Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs) 🔗 link

On Thu, March 12, 2015 11:28 am, SebA wrote:

Hi JC,

This may be off-topic for everyone else as I'm talking about an unofficial
RPM (I know), but just to get this into the mailing list archive...

I want to install xymon server on a system, but it will be forwarding its
results to another xymon server and therefore I have no need for web
pages,
RRD files, etc.  In fact, I think I only need xymond, xymonnet and an
add-on
monitor.  (Plus xymon-client.)  When I try and install your RPM, it wants
to
install all sorts of things I don't want like apache and libX11 (see
below).

Installing:
 xymon
Installing for dependencies:
 apr
 apr-util
 apr-util-ldap
 audit-libs-python
 cairo
 dejavu-fonts-common
 dejavu-lgc-sans-mono-fonts
 dejavu-sans-mono-fonts
 fontconfig
 fontpackages-filesystem
 fping
 freetype
 httpd
 httpd-tools
 libX11
 libX11-common
 libXau
 libXft
 libXrender
 libcgroup
 libselinux-python
 libsemanage-python
 libthai
 libxcb
 mailcap
 net-snmp-libs
 pango
 pixman
 policycoreutils-python
 rrdtool
 setools-libs
 setools-libs-python

Transaction Summary
=============================
Install      33 Package(s)

How should I do a minimal install?  (I have your repo mirrored, but you
can't exclude dependencies with yum AFAIK.)  I just did a:

# sudo rpm -i fping-3.10-2.el6.x86_64.rpm
<no errors>
# sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
<output below>
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
/var/tmp/rpm-tmp.5gv8Df: line 30: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 31: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 32: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 33: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 34: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 35: /usr/sbin/semanage: No such file or
directory
/var/tmp/rpm-tmp.5gv8Df: line 36: /usr/sbin/semanage: No such file or
directory

Realizing that I probably needed /usr/sbin/semanage at least, I did:

# sudo rpm -e xymon
warning: /etc/xymon/hosts.cfg saved as /etc/xymon/hosts.cfg.rpmsave
# sudo rm -fR /etc/xymon
# sudo yum install setools-libs-python
# sudo yum install policycoreutils-python

And what the heck, it's just one package that I may use and xymon wants it
directly, rather than a dependency of a dependency, so:
# sudo yum install net-snmp-libs

# sudo rpm -i --nodeps xymon-4.3.18-1.el6.x86_64.rpm
warning: user apache does not exist - using root
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root


Should I have any problems that you foresee?

Thanks and kind regards,

SebA

-----Original Message-----
From: J.C. Cleaver [mailto:user-87556346d4af@xymon.invalid] Sent: 13 March 2015 03:24
To: SebA
Cc: 'Xymon MailingList'
Subject: Re: Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs)

Hi,

Yes, in a case such as yours the main xymon server RPM is going to pull in
a few things that you don't need. Primarily, it's httpd (and whatever
httpd pulls in, such as apr and whatnot) and rrdtool (and cairo, some
display libs).

The reason httpd is a hard dependency is that some things are configured
to be owned by the apache user, and the xymon.conf apache snippet is
dropped in the directory.

It should be safe to install xymon with --nodeps to bypass those two
packages, although you'll get some complaints as it installs. Assuming
you're running ping checks, you'll want to manually pull in 'fping'. You
can ignore net-snmp-libs if you're not going to be using
xymon-snmpcollect.

The semanage stuff from policycoreutils-python is SELinux. Aside from the
error output, it should be safe to ignore that as well.

Alas, you're correct in that yum will attempt to continue to pull in
dependencies when they're available, so you'll continue to get these
warnings.

I'd given consideration to splitting things out into xymon-xymonnet,
xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really,
really old version of the RPM did just that), but it really felt like more
complexity (and effort) than it was worth, especially since the upstream
had had unified things together.

If there's enough demand, I'm open to creating sub-packages for it. But it
does rather significantly increase complexity for people doing installs
since they have to think of the different components coming in. The flip
side is that for cases such as yours, or in micro-sized cloud/container
environments, you can install the base RPM and avoid bringing in other
dependencies.

One thing I can fix right away, though is wrapping the errors out of the
semanage calls. Although the RPM is built with SELinux in mind, if the
toolset isn't present there's no reason to annoy the user with the
messages. I'll put that in the next update for sure.

On Fri, March 13, 2015 2:51 am, SebA wrote:

The semanage stuff from policycoreutils-python is SELinux.
Aside from the
error output, it should be safe to ignore that as well.

The (mini-)server does have SELinux enabled and enforced though, so I
assumed that I would need the tools the RPM wants for configuring
everything
correctly for SELinux?

Alas, you're correct in that yum will attempt to continue to pull in
dependencies when they're available, so you'll continue to get these
warnings.

Actually, I hadn't considered that it might continue trying to get httpd
et
al whenever I do a yum update, but it does not seem to be doing it so far.
I
suppose it will if a new xymon package is available...

I'd given consideration to splitting things out into xymon-xymonnet,
xymon-proxy, xymon-server, xymon-xymongen and the like (in
fact, a really,
really old version of the RPM did just that), but it really
felt like more
complexity (and effort) than it was worth, especially since
the upstream
had had unified things together.

If there's enough demand, I'm open to creating sub-packages
for it. But it
does rather significantly increase complexity for people
doing installs
since they have to think of the different components coming
in. The flip
side is that for cases such as yours, or in micro-sized
cloud/container
environments, you can install the base RPM and avoid bringing in other
dependencies.

And for the security nuts who don't want things installed that they don't
need.

Only if it can still configure SELinux correctly using other methods?
chcon
was already installed and available (part of coreutils)... Otherwise I
would
rather know there was a problem.

-----Original Message-----
From: J.C. Cleaver [mailto:user-87556346d4af@xymon.invalid] Sent: 14 March 2015 02:22
To: SebA
Cc: 'Xymon MailingList'
Subject: RE: Dependencies for xymond and xymonnet (with particular reference to JC's terabithia.org RPMs)

On Fri, March 13, 2015 2:51 am, SebA wrote:

The semanage stuff from policycoreutils-python is SELinux.
Aside from the
error output, it should be safe to ignore that as well.

The (mini-)server does have SELinux enabled and enforced though, so I
assumed that I would need the tools the RPM wants for configuring
everything
correctly for SELinux?

Yeah, does sound like you'd had policycoreutils installed, but not
policycoreutils-python. For loadable policies modification, semanage
really is the tool most appropriate for the job. (I actually kind of find
it a little odd it's not in the base package, or @base package set.)

Alas, you're correct in that yum will attempt to continue to pull in
dependencies when they're available, so you'll continue to get these
warnings.

Actually, I hadn't considered that it might continue trying to get httpd
et
al whenever I do a yum update, but it does not seem to be doing it so far.
I
suppose it will if a new xymon package is available...

Correct. "yum check" might complain too about existing errors.

I'd given consideration to splitting things out into xymon-xymonnet,
xymon-proxy, xymon-server, xymon-xymongen and the like (in
fact, a really,
really old version of the RPM did just that), but it really
felt like more
complexity (and effort) than it was worth, especially since
the upstream
had had unified things together.

If there's enough demand, I'm open to creating sub-packages
for it. But it
does rather significantly increase complexity for people
doing installs
since they have to think of the different components coming
in. The flip
side is that for cases such as yours, or in micro-sized
cloud/container
environments, you can install the base RPM and avoid bringing in other
dependencies.

And for the security nuts who don't want things installed that they don't
need.

Quite true.

To do this right will also mean breaking out the various utilities
(xymongen, xymonnet, xymonproxy, etc.) into their own tasks.d/ snippets
instead of the monolithic tasks.cfg given out now...

This is something that might be best done at a 4.4.x release, to help ease
transition pain.

Only if it can still configure SELinux correctly using other methods?
chcon
was already installed and available (part of coreutils)... Otherwise I
would
rather know there was a problem.

Policy loading and context setting again really ought to be done with
semanage, otherwise you're not making a permanent change.


Regards,

-jc

On Thu, 12 Mar 2015, J.C. Cleaver wrote:

Hi,

Yes, in a case such as yours the main xymon server RPM is going to pull in
a few things that you don't need. Primarily, it's httpd (and whatever
httpd pulls in, such as apr and whatnot) and rrdtool (and cairo, some
display libs).

The reason httpd is a hard dependency is that some things are configured
to be owned by the apache user, and the xymon.conf apache snippet is
dropped in the directory.

It should be safe to install xymon with --nodeps to bypass those two
packages, although you'll get some complaints as it installs. Assuming
you're running ping checks, you'll want to manually pull in 'fping'. You
can ignore net-snmp-libs if you're not going to be using
xymon-snmpcollect.

The semanage stuff from policycoreutils-python is SELinux. Aside from the
error output, it should be safe to ignore that as well.


Alas, you're correct in that yum will attempt to continue to pull in
dependencies when they're available, so you'll continue to get these
warnings.


I'd given consideration to splitting things out into xymon-xymonnet,
xymon-proxy, xymon-server, xymon-xymongen and the like (in fact, a really,
really old version of the RPM did just that), but it really felt like more
complexity (and effort) than it was worth, especially since the upstream
had had unified things together.

If there's enough demand, I'm open to creating sub-packages for it. But it
does rather significantly increase complexity for people doing installs
since they have to think of the different components coming in. The flip
side is that for cases such as yours, or in micro-sized cloud/container
environments, you can install the base RPM and avoid bringing in other
dependencies.