Install fails on Ubuntu 14.04 about oms-agent-for-linux HOT 19 CLOSED

Please indicate the complete command line you're using to try and install the agent. I don't even know what version you're trying to install.

Thanks!

from oms-agent-for-linux.

O sorry I missed it :)

It is output form installation command: sh ./omsagent-1.1.0-2.universal.x64.sh --upgrade. Instllation is ending with this message. After this any restart of OMSagent via init script is returning the same error and agent is not working at all. After this I was trying to update Azure Xtension from 2.0 to 2.2 but there was no action on the server. I have removed both OMS (and OMI) from VM and removed the extension. I will try to install the extension right now.

from oms-agent-for-linux.

I can't replicate this at all. I'm not sure what your prior version of omsagent was, if any. When I installed omsagent v1.1.0-2, it worked. When I upgraded from a prior version, it worked. Here's how I verify that it's working:

jeffcof:~> service omsagent status                              
Checking for service Operations Management Suite agent  *  is running
jeffcof:~> ps -ef | grep omsagent | grep -v jeffcof             
omsagent 45626     1  2 11:07 ?        00:00:00 /opt/microsoft/omsagent/ruby/bin/ruby /opt/microsoft/omsagent/bin/omsagent -d /var/opt/microsoft/omsagent/run/omsagent.pid --no-supervisor -o /var/opt/microsoft/omsagent/log/omsagent.log
jeffcof:~> 

The errors that we're getting suggest that we installed the wrong type of agent (perhaps SSL 0.9.8) based on the system that you're on. But I'm definitely trying to replicate on an Ubuntu 14-04 system, and Ubuntu 14.04 definitely has SSL 1.0.x:

jeffcof:~> openssl version
OpenSSL 1.0.1f 6 Jan 2014
jeffcof:~>

jeffcof:~> cat /etc/os-release 
NAME="Ubuntu"
VERSION="14.04.3 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.3 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
jeffcof:~> 

Are you trying to install this on an Azure Ubuntu system? Please give me complete details so I can replicate this on my own and get to the bottom of it, thanks!

/Jeff

from oms-agent-for-linux.

OpenSSL 1.0.2e 3 Dec 2015

NAME="Ubuntu"
VERSION="14.04.3 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.3 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"

This is quite fresh VM (few days). ASM deployment. Deployed with Diagnostics option turned ON - maybe this is the problem? There was 2.0 extension out of the box.
I have installed OMS agent with sh ./omsagent-1.1.0-2.universal.x64.sh --upgrade command (with --upgrade) . I will try to replicate this on fresh deployment. In this deployment I'm unable tu enable Diagnostics data gathering after this mess with OMS Agent.

from oms-agent-for-linux.

I have OpenSSL 1.0.2e 3 Dec 2015 because I builded OpenSSL later from source. The error occured before that.

from oms-agent-for-linux.

@KrisBash Do we work properly with Azure right now?

from oms-agent-for-linux.

We would like the full text of the installation output. That is, when you try to install the OMS agent, we want to see everything in stdout/stderr, from start to finish (including the command used), to replicate this problem.

If you are installing through the portal, please try installing from the command line to replicate this, thanks.

from oms-agent-for-linux.

At this moment no Diagnostic extension is installed but output of installation command is the same:

https://gist.github.com/smereczynski/adf64ab56e1548d366ce

from oms-agent-for-linux.

Interesting. I suspect we have failed to set up the expected symlinks to libssl.so. Can you run:
ldd /opt/microsoft/omsagent/ruby/lib/ruby/2.2.0/x86_64-linux/openssl.so
and
ls -l /opt/omi/lib/

from oms-agent-for-linux.

root@server:~# ldd /opt/microsoft/omsagent/ruby/lib/ruby/2.2.0/x86_64-linux/openssl.so
    linux-vdso.so.1 =>  (0x00007ffda23d6000)
    libssl.so.1.0.0 => /opt/omi/lib/libssl.so.1.0.0 (0x00007f2227656000)
    libcrypto.so.1.0.0 => /opt/omi/lib/libcrypto.so.1.0.0 (0x00007f222720f000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2227002000)
    libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2226de4000)
    librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f2226bdc000)
    libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f22269a2000)
    libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f222669c000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f22262d7000)
    /lib64/ld-linux-x86-64.so.2 (0x0000563141bc4000)
root@server:~# ls -l /opt/omi/lib/
total 3688
lrwxrwxrwx 1 root root      44 Jan 22 20:44 libcrypto.so.1.0.0 -> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
lrwxrwxrwx 1 root root      38 Jan 22 20:44 libcurl.so.3 -> /usr/lib/x86_64-linux-gnu/libcurl.so.4
lrwxrwxrwx 1 root root      38 Jan 22 20:44 libcurl.so.4 -> /usr/lib/x86_64-linux-gnu/libcurl.so.4
-rwxr-xr-x 1 root root  894753 Jan  5 19:57 libmicxx.so
-rwxr-xr-x 1 root root 1511096 Jan  5 19:57 libmi.so
lrwxrwxrwx 1 root root      58 Jan 22 20:44 libMSFT_nxOMSAgentResource.so -> /opt/microsoft/omsconfig/lib/libMSFT_nxOMSAgentResource.so
lrwxrwxrwx 1 root root      59 Jan 22 20:44 libMSFT_nxOMSSyslogResource.so -> /opt/microsoft/omsconfig/lib/libMSFT_nxOMSSyslogResource.so
lrwxrwxrwx 1 root root      52 Oct 23 00:34 libmysqlProvider.so -> /opt/microsoft/mysql-cimprov/lib/libmysqlProvider.so
-rwxr-xr-x 1 root root 1101807 Jan  5 19:57 libomiclient.so
-rwxr-xr-x 1 root root  261153 Jan  5 19:57 libomiidentify.so
lrwxrwxrwx 1 root root      44 Jan 22 20:44 libomsconfig.so -> /opt/microsoft/omsconfig/lib/libomsconfig.so
lrwxrwxrwx 1 root root      50 Jan  5 19:59 libSCXCoreProviderModule.so -> /opt/microsoft/scx/lib/libSCXCoreProviderModule.so
lrwxrwxrwx 1 root root      41 Jan 22 20:44 libssl.so.1.0.0 -> /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
drwxr-xr-x 5 root root    4096 Jan 22 20:44 Scripts

from oms-agent-for-linux.

I think the issue is that you reinstalled OpenSSL, and you probably picked a different configuration. The default version of OpenSSL that ships with Ubuntu 14 is OpenSSL 1.0.1f.

I'm not sure why you decided to reinstall OpenSSL from source. Please try our agent on a fresh system where you did not reinstall OpenSSL, and I'm very confident that you'll work just fine. That's why I can't replicate the issue, we use the vendor-supplied version of OpenSSL.

We do happen to build OpenSSL ourselves to make for compatible agents that work everywhere (regardless of where you install them), but we do have special hoops to jump through. If you MUST reinstall OpenSSL form source, for whatever reason, then look at our compile instructions and configure yours the same way. If you do this, it's pretty likely it'll work. But if it doesn't, that isn't a configuration we support (sorry).

Let me know if you have further questions, and if this information is helpful.

/Jeff

from oms-agent-for-linux.

It works fine on fresh mchine - You are right. But fresh machine is deployed without Diagnostic extension or with version 2.2.0 of extension not 2.0. My first think was that this extension is causing some problems... but it is wrong.
I have tried to compile OpenSSL shared librariies AFTER the error shows up and haven't installed it - so my information about other version of OpenSSL above is wrong. But I know right now what's happend.
I have PHP 5.6 installed from https://launchpad.net/~ondrej/+archive/ubuntu/php5-5.6?field.series_filter=trusty
There is also a openssl 1.0.2e-1+deb.sury.org~trusty+1 in dependencies of PHP 5.6 for Ubuntu 14.04.
I know that this is not a mainline repository but if I'm going to deploy popular web app (let say WordPress) on Ubuntu 14.04 today, I'm going to install PHP 5.6, Nginx 1.8 from PPA and MariaDB 10 or MySQL 5.6 - not PHP 5.5.9, MySQL 5.5 and Nginx 1.4 from mainline. WordPress.org recommended PHP 5.6 and MySQL 5.6 for WordPress CMS: https://wordpress.org/about/requirements/

So... I think this agent should work with OpenSSL 1.0.2e.

from oms-agent-for-linux.

I believe the agent will work against OpenSSL v1.0.2e IF you compile SSL with the instructions I specified above. By compiling the way you are, the SSL environment is different enough where we have problems.

Another option, if you rebuild OpenSSL from source, is to put the new version of OpenSSL in /usr/local. This is the typical way to make changes from the system installation. And this way, you're certain to not negatively affect other things that may have dependencies on how SSL is compiled/linked. It's always somewhat "risky" to replace the SYSTEM version of OpenSSL, but having your own version of OpenSSL in /usr/local should be fine.

from oms-agent-for-linux.

OK, once again: I have NOT INSTALLED the OpenSSL I have compiled. I have been building the shared library. OpenSSL v1.0.2e in my system is from PHP 5.6 PPA (https://launchpad.net/~ondrej/+archive/ubuntu/php5-5.6?field.series_filter=trusty). It will be instaled on EVERY Ubuntu 14.04 with PHP 5.6 installed from this PPA and this PPA is recommended to do this. v.1.0.2e will be also the default version in 16.04 - but I don't know how it was compiled in mainline (You can test 16.04). Probably I will also test 16.04 today - its DAILY build is available in Azure image gallery.

from oms-agent-for-linux.

Did you try "building the shared library" via the instructions I posted above? What was the results of that?

When you say "I have NOT INSTALLED the OpenSSL I have compiled. I have been building the shared library", where exactly are you putting this shared library? We are obviously finding it and using it. If I can get exact details on exactly what you are doing, step by step, and if the original SSL is still installed on the machine, then I can probably give you a workaround. But to help you, I need to understand exactly what you are doing. Right now, I don't understand exactly what you are doing with OpenSSL (how you are building it, where you are putting the resulting components, etc).

Thanks for your understanding.

from oms-agent-for-linux.

OK, at this point we should leave my case - I have been trying to replace shared library just because my curiosity and I believe You that there is a workaround. We know right now that version of the OpenSSL installed in the OS is the problem. I'm pointing to much bigger problem for You: a massive number of administrators is installing PHP 5.6 from PPA I have linked above. So probably Your agent will fail on every Ubuntu 14.04 with PHP 5.6 installed and on Ubuntu 16.04 (I will test it right now). The question is if You are able to resolve this problem on Your side? I will drop You an information about Ubuntu 16.04. Give me a few minutes.

from oms-agent-for-linux.

@jeffaco OK, it works OK in 16.04 (OpenSSL 1.0.2e 3 Dec 2015, PHP 5.6.16-1ubuntu1). I will reproduce it on 14.04.3-LTS with PHP 5.6 PPA and if it will fail again I will send information to PPA team. Correct me if I'm wrong: they compiled openssl shared library with -no-ssl3, yes? And Your agent need SSL3, correct?

from oms-agent-for-linux.

It's not an issue of what our agent needs, it's an issue of how SSL was previously built on the machine. Our agent is pretty flexible in this regard.

When I do an openssl version -a on an Ubuntu 14 system, I get this:

OpenSSL 1.0.1f 6 Jan 2014
built on: Thu Jun 11 15:28:12 UTC 2015
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

While this does not show the exact configure options, the configuration options can be reverse engineered from that. Ultimately, if a third party is going to replace the version of OpenSSL on a system, I would strongly recommend:

1. The third party should put their of OpenSSL in /usr/local, leaving the system version of OpenSSL in place.
2. The third party should link their project against the version of OpenSSL in /usr/local.
   The above is the "standard" way of doing things (Vendor-supplied versions go in /usr/lib or similar, "local" installations go in /usr/local).

If the third party does not want to do that, then they can ship their own OpenSSL libraries directly with their product (Firefox, for example, does this).

Ultimately, if the third party insists on replacing the system version of OpenSSL, then the onus is on the third party to build OpenSSL compatibly with how the O/S distributor did so.

Regardless, we'll do everything we can to get you going. Our product is very flexible with how it finds OpenSSL, so it's easy to change OMS-Agent to look elsewhere for OpenSSL. If worse comes to worse, you can rebuild OMS-Agent from source. That's currently non-trivial because all the code you need to do so is not (yet) completely public on GitHub. But we're working aggressively to make that happen.

from oms-agent-for-linux.

Thank You @jeffaco for Your support. I will try to talk with Ondřej Surý (PHP56 PPA maintainer) about his build of OpenSSL. Now we know that upstream build in 16.04 is OK, so maybe he will use an upstream build in his repository.

from oms-agent-for-linux.