check_system_configuration.py

The check_system_configuration.py script checks and can correct system configuration settings for MATRIXX components. It runs on individual components as they are installed and on MATRIXX Engine when you start it by itself. You can also run this script as needed on components of an installed system to check or correct system configuration. The behavior of this script is limited to the permissions of the user running it. Running it as a user with non-sudo permissions just alerts you to configuration issues on file systems and files that the user as permission to read. Running this script with sudo permissions and the --autocorrect=1 option gives it access to more settings and directs it to correct any configuration issues it finds.

Run the check_system_configuration.py script in one of these roles:
  • As a configuration fixer for MATRIXX as superuser. This script runs on all MATRIXX components during installation to confirm the system configuration and correct any configuration issues.

  • As configuration checker for MATRIXX Engine during start-up as the mtx user. This script runs when you start MATRIXX Engine. You can also run this script after start-up to test the configuration for a server, cluster, or on the engine itself. Example tests include the Red Hat Enterprise Linux (RHEL) operating system version, sysctl settings, status of NFS and rpcbind services, Ethernet settings, and memlock settings. Because you run this on the engine as the mtx user, this script does not correct issues it finds but alerts you to issues by returning errors.

    The MATRIXX Engine installer runs the check_system_configuration.py script to verify the RHEL version and set other OS configuration settings before installing the software. Do not override any of these settings without first checking with your MATRIXX support representative.

  • As a configuration checker or fixer on one or more MATRIXX components, as whatever user has permissions to access or change the file system being tested.

    You can run the check_system_configuration.py script as any user with permission to access the files and files ystems being checked. You can run this script manually as any user, and it alerts you with an error if it does not have permission to change a bad configuration setting. If you run this script manually as any user except mtx, you must also set the model option to -model=real.

This script confirms that any required users and groups exist. For example, when checking MATRIXX Engine, the script confirms that the mtx user and mtx group exist.

If the script user does not have permission to make a necessary change, the script displays a warning similar to the following, and you must configure the setting manually and restart the server to activate the new settings:
WARN: /opt/mtx/bin/check_system_configuration.py failed. Some system files may be modified. For more details please see log file /tmp/check_system_configuration.log.

If you do not specify the automatic correction option, any potential changes are logged but the configuration files are not updated. In addition, the script checks that the user mtx sudo permissions are set correctly. Any inconsistencies are written to stdout.

When this script is run by the MATRIXX installer and run manually with the -a (--autocorrect) option set to 1, the check_system_configuration.py script checks parameters in the following files and tries to make and necessary changes:
  • /etc/abrt/abrt.conf
  • /proc/meminfo
  • /etc/sudoers.d
  • /etc/sysctl.conf
  • /etc/security/limits.conf
  • /usr/lib/tmpfiles.d/{mtx,tra}.conf
  • /etc/redhat-release
  • /sys/class/net/{ib0,ib1}/mode
Note: Before the script changes any values, it saves the original configuration to a backup file in the same directory so integrators can keep a record of the changes. In addition, all changes are written to the /tmp/check_system_configuration.log file and the following information is written to the console when the script runs: 
OK: /opt/mtx/bin/check_system_configuration.py. Some system files may be modified.
For more details please see log file /tmp/check_system_configuration.log.

Syntax

check_system_configuration.py [-h | -v | -a option | -m model | --osversion version | -p component]

Options

-h, --help
Show this help message and exit.
-v, --verbose
Runs the script in verbose mode and returns more details as standard output.
-a option, --autocorrect=option
Corrects any issues found when checking the system settings. The option can be one of:
  • 0 — Disable
  • 1 — Enable
-m model, --model=model
The options for model are:
  • real — The default option for user mtx. The use of this option assumes that you are running this script on a fully functional MATRIXX implementation. This option runs all tests.
  • desktop — The default value for all users except mtx users. The use of this option assumes that you are running this script on a demonstration or test system, so it runs a subset of all possible checks.
--osversion version
Run the script on the specified RHEL version, regardless of the version installed. This option allows administrators to spoof the OS version for testing. The value is a two-integer version number string, for example, 8.7.
-p "component", --product_name="component"
Run the script on a specific MATRIXX component. Use this option once for each component to test. If this option is omitted, the script probes for products and test components it finds. If no products are found, it returns an error. Run the script with one of these options:
  • engine
  • network-enabler
  • traffic-routing-agent
  • proxy-server
  • seagull
  • notifier

Check the local configuration and make necessary corrections

check_system_configuration.py -a 1

Check the configuration on a remote server and make necessary corrections

run_cmd_on_blade.py -b bladeId "check_system_configuration.py -a 1"

Check the TRA configuration in Verbose mode and make any necessary corrections

check_system_configuration.py -v -a -p "traffic-routing-agent"

Check all components, do not specify the OS version; run as sudo user

Neither the individual components nor the OS version were specified in this command, so the script automatically detected both. This example is run as a sudo user, so the script did not report that it failed to check anything:

[MTX]# sudo ./build_tools/check_system_configuration.py --model=real
INFO: Start time - 2020-05-29T22:54:22Z
INFO: Checking system configuration for products: ['engine', 'seagull', 'traffic-routing-agent']
--------------------------------------------------------------------------------
INFO: Checking system configuration for ENGINE.
DEBUG: Command "/usr/bin/id mtx" output:
       uid=522(mtx) gid=522(mtx) groups=522(mtx),91(tomcat),495(docker)
INFO: Check complete, user "mtx" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/mtx.conf" validated
INFO: OS Version String: [3.10.0-1062.4.3.el8.x86_64 #1 SMP Tue Nov 12 10:42:40 EST 2019]
INFO: OS is not real time. Skipping processing of checkIrqBalance().
****** Checking the system configuration ******
****** Checking the crash dump configuration ******
****** Checking the sudoers File for elevated permissions for user mtx ******
WARNING: user mtx is able to execute [/etc/init.d/mtx_services]. Please ignore if [/etc/init.d/mtx_services] is required
WARNING: user mtx is able to execute [/etc/init.d/nfs]. Please ignore if [/etc/init.d/nfs] is required
WARNING: user mtx is able to execute [/bin/dmesg]. Please ignore if [/bin/dmesg] is required
WARNING: user mtx is able to execute [/sbin/iptables]. Please ignore if [/sbin/iptables] is required
WARNING: user mtx is able to execute [/bin/rpm]. Please ignore if [/bin/rpm] is required
WARNING: user mtx is able to execute [/bin/sh /root/iptableslist.sh]. Please ignore if [/bin/sh /root/iptableslist.sh] is required
WARNING: user mtx is able to execute [/bin/sh /root/block_engine.sh]. Please ignore if [/bin/sh /root/block_engine.sh] is required
WARNING: user mtx is able to execute [/bin/sh /root/unblock_engine.sh]. Please ignore if [/bin/sh /root/unblock_engine.sh] is required
Found 0 errors so far
--------------------------------------------------------------------------------
INFO: No system configuration check required for SEAGULL.
--------------------------------------------------------------------------------
INFO: Checking system configuration for TRAFFIC-ROUTING-AGENT.
DEBUG: Command "/usr/bin/id tra" output:
       uid=609(tra) gid=522(mtx) groups=522(mtx)
INFO: Check complete, user "tra" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/tra.conf" validated
INFO: Skipping checkIrqBalance(). Already processed.
****** Checking the system configuration ******
****** Checking the crash dump configuration ******
****** Checking the sudoers File for elevated permissions for user tra ******
Found 0 errors so far
--------------------------------------------------------------------------------
INFO: System configuration check SUCCEEDED, overall error count: 0

Check all components, do not specify the OS version; run as mtx user

This example shows the same command being run as user mtx instead of sudo so that errors are reported:

./build_tools/check_system_configuration.py --model=real
INFO: Start time - 2017-12-04T23:11:42Z
INFO: Checking system configuration for products: ['engine', 'network-enabler', 'notifier', 'proxy-server', 'seagull', 'traffic-routing-agent']
--------------------------------------------------------------------------------
INFO: Checking system configuration for ENGINE.
DEBUG: Command "/usr/bin/id mtx" output:
       uid=1004(mtx) gid=1005(mtx) groups=1005(mtx)
INFO: Check complete, user "mtx" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/mtx.conf" validated
****** Checking the system configuration ******
****** Checking the crash dump configuration ******
****** Checking the sudoers File for elevated permissions for user mtx ******
ERROR: Must be run as root to check elevated privilages for "mtx" user. Not checking sudoers for permissions for "mtx" user.

You can temporarily change these values using "sysctl -w <name>=<value>"
To undo all temporary changes use "sysctl -p" which reloads the /etc/sysctl.conf file.
Once you are satisfied with your changes, add your changes to the
file: /etc/sysctl.conf and re-boot or use "sysctl -p" to reload this file.
Found 1 errors so far
--------------------------------------------------------------------------------
INFO: Checking system configuration for NETWORK-ENABLER.
DEBUG: Command "/usr/bin/id tra" output:
       uid=1005(tra) gid=1005(mtx) groups=1005(mtx)
INFO: Check complete, user "tra" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/tra.conf" validated
Found 1 errors so far
--------------------------------------------------------------------------------
INFO: No system configuration check required for NOTIFIER.
--------------------------------------------------------------------------------
INFO: Checking system configuration for PROXY-SERVER.
DEBUG: Command "/usr/bin/id mtx" output:
       uid=1004(mtx) gid=1005(mtx) groups=1005(mtx)
INFO: Check complete, user "mtx" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/mtx.conf" validated
Found 1 errors so far
--------------------------------------------------------------------------------
INFO: No system configuration check required for SEAGULL.
--------------------------------------------------------------------------------
INFO: Checking system configuration for TRAFFIC-ROUTING-AGENT.
DEBUG: Command "/usr/bin/id tra" output:
       uid=1005(tra) gid=1005(mtx) groups=1005(mtx)
INFO: Check complete, user "tra" groups validated.
INFO: Check complete, tmpfiled configuration file "/usr/lib/tmpfiles.d/tra.conf" validated
****** Checking the system configuration ******
****** Checking the crash dump configuration ******
****** Checking the sudoers File for elevated permissions for user tra ******
ERROR: Must be run as root to check elevated privilages for "tra" user. Not checking sudoers for permissions for "tra" user.

You can temporarily change these values using "sysctl -w <name>=<value>"
To undo all temporary changes use "sysctl -p" which reloads the /etc/sysctl.conf file.
Once you are satisfied with your changes, add your changes to the
file: /etc/sysctl.conf and re-boot or use "sysctl -p" to reload this file.
Found 2 errors so far
--------------------------------------------------------------------------------
ERROR: System configuration check FAILED, overall error count: 2

Run during installation

The following is an example of output when this script is run during installation:

cat /tmp/check_system_configuration.log
INFO: Start time - 2017-12-04T23:14:30Z
INFO: Checking system configuration for products: ['engine']
--------------------------------------------------------------------------------
INFO: Checking system configuration for ENGINE.
DEBUG: Command "/usr/bin/id mtx" output:
       uid=1004(mtx) gid=1005(mtx) groups=1005(mtx)
INFO: Check complete, user "mtx" groups validated.
ERROR: File "/usr/lib/tmpfiles.d/mtx.conf" does not exist.
INFO: Running autocorrect: /bin/echo 'd /var/run/mtx 755 mtx mtx' >| /usr/lib/tmpfiles.d/mtx.conf Return Code: 0, Output:
INFO: Autocorrect has succeeded.
****** Checking the system configuration ******
****** Checking the crash dump configuration ******
****** Checking the sudoers File for elevated permissions for user mtx ******
WARNING: user mtx is able to execute [/etc/init.d/tomcat6]. Please ignore if [/etc/init.d/tomcat6] is required
WARNING: user mtx is able to execute [/etc/init.d/mtx_services]. Please ignore if [/etc/init.d/mtx_services] is required
Found 0 errors so far
--------------------------------------------------------------------------------
INFO: System configuration check SUCCEEDED, overall error count: 0