Discussion (6)1
Log in or sign up to continue

Hi @Michael Jobe 

Yes, you can post here or open a WRC ticket.

The error usually denotes a privilege issue. I see that the file name is not the default we ship the product with. That is isc_prometheus.yml. Also the file should have privileges set to 764 or rwxrw-r---

Another important thing would be to use the start.sh script that checks for the correct privileges on directories and files.

Let us know how you get on.


The start.sh script was used to start the services, the stop.sh to stop them

The SAM solution was installed 4x on 4 EC instances, each one received the same error and clusters could not be created.

There is an isc_prometheus.yml file in the directory which by the default installation did not have 764 permissions.  I set the permissions to 764 and restarted the services and the same error is received.  Documentation is a bit light but I followed the instructions.  Has this worked for others as documented?

I ran into this same issue and it turned out to be the selinux was set to enforcing, and that prevented the file system writes.

The file /config/prometheus/isc_tmp_yml_file.yml seems to be a temp file that is used during the creation of a new cluster.  However, with selinux enforcing, it may be that there would be other file write issues.

To verify the issue was selinux, I used "docker exec -it <container> bash" to connect to bash on the iris container that start.sh started.  Once there I used "touch /config/prometheus/isc_tmp_yml_file.yml" to attempt to create the file and it failed.

I then exited bash and used setenforce 0 to temporarily change selinux from enforcing to premissive and retried the touch and it was successful.  At that point I was able to continue with the creation of a cluster in SAM.

I have not looked into what policies would need to be created to enable SAM to run with selinux enforcing, but that will be necessary before deploying into production unless the cluster can operate without issue after configuration, in which case, perhaps configuration can be done with selinux set to permissive and then returned to enforcing for operations.