PI67826: KNOX FILES DEPLOYED WITH INCORRECT PERMISSIONS SET

APAR status

• Closed as fixed if next.

Error description

• BigInsights home page will not render and customer is not
  prompted for userid/password.
  When knox_setup.sh deploys the ValueAdd jar files into
  /usr/iop/4.1.0.0/knox/lib using scp. Scp copies the files using
  the target system umask.  If the umask is not set to 0022-- for
  example 0027 the files are created as root:root with rw-r----.
  Later when knox is attempting to deploy and setup the default
  war files using information from these jars for valueadds it is
  unable to read since it is doing at as "knox" user and there
  are no "read" permissions for others.
  Essentially the default gateway rewrite.xml and gateway.xml are
  missing the roles and rewrites for all the Value Adds which
  causes the internal mapping from Knox to ValueAdd service to
  fail.knox
  *** knox_setup should be updated to set the correct permissions
  for these files and not assume that the target host will create
  these with "read" permissions for others.
  

Local fix

• during the knox_setup the following jars are copied
  
  /usr/iop/4.1.0.0/knox/lib/gateway-service-web-ui-2.10.jar
  /usr/iop/4.1.0.0/knox/lib/gateway-service-bigsheets-5.13.jar
  /usr/iop/4.1.0.0/knox/lib/gateway-service-dsm-1.2.jar
  /usr/iop/4.1.0.0/knox/lib/gateway-service-text-analytics-web-too
  ling-3.0
  .jar
  
  *** because umask is set to 027 in the client's env the files
  are copied with 640 permissions
  
  1) update permissions on those file to 644  (-rw-r--r--)
  2) restarted knox and biginsights_home in ambari console
  

Problem summary

• See error description
  

Problem conclusion

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• n/a
  

Fix information

Applicable component levels

• R425 PSY

     UP