

7.0G    /opt/media/Unix/

 

Hi @Robert Horowski ,

Did you install any additional package on CentOS?

Also how did you create your Commvault package? I selected only linux_x8664 and full media kit.

Thank you.

Userlevel 2
Badge +8

Have got this installed on Centos 8.4 as well after a strange problem with Commvault not being able to run any services. /var/log/message showed permission errors and mentioned “re-labelling” so I ran “touch /.autorelabel” and rebooted and CV services came online after the boot.

Userlevel 2
Badge +7

Hi @MFasulo,

I sent email to you. Thank you.

Userlevel 2
Badge +8

I don’t recall seeing that screen but I would have just taken the defaults if it was displayed. I’ll re-run the installer and let you know.

Userlevel 3
Badge +9

Hi @ibrahimemrekaya

From what I can see in history I’ve only installed lvm packages

cat ~/.bash_history | grep "yum"
sudo yum install lvm
sudo yum install lvm2
yum install open-vmtools
yum install open-vm-tools
yum install open-vm-tools
yum
yum info
yum info glibc

 

so nothing fancy.

 

I’ve also downloaded only linux_x8664 and full media kit.

My media was created 19-OCT so I tried to create fresh media today and run the installer on the same system as before and Commserve is gone.

 

Although please note that this time it is 11.25.6 as 11.25.2 was not available for download anymore.

 

So maybe there is something wrong with media creator.

 

Userlevel 2
Badge +8

@MFasulo I’ve just re-run the install with the same result, “re-label” the system and then Commvault starts. There was no prompt for permissions, maybe not displayed with my install options. I chose 

  1. Create new CommCell
  2. All in one
  3. /opt for install directory
  4. /cvlt/ic for index cache
  5. /cvlt for web cache, database installation path (/cvlt/commvaultDB is a mounted file system) and disaster recovery path

Happy to share doc with screenshots and other info you’re interested. Is here the best place for that or somewhere separate.?

Userlevel 2
Badge +8

Thanks, my installer just reports 11.25.0 (from Store) but I get exactly the same as you are now. @Mike Struening is the any chance of getting someone to validate the install image?

Userlevel 5
Badge +11

@MFasulo I’ve just re-run the install with the same result, “re-label” the system and then Commvault starts. There was no prompt for permissions, maybe not displayed with my install options. I chose 

  1. Create new CommCell
  2. All in one
  3. /opt for install directory
  4. /cvlt/ic for index cache
  5. /cvlt for web cache, database installation path (/cvlt/commvaultDB is a mounted file system) and disaster recovery path

Happy to share doc with screenshots and other info you’re interested. Is here the best place for that or somewhere separate.?

 

Email me your document, I will take a peek.   You said this didnt happen on 7.x correct, only 8.4?

Userlevel 1
Badge +3

Hi @Mike London UK ,

Could you run sestatus and share the output?

Userlevel 7
Badge +23

I’m sure we can do that.

@MFasulo , I’ll reach out to our cloud team, though knowing you, you’ll likely have some advice/insight.

Userlevel 5
Badge +11

8.4 is unsupported.   If anyone is looking to test this beyond basic lab tests, please reach out to me  mfasulo@commvault.com

Userlevel 2
Badge +8

I’ll rebuild at 8.3 whilst we get that image checked out, thanks.

Userlevel 2
Badge +8

@Carl Manzi here’s the output:

[root@lnxcs02 Desktop]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
[root@lnxcs02 Desktop]# 
Hope that helps.

Userlevel 5
Badge +11

I’ll rebuild at 8.3 whilst we get that image checked out, thanks.

 

Ok keep me posted, I’m not sure 8.3 was tested.

Userlevel 1
Badge +3

Thanks @Mike London UK. These look like RHEL defaults so no concerns there.

After install but before you relabel, can you run the following command to see what sort of denials are occurring?

ausearch -ts recent -m avc -i

Userlevel 2
Badge +8

@Carl Manzi  the output is:

----
type=AVC msg=audit(29/11/21 16:28:15.046:320) : avc:  denied  { read } for  pid=1 comm=systemd name=Base dev="dm-2" ino=4136693 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=lnk_file permissive=0
----
type=PROCTITLE msg=audit(29/11/21 16:28:15.047:321) : proctitle=(Galaxy)
type=SYSCALL msg=audit(29/11/21 16:28:15.047:321) : arch=x86_64 syscall=execve success=no exit=EACCES(Permission denied) a0=0x5568d21bd2c0 a1=0x5568d1ff2bd0 a2=0x5568d1ff0450 a3=0x7f7b37559bc0 items=0 ppid=1 pid=17655 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=(Galaxy) exe=/usr/lib/systemd/systemd subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(29/11/21 16:28:15.047:321) : avc:  denied  { read } for  pid=17655 comm=(Galaxy) name=Base dev="dm-2" ino=4136693 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=lnk_file permissive=0
 

Userlevel 1
Badge +3

@Mike London UK 

 

Let’s see if we can get more detail. Try running the following to see SELinux denial entries in the system journal:

journalctl -g 'SELinux is preventing'

There will probably be a number of entries but look for those that appear toward the bottom, around 16:28 server time. Part of those messages should include something like this which we can run to get a detailed report of the issue:

For complete SELinux messages run: sealert -l 97a1c0df-81ed-4c08-ba27-41c5067b713b

 

Run those sealert commands as shown on your system -- they will have a different GUID than shown above -- and let’s see what they tell us.

Reply