Environment
Symptoms
- Solr cores are not optimizing.
- /var/log/cb/job-runner/jog-runner.log only contains ondemand_cbdiag_check entries.
- The 'chage -l cb' command lists 'Password expires' and/or 'Account expires' with dates in the past.
Cause
The 'cb' user account password expiration and/or account expiration dates may have expired which block the cb account from running necessary processes or create files.
Resolution
- Log into each cluster node (primary + secondary servers) as the root user.
- Set the 'cb' user account back to the default settings of a nologin account without expiration dates.
chage -E -1 cb
chage -M -1 cb
chage -l cb
The expected output of the 'chage -l cb' command should be similar to:
# chage -l cb
Last password change : Jan 22, 2020
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : -1
Maximum number of days between password change : -1
Number of days of warning before password expires : -1
- Confirm cb user settings in /etc/passwd
cb:x:<uid>:<gid>:Service account for VMware Carbon Black EDR:/var/cb:/sbin/nologin
- Restart the cluster.
Additional Notes
- The 'cb' user account is used to run the solr_optimize, watchlist, etc cronjobs. Some security guidelines (e.g. STIG) require password expirations and/or account expirations. They are necessary for login accounts, not nologin accounts.
- The 'cb' user account, required to run EDR, is a nologin account and the password and account should be set to never expire.
- The 'cb' user account should not be used for any other purpose but to run EDR. If another non-root user is needed requiring non-root shells and account expiration dates please create another account. See the VMware EDR Cluster Management Guide for details.
- The Resolution steps above should be run on all nodes, primary + secondary servers.
Related Content
