Rocky 8 with PAM authentication

Hi All, I’m installing ondemand 2.0 on a Rocky 8.5 system. I see in RHEL 8 version OS’s that httpd is used instead of httpd24. When attempting to Add PAM Authentication from “Add PAM Authentication — Open OnDemand 2.0.20 documentation” step 7 says to run:

/opt/ood/ood-portal-generator/sbin/update_ood_portal

When I run that I end up with errors that are pointing to httpd24.

Generating new Apache config at: ‘/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf’
sh: /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf: No such file or directory
chown root:apache /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
No such file or directory @ apply2files - /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
Run ‘update_ood_portal --help’ to see a full list of available options.

Is there a config file somewhere that I can tell it which httpd I’m using? Thanks in advance, Kyle

Hello and welcome!

I just need to be sure on the OS vesrion, what does cat /etc/os-release | grep VERSION outuput? OOD should be picking that up dynamically to avoid something like this.

Also, when you output your env there isn’t anything there would would break things is there? Mainly thinking of something odd with MODULEPATH or something like that.

Hi Travis, thanks for the response. That might be the issue. If I cat the entire /etc/os-release file on this system it only outputs:

PLATFORM_ID="platform:el8"

Unlike a Centos 7 system contains a lot more info. Maybe this is something to do with Rocky in particular.

The env is pretty generic. Though we are using modules so we do have MODULEPATH set. Here is the full contents.

# env
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=01;36:.au=01;36:.flac=01;36:.m4a=01;36:.mid=01;36:.midi=01;36:.mka=01;36:.mp3=01;36:.mpc=01;36:.ogg=01;36:.ra=01;36:.wav=01;36:.oga=01;36:.opus=01;36:.spx=01;36:.xspf=01;36:*
SSH_CONNECTION=10.141.0.254 59720 10.141.0.249 22
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
HOSTNAME=oodsrv001
__LMOD_SET_FPATH=1
FPATH=/opt/ohpc/admin/lmod/lmod/init/ksh_funcs
which_declare=declare -f
XDG_SESSION_ID=6
USER=root
__LMOD_REF_COUNT_MODULEPATH=/opt/ohpc/admin/modulefiles:1;/opt/ohpc/pub/modulefiles:1
PWD=/root
HOME=/root
LMOD_COLORIZE=no
SSH_CLIENT=10.141.0.254 59720 22
LMOD_VERSION=8.5.22
LMOD_SETTARG_CMD=:
BASH_ENV=/opt/ohpc/admin/lmod/lmod/init/bash
ModuleTable001=X01vZHVsZVRhYmxlXyA9IHsKTVR2ZXJzaW9uID0gMywKY19yZWJ1aWxkVGltZSA9IGZhbHNlLApjX3Nob3J0VGltZSA9IGZhbHNlLApkZXB0aFQgPSB7fSwKZmFtaWx5ID0ge30sCm1UID0ge30sCm1wYXRoQSA9IHsKIi9vcHQvb2hwYy9hZG1pbi9tb2R1bGVmaWxlcyIsICIvb3B0L29ocGMvcHViL21vZHVsZWZpbGVzIiwKfSwKc3lzdGVtQmFzZU1QQVRIID0gIi9vcHQvb2hwYy9hZG1pbi9tb2R1bGVmaWxlczovb3B0L29ocGMvcHViL21vZHVsZWZpbGVzIiwKfQo=
LMOD_ROOT=/opt/ohpc/admin/lmod
SSH_TTY=/dev/pts/2
MAIL=/var/spool/mail/root
TERM=xterm
SHELL=/bin/bash
ModuleTable_Sz=1
SHLVL=1
MANPATH=:/opt/pbs/share/man
LMOD_PREPEND_BLOCK=normal
MODULEPATH=/etc/scl/modulefiles:/opt/ohpc/admin/modulefiles:/opt/ohpc/pub/modulefiles
LOGNAME=root
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/0/bus
XDG_RUNTIME_DIR=/run/user/0
PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/pbs/bin:/opt/pbs/sbin
MODULESHOME=/usr/share/Modules
LMOD_SETTARG_FULL_SUPPORT=no
HISTSIZE=1000
LMOD_PKG=/opt/ohpc/admin/lmod/lmod
LMOD_CMD=/opt/ohpc/admin/lmod/lmod/libexec/lmod
LESSOPEN=||/usr/bin/lesspipe.sh %s
LMOD_FULL_SETTARG_SUPPORT=no
LMOD_DIR=/opt/ohpc/admin/lmod/lmod/libexec
BASH_FUNC_which%%=() { ( alias;

  • eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot “$@”*
    }
    BASH_FUNC_module%%=() { eval $($LMOD_CMD bash “$@”) && eval $(${LMOD_SETTARG_CMD:-:} -s sh)
    }
    BASH_FUNC_scl%%=() { if [ “$1” = “load” -o “$1” = “unload” ]; then
  • eval “module $@”;*
  • else*
  • /usr/bin/scl “$@”;*
  • fi*
    }
    BASH_FUNC_ml%%=() { eval $($LMOD_DIR/ml_cmd “$@”)
    }
    _=/usr/bin/env

Kyle

Hmm, that is strange. On my Rocky system I get:

$ cat /etc/os-release
NAME=“Rocky Linux”
VERSION=“8.5 (Green Obsidian)”
ID=“rocky”
ID_LIKE=“rhel centos fedora”
VERSION_ID=“8.5”
PLATFORM_ID=“platform:el8”
PRETTY_NAME=“Rocky Linux 8.5 (Green Obsidian)”
ANSI_COLOR=“0;32”
CPE_NAME=“cpe:/o:rocky:rocky:8:GA”
HOME_URL=“https://rockylinux.org/
BUG_REPORT_URL=“https://bugs.rockylinux.org/
ROCKY_SUPPORT_PRODUCT=“Rocky Linux”
ROCKY_SUPPORT_PRODUCT_VERSION=“8”

-Dj

I’m perplexed at the OS output, when I do the same i have:

NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.5 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"

So something seems very off with the OS itself maybe? I’m not sure why you only have a PLATFORM_ID field being output from that file, but this would be a reason OOD can’t set itself up properly as it uses that for the OS version to build on.

Well at least I know where to look now. This is basically a compute node built with OpenHPC. The head node reports correctly as your file does, but all my computes only have the single line output in os-release. I’ll do some digging to see why this is the case. Appreciate the pointer. I’ll let you know what I find. Kyle

A step closer. I did get the update_ood_portal issue resolved. On a standard Rocky install /etc/os-release is a symbolic link to /usr/lib/os-release. The os-release file located in /usr/lib was correct, so I removed the one in /etc and created a symbolic like to /usr/lib/os-release. Now the correct apache is found.

At this point I get the sign on page to appear on the portal, but am unable to login with root or a user that are configured on the ood server.

I see these errors in /var/log/httpd/error.log
PAM authentication failed for user nortech: Authentication failure
AH01617: user nortech: authentication failure for “/pun/sys/dashboard”: Password Mismatch

Any ideas where to go from here? Thanks again

A couple more notes:
SSH authentication works and my pam.d config files are the same from ssh to ood.

diff /etc/pam.d/sshd /etc/pam.d/ood

I’ve als modified the shadow file with permissions.

ll /etc/shadow

-rw-r----- 1 root apache 1515 Apr 22 07:35 /etc/shadow

Resolved - I figured it out. My shadow/group/passwd files were not sync’d correctly. SSH was working using SSH keys not password. Once I corrected those files I was able to authenticate. I appreciate the help. Kyle

1 Like