I am trying to do an install of Gateway 11.1 on RHEL 9 and then upgrade to 11.1.1
I have Gateway 11.1 installed and it runs but only with selinux in permissive enforcing state.
After the gateway starts I can set selinux to enforcing and the gateway will stay running.
However with selinux in enforcing mode I cannot successfully restart the gateway.
When I installed the packages I had some issues with ssg and GPG keys. I disabled the rpm install gpg key check with --nogpgcheck could this be the issue?
Do you have the GPG key for the 11.1 RPM install?
Any ideas how to get SSG to start and run with selinux in enforcing mode?
Helpful info:
When ssg fails to start with selinux in enforcing I get the following logs.
journalctl -xeu ssg.service reports a dozen lines of this and then fails to start. (same entries in systemctl status ssg)
Aug 20 07:59:23 devrhel9ssg011lsat.foo.com systemd[1]: Starting Service to run CA Gateway...
░░ Subject: A start job for unit ssg.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ A start job for unit ssg.service has begun execution.
░░ The job identifier is 1057766.
Aug 20 07:59:23 devrhel9ssg011lsat.foo.com bash[3514419]: Starting Process Controller...
Aug 20 07:59:23 devrhel9ssg011lsat.foo.com bash[3514496]: Starting Gateway Services: done.
Aug 20 07:59:23 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:23 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:27 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:27 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:39 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:39 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:39 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:39 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:50 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:50 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:56 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 07:59:56 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Can't convert PID files /opt/SecureSpan/Gateway/node/default/var/ssg.pid O_PATH file descriptor to proper file descriptor: Permission de>
Aug 20 08:00:53 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: start operation timed out. Terminating.
Aug 20 08:00:53 devrhel9ssg011lsat.foo.com systemd[1]: ssg.service: Failed with result 'timeout'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░ The unit ssg.service has entered the 'failed' state with result 'timeout'.
Aug 20 08:00:53 devrhel9ssg011lsat.foo.com systemd[1]: Failed to start Service to run CA Gateway.
And in ssg_0_0.log
2024-08-20T07:59:57.891-0500 INFO 73 com.l7tech.server.util.UptimeMonitor: Using uptime executable: /usr/bin/uptime
2024-08-20T07:59:57.891-0500 INFO 156 com.l7tech.server.util.UptimeMonitor: Uptime monitor thread is starting
2024-08-20T08:00:53.093-0500 INFO 109 com.l7tech.util.ShutdownExceptionHandler: Received shutdown notification.
2024-08-20T08:00:53.098-0500 WARNING 86 com.hazelcast.instance.impl.Node: [xxx.xxx.xxx.xxx]:8777 [gateway] [5.2.1] Terminating forcefully...
2024-08-20T08:00:53.099-0500 INFO 1 com.l7tech.server.boot.GatewayBoot: Starting shutdown.
2024-08-20T08:00:53.100-0500 INFO 1 com.l7tech.server.siteminder.SiteMinderConfigurationManagerImpl: Stopping SiteMinder management task
2024-08-20T08:00:53.113-0500 INFO 1 com.l7tech.util.Background: Cancelling background task 'com.l7tech.server.telemetry.TelemetryTask@6b24b72' (com.l7tech.server.telemetry.TelemetryTask)
2024-08-20T08:00:53.114-0500 INFO 1 com.l7tech.server.BootProcess: Stopping server components
2024-08-20T08:00:53.115-0500 INFO 1 com.l7tech.server.BootProcess: Stopping discovered component HTTP Transport Module
2024-08-20T08:00:53.116-0500 INFO 1 com.l7tech.server.transport.http.HttpTransportModule: 2401: Stopping HTTP listener: Default HTTP (8080) (#667de99aaa78e2ba04baca0ae8d0cd8c,v0) on port 8080
2024-08-20T08:00:53.116-0500 INFO 1 com.l7tech.server: Listener state changed
2024-08-20T08:00:53.136-0500 INFO 1 com.l7tech.server.transport.http.HttpTransportModule: 2401: Stopping HTTPS listener: Default HTTPS (9443) (#667de99aaa78e2ba04baca0ae8d0cd89,v0) on port 9443
2024-08-20T08:00:53.136-0500 INFO 1 com.l7tech.server: Listener state changed
2024-08-20T08:00:53.156-0500 INFO 108 com.l7tech.server.transport.http.InputTimeoutFilter: Setting shutdown flag for timeout property update thread (interrupted).
2024-08-20T08:00:53.156-0500 INFO 108 com.l7tech.server.transport.http.InputTimeoutFilter: Shutting down timeout property update thread.
2024-08-20T08:00:53.162-0500 INFO 1 com.l7tech.server.BootProcess: Stopping discovered component FTP Server Manager
2024-08-20T08:00:53.163-0500 INFO 1 com.l7tech.server.BootProcess: Stopping discovered component ManagedTimer Controller
2024-08-20T08:00:53.163-0500 INFO 1 com.l7tech.server.BootProcess: Stopping discovered component Whirlycache Controller