Sysadmin's Shouts!

a blog for sysadmin's rants and raves…


Leave a comment

SuSe VM Migrated from VMware

SuSe VMs migrated from VMware to other platforms (OVM, Xen, KVM, Ravello) check for compliance on startup, and give the following message (or simmilar):

The profile does not allow you to run the products on this system.

Hypervisor used current value: 'xen' must be one of: 'vmware'.

Forcing you to go into the console and press any key to accept the warning disclaimer that the actual setup is not supported by Suse.

OVM - Suse VMware to OVM migrations

While this might be good to know the first time you migrate a VM, it’s a disguised “Nagging Screen“, which limits the use of this VMs in a production setup, as reboots require manual intervention. And as we know, sometimes is not that easy to recreate the VM from fresh in the supported setup.

To bypass this compliance check, we should find out the script which is giving us the error, so we can decide how to bypass it:

1.- First, we check the release version of our troubled system, so we can write down the solution for this particular version (in case different versions have diff. solutions).

SUSETEST:~ # cat /etc/*release*
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 4
LSB_VERSION="core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64"
cat: /etc/lsb-release.d: Is a directory
NAME="SLES"
VERSION="11.4"
VERSION_ID="11.4"
PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:11:4"

2.- Second, we will try to find the script that gives us the nasty message, by launching a brute-force grep on /usr/bin:

SUSETEST:~ # grep "profile does not allow you" /usr/bin/*
isCompliant: print __("The profile does not allow you to run the products on this system.\n");

3.- Third, we have found one file called isCompliant on /usr/bin, so we will find more about it:

SUSETEST:~# file /usr/bin/isCompliant
/usr/bin/isCompliant: a /usr/bin/perl -w script text

It is a perl script, we can check to see if it has manual page:

SUSETEST:~# man isCompliant

ISCOMPLIANT(1) ISCOMPLIANT(1)

NAME
isCompliant

SYNOPSIS
isCompliant [options]

DESCRIPTION
"isCompliant" check a profile with the system where products gets installed.

OPTIONS
--quiet -q
Do not print messages on stdout or stderr. Only the exit code indicate if the compliance check was successfull or
not.

--debug -d
Turn on the debug mode.

AUTHORS and CONTRIBUTORS
Duncan Mac-Vicar Prett, Michael Calmer

LICENSE
Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.

Or Help info:

SUSETEST:~# /usr/bin/isCompliant -h
usage: /usr/bin/isCompliant [--quiet|-q]
/usr/bin/isCompliant [--debug|-d]
/usr/bin/isCompliant [--help|-h|-?]
Options:
-h -? [--help] show this help
-q [--quiet] print no messages
-d [--debug] print debug messages
isCompliant check a profile with the system where products gets installed.
isCompliant exit with 0 if the system is compliant to the product profile.
Otherwise it exist with 1

Looks like it’s just a script that checks certain compliance requirements and returns our infamous message, and on the help it says that it returns a RC=0 when a system is compliant, and a RTC=1 when it’s not.

We also see, that running it with the -q flag, it will only run and return a RC, without displaying messages on screen.

OK, knowing this info, let’s invoke it, and check it out:

SUSETEST:~# /usr/bin/isCompliant
The profile does not allow you to run the products on this system.

Proceeding to run this installation will leave you in an
unsupported state and might impact your compliance requirements.

The following requirements are not fulfilled on this system:
* Hypervisor used (current value: 'xen'); must be one of: 'vmware'

SUSETEST:~# echo $?
1

SUSETEST:~# /usr/bin/isCompliant -q
SUSETEST:~# echo $?
1

Bingo! This is definitely our boot pausing friend. It gives the error message, and returns a RC=1. But it’s not the one that forces us to press a key if the system is not
compliant, so it must be invoked by another script at boot time.

Now we could do two things, one is replacing this script for our own “compliance checker” and the other is to find the isCompliant invoking script and change it there, just
in that case replacing the original isCompliant breaks something else further down the line.

My recommended method is Solution 2, but the fastest to implement is Solution 1.

Solution 1.- Replace isCompliant with our own brew.

Before replacing the original script, we will keep the original, just in case it’s needed further on, and to have a rollback option.

SUSETEST:~# cp -p /usr/bin/isCompliant /usr/bin/isCompliant.orig

Now we will just replace the script with a simple “exit 0”, that will allways return OK in any case.

SUSETEST:~# echo "exit 0" > /usr/bin/isCompliant

 

Solution 2.- Modify isCompliant boot invoking script.

First we need to find out the name of the isCompliant invoking scrpits, so we launch another brute-force grep, this time at /etc/init.d folders:

SUSETEST:~# grep "/usr/bin/isCompliant" /etc/init.d/*
/etc/init.d/boot.compliance: MSG=`/usr/bin/isCompliant`

And we find it, it’s called boot.compliance (so it really was pretty well self-documented).

We check the startup script, and we find the start sequence:

case "$1" in
start|restart|force-reload)
# Check if we're running in inst-sys or stage 2 of the installation - if so,
# the check must not be performed as there's already a check in YaST
if test -f /var/lib/YaST2/runme_at_boot ; then
exit
fi
echo -n "Check if the profiles matches the system"

MSG=`/usr/bin/isCompliant`
CODE=$?
if [ "$CODE" != "0" ]; then
splash=""
# Switch bootsplash to verbose mode to make text messages visible.
if test -f /proc/splash ; then
read splash < /proc/splash echo "verbose" > /proc/splash
fi

clear

echo -e "\n"
echo -e "=========================================================================="
echo -e "\n"
echo -e "$MSG"
echo -e "\n"
echo -e "Press any key to proceed with booting."
echo -e "\n"
echo -e "=========================================================================="

read -n 1

clear
[[ "$splash" =~ silent ]] && echo silent > /proc/splash
fi

As we can see marked in red, the variable MSG executes and captures the isCompliant output, and the variable CODE collects it’s return code.
Then an “if” sentence checks the compliance, and if its different from 0 (Not Compliant), shows the screen with the MSG and waits for any key to be pressed before continuing.

As usual, we will make a backup of the original config file before making any changes into the working configuration:

SUSETEST:~# cp -p /etc/init.d/boot.compliance /etc/init.d/boot.compliance.orig

So, our change it’s going to be replacing the “read -n 1” with a “sleep 6“, because we are going to leave the “Not Compliance” message on screen during 6 seconds at boot time, to remind us that this system is not supported by SuSe in it’s actual configuration.

We will also comment the “Press any key…” message, to allow for automatic rebooting of the system.

SUSETEST:~# vi /etc/init.d/boot.compliance

It will end up as follows:

case "$1" in
start|restart|force-reload)
# Check if we're running in inst-sys or stage 2 of the installation - if so,
# the check must not be performed as there's already a check in YaST
if test -f /var/lib/YaST2/runme_at_boot ; then
exit
fi
echo -n "Check if the profiles matches the system"

MSG=`/usr/bin/isCompliant`
CODE=$?
if [ "$CODE" != "0" ]; then
splash=""
# Switch bootsplash to verbose mode to make text messages visible.
if test -f /proc/splash ; then
read splash < /proc/splash echo "verbose" > /proc/splash
fi

clear

echo -e "\n"
echo -e "=========================================================================="
echo -e "\n"
echo -e "$MSG"
echo -e "\n"
#echo -e "Press any key to proceed with booting."
echo -e "\n"
echo -e "=========================================================================="

#read -n 1
sleep 6

clear
[[ "$splash" =~ silent ]] && echo silent > /proc/splash
fi

We can save the modified file and reboot the system to check that we have the 6 seconds warning and then just carries on booting as usual.

So, with a little digging around the system we have found how to bypass the nagging screen and convert back our migrated VM into a workable system.

 

Advertisements