[root@localhost:~] esxcli software vib install -v /scratch/kdriver_RPESX-00.5.3.1.1.0.m.149.000.vib --no-sig-check [LiveInstallationError] Error in running ['/etc/init.d/rp-splitterd', 'start', 'install']: Return code: 1 Output: Wed Nov 10 18:24:18 UTC 2021: rp_splitterd: Starting rp_splitter Wed Nov 10 18:24:18 UTC 2021: rp_splitterd: DEBUG (notice true==0): isKdriverRunning=1, isSplitterRunning=1 --- /etc/vmware/esx.conf +++ /tmp/auto-backup.2100162//etc/vmware/esx.conf @@ -1,18 +1,299 @@ -/adv/UserVars/RP_IP_Discovery_5 = "" -/adv/UserVars/RP_IP_Discovery_8 = "" ... Saving current state in /bootbank Clock updated. Time: 18:24:19 Date: 11/10/2021 UTC Successfully created /opt/emc/rp/kdriver/mod/esx_splitter Creating symbolic link /usr/lib/vmware/vmkmod/esx_splitter ... Ready to load ESX splitter Cannot load module esx_splitter: Failure Cannot load module esx_splitter: Failure Failed to launch splitter. For assistance, please run launch_splitter.sh --help Wed Nov 10 18:24:20 UTC 2021: rp_splitterd: start_kdriver_from_boot.sh Failed to execute. failing service. It is not safe to continue. Please reboot the host immediately to discard the unfinished update. Please refer to the log file for more details.
2021-11-10T18:24:18.411Z cpu1:2100089)VisorFSTar: 1994: emcrpspl.t00 (797949359604956901) as emcrpspl.t00 for 44144640 bytes 2021-11-10T18:24:20.285Z cpu3:2100373)UserMem: 7388: mmap denied: boot opt execInstalledOnly is set: file not installed
2021-11-12T15:53:29.004Z cpu2:525352)UserMem: 7576: mmap denied: boot opt execInstalledOnly is set: file not installed 2021-11-12T15:53:29.029Z cpu0:525042)Jumpstart plugin rp-splitterd activation failed: Method invocation failed
esxcli system settings encryption set --require-exec-installed-only=F
esxcli system settings encryption get Mode: TPM Require Executables Only From Installed VIBs: false Require Secure Boot: true
/sbin/auto-backup.sh
Dieses Problem kann sich auch auf funktionierende RecoverPoint-Systeme auswirken, wenn Kunden das STIG-Sicherheitsverstärkungsverfahren ausführen.
Das Verfahren legt die Standard-STIG-Werte fest, die uns den Parameter "VMKernel.Boot.execInstalledOnly" = True ändern.
Das Verfahren ändert die ESXi-Konfiguration, wird aber beim nächsten Neustart/Upgrade angewendet und kann zu VxRail-Upgradeproblemen führen, da die aktualisierten Hosts recoverPoint for VMs-geschützte VMs nicht ausführen können.
Obwohl es möglich ist, vib mit der Option --no-live-install zu installieren, scheint der Splitter auch nach dem Neustart nicht zu funktionieren.