If an AFX server is started as the
root user, problems can occur that will prevent correct management of the server and its connectors.
EXAMPLES:
- When subsequently trying to manage the server as the less privileged afx user, the following errors may occur:
ERROR: java.io.IOException: Operation not permitted
Mule Enterprise Edition is already running
- If the AFX server is subsequently stopped as the root user and later started as the afx user, other problems may occur such as:
WARNING!! Timed out waiting for AFX applications to start. Please check AFX application log files for detailed status information
- The user interface (AFX > Server) may indicate that the AFX server is Running (green) but the AFX connectors (AFX > Connectors) may show with a status of Deployed (yellow) or Not Deployed (red)
- An AFX-related process is still running:
ps -ef | grep AFX
root 20019 1 0 09:57 pts/1 00:20:57 /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/bin/java
-Xms512m -Xmx512m -Dorg.apache.activemq.UseDedicatedTaskRunner=true
-Djava.util.logging.config.file=logging.properties
-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -XX:MaxMetaspaceSize=512m
-XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled
-XX:+UseStringDeduplication -XX:InitiatingHeapOccupancyPercent=5
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.password.file=/home/oracle/AFX/activemq/conf/jmx.password
-Dcom.sun.management.jmxremote.access.file=/home/oracle/AFX/activemq/conf/jmx.access
-Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote
-Dactivemq.classpath=/home/oracle/AFX/activemq/conf; -Dactivemq.home=/home/oracle/AFX/activemq
-Dactivemq.base=/home/oracle/AFX/activemq -Djava.security.egd=file:/dev/./urandom
-jar /home/oracle/AFX/activemq/bin/run.jar start
- File permissions are incorrect as noted by executing the below as the afx user:
cd $AFX_HOME/bin
./setPerms.sh
Updating permissions for files in /home/oracle/AFX
chmod: changing permissions of `/home/oracle/AFX/esb/logs/active/esb.AFX-MAIN-PERSISTED.log': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/esb/logs/active/esb.AFX-CONN-AD-connector.log': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/esb/logs/active/esb.AFX-INIT-PERSISTED.log': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/esb/logs/sent/esb.AFX-CONN-AD-connector.log.20190624_095849_883': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/esb/logs/sent/log-batch-290214ce-e1e6-4759-b2ab-1e9392f24c30.xml': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/esb/conf/client.keystore': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/activemq/data/kahadb/lock': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/logs/manager.2019-06-24.log': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/logs/host-manager.2019-06-24.log': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/workspaces/default/index/indexes_7p8q': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/workspaces/default/index/_7p8n/segments.gen': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/workspaces/default/index/_7p8n/segments_2': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/workspaces/default/index/_7p8n/_0.cfs': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/workspaces/default/index/_7p8n/cache.inSegmentParents': Operation not permitted
chmod: changing permissions of `/home/oracle/AFX/mmc-console/mmc-data/db/log/log1054.dat': Operation not permitted done
- Checking any one of the above files shows the file owned by root instead of by the afx user:
ll /home/oracle/AFX/esb/conf/client.keystore
-rw-r--r-- 1 root root 5329 Mar 2 15:07 /home/oracle/AFX/esb/conf/client.keystore
- Checking AFX ports such as 61616, 8585, or 8444 via netstat may show a port unexpectedly in use:
cd $AVEKSA_HOME/database/DBA/AVDB/scripts
netstat -an | grep 61616
tcp 0 0 127.0.0.1:18212 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18207 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18206 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18213 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18208 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18166 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18214 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18167 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:18168 127.0.0.1:61616 ESTABLISHED
tcp 0 0 127.0.0.1:61616 :::* LISTEN