Skip to main content
Unable to upgrade NAS Proxies from Druva Console

Unable to upgrade NAS Proxies from Druva Console

Updated over a month ago

Problem Description

Unable to upgrade NAS Proxies from UI

Cause

The issue was identified as a noexec permission setting on the /tmp mount point, which prevented the upgrade process from executing files necessary for the update..

Traceback

level=info ts=2024-10-17T14:02:51.828027481Z filename=commandhandler.go:325 Module=CommandHandler method=upgradeDevice message="req: &{SHA2Checksum:1fb3b52d5dceb4bf2f091c697b18f43cd85dc49179060d16e7adcffefa9c2627 PrefixPatternData:map[branchName:v0.3.27 deviceType:2 packageType:1] PrefixKey:DevicePackage PackageName:EnterpriseWorkloads-UnifiedAgent-7.0.2-552895-x86_64.rpm Version:7.0.2::r552895}"level=warn ts=2024-10-17T14:02:51.836406821Z filename=signatureutils.go:58 Package=signatureutils method=isSignatureVerificationEnabled message="binary signature verification is disabled"level=warn ts=2024-10-17T14:02:51.836484031Z filename=signatureutils_linux.go:33 Package=signatureutils method=VerifyBinarySignature binary=EnterpriseWorkloadsUpgrader message="binary signature verification is disabled"level=info ts=2024-10-17T14:02:51.851720479Z filename=commandhandler_linux.go:49 Module=CommandHandler method=spawnUpgrader message="spawning upgrader with cmd /usr/bin/systemd-run --scope --slice=upgrade_EnterpriseWorkloads /tmp/EnterpriseWorkloadsUpgrader eyJTSEEyQ2hlY2tzdW0iOiIxZmIzYjUyZDVkY2ViNGJmMmYwOTFjNjk3YjE4ZjQzY2Q4NWRjNDkxNzkwNjBkMTZlN2FkY2ZmZWZhOWMyNjI3IiwicHJlZml4X3BhdHRlcm5fZGF0YSI6eyJicmFuY2hOYW1lIjoidjAuMy4yNyIsImRldmljZVR5cGUiOiIyIiwicGFja2FnZVR5cGUiOiIxIn0sInByZWZpeF9rZXkiOiJEZXZpY2VQYWNrYWdlIiwicGFja2FnZU5hbWUiOiJFbnRlcnByaXNlV29ya2xvYWRzLVVuaWZpZWRBZ2VudC03LjAuMi01NTI4OTUteDg2XzY0LnJwbSIsInZlcnNpb24iOiI3LjAuMjo6cjU1Mjg5NSJ9Cg=="

Resolution

To resolve the issue, the noexec permission on the /tmp mount point must be removed to allow executable files to run from this directory. Follow these steps to update the permissions on /tmp:

  1. Verify if /tmp is Mounted with the noexec Option

    1. Run the following command to check the current mount options for /tmp:
      mount | grep /tmp

    2. Example Output (with noexec):
      tmpfs on /tmp type tmpfs (rw,nosuid,noexec,relatime)

    3. If the output includes noexec, this confirms that the permission setting is causing the issue.

  2. Temporarily Remount /tmp with Exec Permissions:

    1. To resolve the issue temporarily (until the next reboot), remount /tmp with exec permissions:

      sudo mount -o remount,exec /tmp

    2. Effect of the Command:

      1. This command removes the noexec restriction, allowing binaries to execute in /tmp for the current session.

    3. Example Use Case:

      1. After running the command, you can retry the NAS Proxy upgrade process, which should now proceed without errors.

  3. Permanently Update /etc/fstab to Allow Exec on /tmp:
    To make the permission change permanent, modify the /etc/fstab file:

    1. Open the /etc/fstab file in a text editor:
      sudo nano /etc/fstab

    2. Locate the line that mounts /tmp. For example:
      tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0

    3. Remove the noexec option to allow executable permissions:
      tmpfs /tmp tmpfs defaults,exec,nosuid 0 0

    4. Save and exit the editor.

    5. Remount /tmp to apply the changes immediately:
      sudo mount -o remount /tmp

  4. Retry the NAS Proxy Upgrade:
    Once the /tmp directory allows executable permissions:

    1. Return to the Phoenix UI and initiate the NAS Proxy upgrade.

    2. Monitor the logs to confirm that the upgrade process progresses smoothly.

Verification

  • After the upgrade, check the Phoenix UI to confirm that the NAS Proxy version has been updated successfully.

  • Verify the logs for any messages indicating successful completion of the process.

Example Scenario:

  • Before Fix: The NAS Proxy upgrade fails with a permission error due to the noexec setting on /tmp.

  • After Applying Fix: By temporarily remounting /tmp with exec and permanently updating /etc/fstab, the upgrade proceeds successfully, and the issue is resolved.

By following these steps, you ensure that the /tmp directory is configured to support executable permissions, which are essential for the NAS Proxy upgrade process.

Did this answer your question?