Known Issues - OmniDeq

Known Issues

Discover

The OmniDeq vault of type "Username and Password" is used during the windows host discovery. In this type of vault the single quote (') and double quote (") in password doesn't work specically for windows. For other OSes it works. So for windows discovery please avoid these characters in password OR create an additional user if any for the CH usage.
Tanuki wrapper supports variety of deployment configurations for applications, like: init.d, systemd, standalone.
- In some of the cases, X-Ray fails due to incorrect tanuki commandline detected either due to
  - init.d scipt detected as Default Probe Command or
  - Due to missing quotes ("") in the wrapper.displayname parameters in Default Probe Command.
- User needs to provide the correct commandline in Override Default Probe Command
  - Example:
  - Commandline Detected:
    
    /opt/tomcat/bin/./wrapper /opt/tomcat/bin/../conf/wrapper.conf wrapper.syslog.ident=tomcat wrapper.pidfile=/opt/tomcat/bin/./tomcat.pid wrapper.name=tomcat wrapper.displayname=TOMCAT APPLICATION SERVER wrapper.statusfile=/opt/tomcat/bin/./tomcat.status wrapper.java.statusfile=/opt/tomcat/bin/./tomcat.java.status wrapper.script.version=3.5.45
  - Correct Commandline:
    
    /opt/tomcat/bin/./wrapper /opt/tomcat/bin/../conf/wrapper.conf wrapper.syslog.ident=tomcat wrapper.pidfile=/opt/tomcat/bin/./tomcat.pid wrapper.name=tomcat wrapper.displayname="TOMCAT APPLICATION SERVER" wrapper.statusfile=/opt/tomcat/bin/./tomcat.status wrapper.java.statusfile=/opt/tomcat/bin/./tomcat.java.status wrapper.script.version=3.5.45
- In some of the cases, x-ray fails due to pid file genrated by tanuki wrapper cannot to be read/written
  - The workaround is to move/remove the pid file after successful start of tanuki wrapper and then attemp the discover and x-ray
Use overridden probe command checkbox issue, Use overridden probe command checkbox not being applied
- In some of the cases, the Use overridden probe command checkbox is not applied.
- make sure the you update the Override Default Probe Command first and select the the Use overridden probe command checkbox after the Override Default Probe Command is saved successfully.
Check connection to an Ubuntu 22 machine might fail. This is because Ubuntu 22 disables RSA signatures using SHA-1 Hash algorithm by default. The workaround is to add the following line to /etc/ssh/sshd_config and restart the sshd service

PubkeyAcceptedKeyTypes +ssh-rsa
If any new websites or applications are added on the server (IIS/Application Server) after pre-requisite check is performed, then the pre-requisite check step need to be re-run to detect those new websites/applications and to be able to edit the whitelist for discovery. Otherwise these new applications will be ignored during discovery and appears that discovery didn't discover these applications.

Transform

The transformation studio displays the "File Explorer" view of the files/directories included in the container for a given process. The File Explorer allows the user to deselect a file or a directory recursively. In case the directory is a soft link, the deselection of soft link destination from File Explorer doesn't work.
Transform fails stating as "rsync failed to build box" in logs on latest Debian OS.
- This happens due to kernel incompatibility issue and its very specific to Debian OS.
- Follow below steps to force use natively installed "rsync" utility instead of transform studio's statically compiled "rsync" binary.
- Make sure that "rsync" utility is installed on Debian host using package manager "i.e. apt".
- Create backup copy of the statically compiled rsync binary installed with transform studio.
  
  $ sudo mv /opt/.chtools/go/rsync /opt/.chtools/go/rsync_ch_static_original
- Identify the installed "rsync" path using "which rsync" command.
  
  $ which rsync /usr/bin/rsync
- Create a symbolic link to the installed "rsync" from transfrom studio binary location.
  
  $ sudo ln -s /usr/bin/rsync /opt/.chtools/go/rsync
- Note: If the buildBox used for transformation is also a Debian host, user has to follow the same steps above for BuildBox too.
Weblogic transform fails if user tries to transform Non-X-Ray profile and adds a simple password like “admin” in Domain_Security Config map.
- Resolution: User should provide a complex Password in domain_security config map.

Merge profile with processes under different user context

It may happen the user wants to merge two apps/processes running under different user context.
The workaround is to use the edit dockerfile feature to edit the docker file accordingly.

Ex:

FROM ubuntu:16.04
LABEL name="nginxwildfly" \ 
version="1.0" \ 
release="1.0" \ 
description="Built by CloudHedge Transformation Studio"

# Install required packages if any

# Note: Detected 32 bit dependencies for the process
# You may need to update the dockerfile with required 32 bit dependencies
# RUN apt-get install ia32-libs -y

RUN apt-get update -y && apt-get install sudo -y

# set env vars. 
ENV LANG="en_US.UTF-8" \ 
    SHELL="/sbin/nologin" \ 
    WILDFLY_CONFIG="standalone.xml" \ 
    WILDFLY_MODE="standalone" \ 
    WILDFLY_CONSOLE_BIND="0.0.0.0" \ 
    LAUNCH_JBOSS_IN_BACKGROUND="1" \ 
    WILDFLY_BIND="0.0.0.0" \ 
    LOGNAME="wildfly" \ 
    USER="wildfly" \ 
    PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

EXPOSE 80
EXPOSE 8443
EXPOSE 8080
EXPOSE 9990

RUN mkdir /ch-tarball
ADD tarball.tar.gz /ch-tarball
ADD autoMove.cdc /opt/
RUN mv /ch-tarball/etc/resolv.conf /ch-tarball/etc/resolv.conf.ch-tarball || true \
&& mv /ch-tarball/etc/hostname /ch-tarball/etc/hostname.ch-tarball || true \
&& rm -rf /ch-tarball/sys || true \
&& rm -rf /ch-tarball/proc || true \
&& rm -rf /var/run || true \
&& mv /ch-tarball/opt/chcmd /bin/ \
&& chcmd copy --src /ch-tarball/ --dst / \
&& chcmd copy --src /ch-tarball/opt/ --dst /opt/ || true \
&& chcmd copy --src /ch-tarball/var/ --dst /var/ || true \
&& chcmd copy --src /ch-tarball/etc/ --dst /etc/ || true \
&& chcmd automv || true \
&& rm -rf /ch-tarball \
&& rm -f /bin/chcmd
ADD ./ch-run.sh /opt/

USER root

WORKDIR /

RUN echo "#!/bin/sh\n" \
        "cd / || true \n" \
        "sudo -u root /usr/sbin/nginx -g 'daemon off;' & \n" \
        "cd / || true \n" \
        "sudo -u wildfly /opt/wildfly/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND $WILDFLY_CONSOLE_BIND \n" \
        "/opt/ch-procmon monitor --pid $$ \n" \
        "\n" > /opt/ch-run.sh

CMD ["/opt/ch-run.sh"]

# /opt/ch-run.sh contents
# #!/bin/sh
# 
# cd / || true 
# /usr/sbin/nginx -g 'daemon off;' &
# cd / || true 
# /opt/wildfly/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND $WILDFLY_CONSOLE_BIND
# 
# /opt/ch-procmon monitor --pid $$

Including ExecStartPre and ExecStartPost

There are cases where we need to consider the commands to be included before the main command. This can be done by using the edit dockerfile feature.

Ex:

RUN echo '#!/bin/sh' > /opt/ch-run.sh
RUN echo 'cd /var/lib/mysql || true' >> /opt/ch-run.sh
RUN echo '/usr/lib/mysql/mysql-systemd-helper install' >> /opt/ch-run.sh
RUN echo '/usr/lib/mysql/mysql-systemd-helper upgrade' >> /opt/ch-run.sh
RUN echo '/usr/lib/mysql/mysql-systemd-helper start' >> /opt/ch-run.sh
RUN echo '/opt/ch-procmon monitor --pid $$' >> /opt/ch-run.sh

Restart of appliance needed on update of SAML configuration
- Restart of the appliance may be needed on update of the SAML configuration for it to take effect.
Hardlinks
- We detect hardlinks, but the two separate files gets created for now.
- hard links are treated as regular files.
Transform : Centos 8x : Transform failed with error : exit code: 127
- This issue could be due to incompatible libc libraries which are detected as part of discovery process and the libc libraries which are packaged inside the target container image (The container image mentioned as part of the FROM Clause).
- The work around is to exclude those non-compatible libc libraries from file explore, then save changes and build the container image again.