Support Tip: Access Manager services failed to start after a reboot on RHEL 7.9 and SLES15SPS

0 Likes
Access Manager services failed to start after a reboot on RHEL 7.9 and SLES15SP3
Summary
Error New main PID does not belong to service, and PID file is not owned by root. Refusing.
URL Name
KM000002230
Products
Access Manager (NAM)
Article Body
Environment:
  •  Access Manager 4.5.3
  •  Access Manager 4.5.4
  •  Access Manager 5.0
  •  Access Manager 5.0.1

Situation:

Error New main PID does not belong to service, and PID file is not owned by root. Refusing.


Cause:

Security for current versions of systemd has been increased not allowing the user changes between novlwww and root with existing NAM  shipping System V init scripts. Due to the fact that the NAM the Appliance version up to 5.0 was based on SLES 11 which still uses System V System V init scripts (and not systemd) there was a need to maintain and keep these scripts. This is leading into a hybrid solution for systemd based OS versions causing. Systemd unit files will be calling the existing V System V init script. In the future this should not be required anymore and plain systemd unit files should be used instead.

Resolution:
As a workaround you can change the unit files calling the start / stop script for NAM services directly. 

here is an example how the file look like for the Admin Console: "/etc/systemd/system/novell-ac.service"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[Unit]
Description=Novell ac
Requires=local-fs.target network.target

[Service]
Type=forking
User=novlwww
Group=novlwww
ExecStart=/opt/novell/nam/adminconsole/bin/startAC.sh
ExecStop=/opt/novell/nam/adminconsole/bin/shutdownAC.sh
RemainAfterExit=no

PIDFile=/opt/novell/nam/adminconsole/ac.pid

[Install]
WantedBy=multi-user.target

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
run: "systemctl enable novell-ac"

and IDP server: "/etc/systemd/system/novell-idp.service"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[Unit]
Description=Novell idp

After=local-fs.target network.target novell-jcc.service

[Service]
Type=forking
User=novlwww
Group=novlwww
ExecStart=/opt/novell/nam/idp/bin/startIdp.sh
ExecStop=/opt/novell/nam/idp/bin/shutdownIdp.sh
RemainAfterExit=no

PIDFile=/opt/novell/nam/idp/idp.pid

[Install]
WantedBy=multi-user.target

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
run: "systemctl enable novell-idp"
In order to apply the changes for systemd please run: "systemctl daemon-reload"

If you review the journal you might see another systemd warning about the unit files executable flag. run: "chmod -x /etc/systemd/system/novell-*" to solve this problem. 

Note: after changing the unit files please do not use the System v init script at all anymore including the rcnovall-* scripts. This will generate a collision and the status of running process will get broken for systemd

This issue has been addressed to engineering and will be fixed with NAM 5.0 SP2

__________________________________

Elizabeth Knappen
CyberRes Community Manager

If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended