Noexec on /tmp results in a Gateway that fails to start

Ignition
1

Is there any way to repoint the use of /tmp for Ignition? If you are following the CIS standards, one of the rules is to set /tmp to noexec. Generally for most application you need to adjust its use of /tmp and point ti elsewhere it can write to.

I looked through the ignition.conf and didn’t see anything obvious to change. Is there anyway I can change it?

Thanks!

NFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,895 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [data//logback.xml] at [file:/usr/local/bin/ignition/data/logback.xml]
INFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,959 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]
INFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,961 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [SysoutAppender]
INFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,965 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
INFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,982 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [com.inductiveautomation.logging.SQLiteAppender]
INFO   | jvm 1    | 2022/08/11 11:35:03 | 11:35:02,989 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [DB]
INFO   | jvm 1    | 2022/08/11 11:35:03 | Failed to load native library:sqlite-3.23.1-3a1920f6-85ef-4152-b939-495049a2eb80-libsqlitejdbc.so. osinfo: Linux/x86_64
INFO   | jvm 1    | 2022/08/11 11:35:03 | java.lang.UnsatisfiedLinkError: /tmp/sqlite-3.23.1-3a1920f6-85ef-4152-b939-495049a2eb80-libsqlitejdbc.so: /tmp/sqlite-3.23.1-3a1920f6-85ef-4152-b939-495049a2eb80-libsqlitejdbc.so: failed to map segment from shared object
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp: 
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: Encountered an error running main:
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: java.lang.UnsatisfiedLinkError: 'void org.sqlite.core.NativeDB._open_utf8(byte[], int)'
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.core.NativeDB._open_utf8(Native Method)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.core.NativeDB._open(NativeDB.java:71)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.core.DB.open(DB.java:174)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.core.CoreConnection.open(CoreConnection.java:220)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.core.CoreConnection.<init>(CoreConnection.java:76)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.jdbc3.JDBC3Connection.<init>(JDBC3Connection.java:25)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.jdbc4.JDBC4Connection.<init>(JDBC4Connection.java:24)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.SQLiteConnection.<init>(SQLiteConnection.java:45)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.JDBC.createConnection(JDBC.java:114)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.SQLiteDataSource.getConnection(SQLiteDataSource.java:410)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.sqlite.SQLiteDataSource.getConnection(SQLiteDataSource.java:398)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.db.DataSourceConnectionSource.getConnection(DataSourceConnectionSource.java:62)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.db.ConnectionSourceBase.discoverConnectionProperties(ConnectionSourceBase.java:46)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.db.DataSourceConnectionSource.start(DataSourceConnectionSource.java:44)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.logging.SQLiteAppender.configureConnectionSource(SQLiteAppender.java:211)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.logging.SQLiteAppender.start(SQLiteAppender.java:252)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.action.AppenderAction.end(AppenderAction.java:90)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.spi.Interpreter.callEndAction(Interpreter.java:309)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.spi.Interpreter.endElement(Interpreter.java:193)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.spi.Interpreter.endElement(Interpreter.java:179)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.spi.EventPlayer.play(EventPlayer.java:62)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:165)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:152)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:110)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:53)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.classic.util.ContextInitializer.configureByResource(ContextInitializer.java:75)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at ch.qos.logback.classic.util.ContextInitializer.autoConfig(ContextInitializer.java:150)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.impl.StaticLoggerBinder.init(StaticLoggerBinder.java:84)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.impl.StaticLoggerBinder.<clinit>(StaticLoggerBinder.java:55)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:412)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:357)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.ignition.common.util.LoggerEx$Builder.build(LoggerEx.java:603)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.ignition.gateway.IgnitionGateway.getLogger(IgnitionGateway.java:3635)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.ignition.gateway.IgnitionGateway.<init>(IgnitionGateway.java:354)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.ignition.gateway.IgnitionGateway.main(IgnitionGateway.java:294)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at com.inductiveautomation.catapult.Catapult.main(Catapult.java:8)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:349)
INFO   | jvm 1    | 2022/08/11 11:35:03 | WrapperSimpleApp Error: 	at java.base/java.lang.Thread.run(Unknown Source)
STATUS | wrapper  | 2022/08/11 11:35:05 | <-- Wrapper Stopped
2

yes, you can add wrapper.java.additional.XXX=-Djava.io.tmpdir=$PATH_TO_TEMP to your ignition.conf to tell java to use an alternate directory for your temp dir

set the XXX value to a unique digit

1 Like
3

Set -Dorg.sqlite.tmpdir in ignition.conf and see if that changes anything for you.

SQLite is doing this, and it’s defaulting to the Java temp dir.

1 Like
4

Or what @jcoffman said :stuck_out_tongue:

1 Like
5

Hot dang you guys are quick!

Magic settings:

# grep temp data/ignition.conf 
wrapper.java.additional.2=-Djava.io.tmpdir=/usr/local/bin/ignition/temp

Any reason I shouldn’t point it here? The directory already existed so I felt that was satisfactory.

1 Like
6

I have a suspicion that the “temp” dir inside $IGNITION is not actually temporary and nothing ever cleans it up… but maybe I’m just jaded and wrong. It could very well get deleted every startup.

7

Sounds like Ill need to test it! Thanks as always Kevin!

8

For folks that are playing with containerization of ignition and the docker image this was a major headache. This java argument was how I was finally able to resolve getting the containers to start on our RHEL 8 servers with podman play kube.