HPE Community
HPE VM Essentials
1820255 Members
2984 Online
109622 Solutions
New Discussion

Installing Morpheus Agent on Rocky Linux

 
SOLVED
Go to solution
dya
Advisor

‎03-21-2025 06:59 PM - last edited on ‎03-23-2025 09:01 PM by

‎03-21-2025 06:59 PM - last edited on ‎03-23-2025 09:01 PM by

Installing Morpheus Agent on Rocky Linux

I did the following in the same way as when using Ubuntu Server on a VM.

① Install "qemu-guest-agent" on Rocky Linux and make sure it's running
② Select "Install Agent" from the virtual machine's actions

It didn't work at first, but by doing the following two things, the virtual machine's action "Install Agent" completed successfully.

・Comment out "FILTER_RPC_ARGS" in /etc/sysconfig/qemu-ga
・Set SELinux to "Permissive"

However, both seem to relax security, so when running Rocky Linux (Red Hat-based Linux) on a VME, what is the best way to handle qemu-ga's "--allow-rpcs" and SELinux?

※Sorry if this is hard to understand as it is machine translated

0 Kudos
Reply
4 REPLIES 4
babusude
HPE Pro

‎03-23-2025 06:58 PM

‎03-23-2025 06:58 PM

Re: Installing Morpheus Agent on Rocky Linux

is there a reason why you did this ?  "Comment out "FILTER_RPC_ARGS" in /etc/sysconfig/qemu-ga"

If you download the agent script you will see that the script is like this.
curl -k -s "https://${applianceUrl}/api/server-script/agentInstall?apiKey=${apiKey}" | bash

If you take an SSH to Rocky linux and then run the command like this ( add the -v), then we will get the exact reason if/why the agent install is not happening.
curl -v -k -s "https://${applianceUrl}/api/server-script/agentInstall?apiKey=${apiKey}" | bash



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
dya
Advisor

‎03-24-2025 05:20 AM

‎03-24-2025 05:20 AM

Re: Installing Morpheus Agent on Rocky Linux

Thank you.

The reason is that when I investigated the issue of being unable to install using the virtual machine action "Install Agent", I found the following error when running "journalctl -f" on the host.

libvirtd[1235]: internal error: unable to execute QEMU agent command 'guest-exec': Command guest-exec has been disabled: the command is not allowed

I believe that downloading a script from a virtual machine action and running it on the guest OS is not the best option for general users, not engineers, so I would like to be able to install it using the VME Manager web screen, and I would like to know if there is a better way to do it.

0 Kudos
Reply
babusude
HPE Pro

a week ago

a week ago

Solution

Re: Installing Morpheus Agent on Rocky Linux

The error you saw, means that Rocky Linux (like other Red Hat-based systems) blocks certain QEMU agent features by default to improve security.
One of those blocked features is guest-exec, which is needed by VME Manager to run the agent install script.
libvirtd[1235]: internal error: unable to execute QEMU agent command 'guest-exec': Command guest-exec has been disabled: the command is not allowed

Why your changes worked:
Commenting out FILTER_RPC_ARGS lets guest-exec and similar commands run, so the install could complete.
Setting SELinux to "Permissive" stops it from blocking actions, which also helped.

But yes, both of these changes reduce system security, so it’s good to find a better way.

A better approach:
Keep SELinux in Enforcing mode
Instead of turning SELinux off (Permissive), we can teach it to allow just what’s needed. You can use these commands:

ausearch -m avc -ts recent
audit2allow -M myqemu
semodule -i myqemu.pp
This watches for what SELinux blocks and then creates a rule to allow it.
Temporarily allow agent install:
You could allow guest-exec only during installation, then put the FILTER_RPC_ARGS setting back afterward. This keeps things secure most of the time.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
dya
Advisor

Wednesday

Wednesday

Re: Installing Morpheus Agent on Rocky Linux

thank you.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.