The Hissing OMI on Azure's Linux VM

by Moises Jafet — on  ,  ,  , 
Tiempo de Lectura aprox.: 1 minute, 37 seconds

cover-image

TL;DR

If your Linux Azure VM emails every minute a cron job alert about OMI unable to find Kerbero's key, just run:

sudo /opt/omi/bin/support/config_keytab_update.sh --unconfigure

Microsoft Azure logo

Why does this happen?

If you have done your job well while setting up your Linux Virtual Machines on Azure, among your deployment recipe, surely you have configured the system to email out critical notificiations automatically.

As you are so smart, as a reward to your efforts, one day, out of the blue, your email inbox is innundated with emails with this content at a rate of one email every minute:

From<root (Cron Daemon)>

To<root>
SubjectCron <[email protected]> [ \( ! -f /etc/opt/omi/creds/omi.keytab \) -o \( /etc/krb5.keytab -nt /etc/opt/omi/creds/omi.keytab \) ] && /opt/omi/bin/support/ktstrip /etc/krb5.keytab /etc/opt/omi/creds/omi.keytab

DateToday at 12:32 PM
src kt = /etc/krb5.keytab File /etc/krb5.keytab does not exist /opt/omi/bin/support/ktstrip: 38: exit: Illegal number: -1

OMI, the Open Management Infrastructure, is the tool used on Azure for instropection services on your Virtual Machines running Linux. All Linux VMs on Azure with diagnostic services enabled are going to be impacted if the faulty code is applied by some automatic update.

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.

OMI's complain is due to the fact that you don't have Kerberos running on the VM.

I reported this issue more than four months ago on the official issue tracker. Even though they fixed this bug on the repository upstream, the issue still persists. I know that, because I still randomly get a VM impacted by this regression. For example, today, one of my VMs got updated with the faulty code again prompting me to write this blog post.

To stop the annoying emails run:

sudo /opt/omi/bin/support/config_keytab_update.sh --unconfigure

You will get back as a reply:

[email protected]:~$ sudo /opt/omi/bin/support/config_keytab_update.sh --unconfigure
2018-03-24 16:51:49 : Crontab no longer configured to update omi keytab.

And peace will settle down on your inbox again.

Blog Comments powered by Disqus.

Moisés Jafet Cornelio-Vargas

About Moisés

Profile picture

Physicists, award-winning technologist, parallel entrepreneur, consultant and proud father born in the Dominican Republic.
Interested in HPC, Deep Learning, Semantic Web, Internet Global High Scalability Apps, InfoSec, eLearning, General Aviation, Formula 1, Classical Music, Jazz, Sailing and Chess.
Founder of pluio.com and hospedio.com.
Author of the Sci-fi upcoming novel Breedpeace and co-author in dozens of publications.
Co-founder of MunicipiosAlDia.com, Jalalio Media Consultants and a number of other start-ups.
Former professor and Key-note speaker in conferences and congresses all across the Americas and Europe.
Proud member of the Microchip No.1 flying towards Interestellar space on board NASA's Stardust Mission, as well as member of Fundación Municipios al Día, Fundación Loyola, Fundación Ciencias de la Documentación and a number of other non-for profit, professional organizations, Open Source projects and Chess communities around the world.
All opinions here are his own's and in no way associated with his business interests or collaborations with third-parties.