Hi!
For one of my customers the fixlet ILMT Upgrade to 9.2.32 is not showing any applicable computers.
I then created an analysis for this fixlet, and it shows “error” in the columns for relevance 6 and 8.
I could not find anything in client log, so I enabled debug mode.
But nothing in debug log that was hinting what the problem is.
The ILMT server is running on RedHat 8.7.
I doublechecked that all prerequisite packages are installed.
Any hints how I can find out why these relevances are not functoning?
There is lot of free diskspace, this is what I checked first.
But even if there was not enough disk, the relevance should be false, not error.
This is the first upgrade.
ILMT 9.2.31 was installed in June, and it is a rather tightened environment regarding security.
So that is why I want to find out why the relevance does not work in case there is other things not working properly.
Both 6 and 8 relevance statements try to access /etc/passwd file as part of the evaluation. You mentioned tightened security. What kind of restrictions are in place and may be this is access related, though the client runs as root.
I found out what the problem is. It is /etc/passwd that is protected in some way I don’t know. It is owned by root:root with access rights -r–r--r–. As root in a ssh session I have no problems reading it.
However, I made a custom copy of the fixlet, took a small amount of users from passwd and saved it in /tmp/users.txt, I modified the fixlet to use the copy instead, and this works.
The reason is that the file /etc/passwd is too big, 190k!
When I made a full copy of it to /tmp/users.txt, the custom copy of the fixlet also failed.
I will report this as an error to IBM.
You are right, it is not the size!
Before reporting it as a problem, I had to check it in more detail and see if it was possible to recreate it.
It turned out to be users in /etc/passwd with names containing \xE5.
This is small a with a ring above, but in Unicode, CP1252, 8859-1.
Most likely the users are imported from other systems with other codepages, and there are more than 2500 of them!
It is very easy to recreate this problem. I have done this in two other installations, RedHat 7.9 and 8.5, BigFix 10.0.5 and 10.0.9. At least RH8.5 is a plain installation with no extra security tweakings.
USERNAME=$(echo -e -n “P\xe5l Paljett”)
useradd -c “$USERNAME” -s /bin/bash -m paljett
Then create an analyse of the Upgrade fixlet, and check the result.
There is an APAR for this, IJ24502.
And there will be an addition in the ILMT manual, in the “Installation and upgrade problems” section.
The workaround is to manually export/import the ILMT upgrade fixlet with relevance 6 & 8 removed.
Or run the upgrade manually from the command line.