Delphix os user privilege settings for creating VDB (on AWS)

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved

Hi,

when trying to provision the first VDB(Oracle) I got the following error

**********************
ERROR_CODE=8

ERROR : User "delphix" can not mount file systems on the host

ERROR : Details : Trying "mount" using dlpx_mount - mount: mount to NFS server '<IP address>' failed: System Error: Connection timed out.;

ERROR : Could not verify umount privilege for user "delphix"
**********************

And hostChecker(chkHost.pl ) says

**********************
Enter option code: 6

Please enter path for intended mount point: /mnt/provision

Please enter Delphix Engine IP address
or press <Enter> to skip testing mount/umount privileges: <IP address>
Step 1: NFS client services validated.
umount: /mnt/provision/delphix.test: not mounted
umount: /mnt/provision/delphix.test is not mounted (according to mtab)
Step 2: Failed to umount <IP address>:/public from /mnt/provision/delphix.test. Please make sure OS user delphix has sudo privilege to umount.
**********************

So I tried following command and got message.

**********************
# mount -t nfs  <IP address>:/public /mnt/provision
mount: only root can do that
**********************

Although I confirmed following sudoer settings and run source command (and reboot it)
I can't still mount directory for provisioning.

Sudoer(edit by visudo command and run source command)
**********************
Defaults:delphix !requiretty
delphix ALL=NOPASSWD: /bin/mount, /bin/umount, /bin/mkdir, /bin/rmdir, /bin/ps
**********************

Directory Permission
**********************
# cd /mnt/provision/
# ll
total 4
drwxr-xr-x 2 delphix oinstall 4096 Jun  8 10:09 delphix.test

**********************

TCP/UDP Port 2049 is allocated on both the delphix Engine and the Target Host.


Any ideas?
regards,
Anegawa

Photo of Chika A

Chika A

  • 110 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Tim Gorman

Tim Gorman, Field Services

  • 2,824 Points 2k badge 2x thumb
What is the output from the command "which mount" and "/bin/umount"?

You've granted "sudo" permission these commands within the "/bin" directory, but what if the PATH environment variable is set with another directory prior to "/bin"?

Also, see what happens if you re-run from the command-line explicitly specifying "/bin/mount"?
Photo of Tom Southerland

Tom Southerland

  • 230 Points 100 badge 2x thumb
Would you provide the output from the following commands on the target?

showmount -e IP_ADDRESS_OF_THE_DELPHIX_ENGINE

sudo -l

sudo /bin/mount IP_ADDRESS_OF_THE_DELPHIX_ENGINE:/public /mnt/provision
(Edited)
Photo of Chika A

Chika A

  • 110 Points 100 badge 2x thumb

Thank you Tim,Tom
I tried some commands you pointed out and got port mapper failure.

Please check Following messages and  give advice to me.

********************
su delphix
sudo -l
Matching Defaults entries for delphix on this host:
    !visiblepw, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
    KDEDIR LS_COLORS MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE
    LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME
    LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS
    _XKB_CHARSET XAUTHORITY", !requiretty

Runas and Command-specific defaults for delphix:


User delphix may run the following commands on this host:
    (root) NOPASSWD: /bin/mount, (root) /bin/umount, (root) /bin/mkdir, (root)
    /bin/rmdir, (root) /bin/ps

********************

showmount -e <IP_ADDRESS_OF_THE_DELPHIX_ENGINE>
mount clntudp_create: RPC: Port mapper failure - RPC: Timed out

********************

sudo /bin/mount <IP_ADDRESS_OF_THE_DELPHIX_ENGINE>:/public /mnt/provision
mount: mount to NFS server '<IP_ADDRESS_OF_THE_DELPHIX_ENGINE>' failed: System Error: Connection timed out.

********************

nmap -sT -P0 <IP_ADDRESS_OF_THE_DELPHIX_ENGINE>

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2015-06-09 16:43 JST
Interesting ports on <HOSTNAME_OF_THE_DELPHIX_ENGINE> (<IP_ADDRESS_OF_THE_DELPHIX_ENGINE>):
Not shown: 1677 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
2049/tcp open  nfs

Nmap finished: 1 IP address (1 host up) scanned in 33.490 seconds

*******************

Error message at provisioning VDB with Delphix Engine
*******************
environment.validate: Encounter error in expect output:  for user "delphix" (Hit return if no password is needed) :

#####DELPHIX_START_DATA#####

REQUIRED.BACKDOOR_USED=no

REQUIRED.CURRENT_USER=delphix

REQUIRED.ORACLE_HOME_EXISTS=yes

REQUIRED.USER_HAS_PERMISSION=yes

REQUIRED.USER_CAN_MOUNT=no

REQUIRED.USER_CAN_UNMOUNT=no

REQUIRED.USER_CAN_CD_MOUNT_BASE=yes

REQUIRED.USER_CAN_MKDIR=yes

REQUIRED.USER_CAN_RMDIR=yes

REQUIRED.SID_IN_USE=no

RECOMMENDED.ULIMITS_MET=yes

#####DELPHIX_END_DATA#####

#####DELPHIX_START_ERROR#####

ERROR_CODE=5

ERROR : User "delphix" can not mount file systems on the host

ERROR : Details : Trying "mount" using dlpx_mount - mount: mount to NFS server '<IP_ADDRESS_OF_THE_DELPHIX_ENGINE>' failed: System Error: Connection timed out.;

ERROR : Could not verify umount privilege for user "delphix"

#####DELPHIX_END_ERROR#####

*******************


Thank you,
Chika

Photo of Tom Southerland

Tom Southerland

  • 230 Points 100 badge 2x thumb
Chika,

The error observed from 'showmount -e' hints that we're unable to contact the portmapper which listens on network port 111. You might want to review the network port requirements found in our documentation, Network and Connectivity Requirements for Oracle Environments.

Cheers,

Tom
Photo of Chika A

Chika A

  • 110 Points 100 badge 2x thumb
Thank you Tom,

I added some network port to the Target Host and could run 'MOUNT' command with command line.
Result of running hostchecker is all OK.(Oracle Listener is also running)
But at creating VDB with delphix Engine I also recieved following error...

At beginning of creating VDB action



After creating VDB action


Do you think this error is also caused by port problem?

Chika
Photo of Tom Southerland

Tom Southerland

  • 230 Points 100 badge 2x thumb
Chika,

Depending on the umask used, the permissions on /mnt/provision may be too restrictive to allow the environment user access. Could you check /mnt/provision and ensure it has read and execute permissions (sudo chmod a+rx /mnt/provision)?

You may also need to modify any firewall configurations to allow us to connect to the listener as I suspect that is causing the connection error.

Cheers,

Tom
Photo of Chika A

Chika A

  • 110 Points 100 badge 2x thumb

Thank you Tom,

I checked that selinux and iptables are disabled.
And permission for mount directory is following.

$ ls -la| grep mnt
drwxrwxrwx   3 delphix  oinstall    4096 Jun 11 19:28 mnt
$ cd mnt
$ ll
total 4
drwxrwxrwx 26 delphix oinstall 4096 Jun 11 19:27 provision


There are directories with VDB name In the directory /mnt/provision ,
but they seems to have no files.
ls -la /mnt/provision/Vjoh_FAB/
total 8
drwxr-xr-x  2 delphix oinstall 4096 Jun 10 13:19 .
drwxrwxrwx 26 delphix oinstall 4096 Jun 11 19:27 ..

Is this no problem? Or must be some file exist?

Thank you,

Chika

Photo of Raji Sabbagh

Raji Sabbagh, Cast Member

  • 120 Points 100 badge 2x thumb
Hi Chika, 

Reading through this thread a couple of things come to mind.

1. Check and make sure that NFS services are running on the Target Instance
2. Check your security groups and make sure that the Delphix Engine can communicate on TCP/111 to the Target Instance.

Hope that helps
(Edited)
Photo of Chika A

Chika A

  • 110 Points 100 badge 2x thumb

Thank you Sabbagh,

I checked your points and they have no problem.

After my previous comment I received other support from Delphix and resolved my Delphix problem.

Mount Error was caused by EIP settings to the Target Host and used public IP address.

I edited those settings and it worked finally.

Thank you for your helping.

Chika