RTMT: file SFTPServerList.xml used by other RTMT client

hviridis31 · ‎10-08-2013

We are using Cisco Unified Communications Manager (CUCM) Version 8.6.2.22900-9 and Real Time Monitoring Tool (RTMT) Module and Plugin Version 8.92(002) running on Debian GNU/Linux 7. Trying to schedule a CDR download to an SFTP server through System > Trace & Log Central > Schedule Collection I got the following error dialog. Selecting the action option "Download Files" the dialog window "Trace Download Configuration" is opening. The Dialog appeared after I clicked "Test Connection" and confirmed the dialog window "SFTP/FTP Response" stating "Success while connecting from (publisher-fqn)". The error message is:

The file SFTPServerList.xml is used by other RTMT client!

In the log file .jrtmt/log/rtmt.log I could found the following information:

2013-10-08 19:56:03,588 [Thread-64] FATAL rtmt.control - SystemUtil: IOException: java.io.IOException: Permission denied
2013-10-08 19:56:03,589 [Thread-64] ERROR rtmt.control - LOCKING: IOException while getting lock on: /opt/cisco/jrtmt/SFTPServerList.xml
2013-10-08 19:56:03,589 [Thread-64] ERROR rtmt.control - LOCKING: Could not get lock on: /opt/cisco/jrtmt/SFTPServerList.xml

The file /opt/cisco/jrtmt/SFTPServerList.xml did not exist and the directory /opt/cisco/jrtmt was owned by user and group root. The user that was running RTMT did not have any write permission to that directory. The error disappeared when I granted those permissions to the user. Before I found this solution I had tried to run RTMT under Windows 7 but got stuck with similar problems (tool did not react on clicks) and had restarted RTMT and RIS services in CUCM Control Center - Network Services.

We analyse CDRs with some powerful gawk script (1024 lines) to look at call distribution for locations and gateway utilization. Through comma seperated value format Cisco enabled customers to integrate its software to their needs.

utilizationut

mccullough.ken · ‎12-10-2013

Thanks hviridis31! I was running into this same issue, your fix helped out.

jeremiah88 · ‎02-05-2015

Hi I am seeing this same error. Can you elaborate on how exactly you granted access to this directory for the rtmt user? I've tried both the platform/app admin account and get the same error with both. I am not a linux guru, and I can only assume you granted access to the directory through the linux CLI? Would you mind sharing the syntax of the required commands?

hagen_riedel · ‎02-10-2015

To clarify which permissions I had to set and how they are applied I post an example configuration.

Assume '/usr/bin/jrtmt' is run by user 'user1' in administrator group 'cucm' on a linux machine 'pc'.

user1@pc:~$ grep "cucm:" /etc/group
cucm:x:1007:user1,user2,user3

So I setup the access rights as following (complete file list for '/opt/cisco/jrtmt' is attached):

user1@pc:~$ ls -ld /opt/cisco/jrtmt
drwxrwxr-x 13 root  cucm 4096 Jan  1 11:00 /opt/cisco/jrtmt
user1@pc:~$ ls -l /opt/cisco/jrtmt/SFTPServerList.xml*
-rw-r--r-- 1  user1 cucm  283 Jan  1 11:00 /opt/cisco/jrtmt/SFTPServerList.xml
-rw-r--r-- 1  user1 cucm    0 Jan  1 11:00 /opt/cisco/jrtmt/SFTPServerList.xmllock.bin

Real Time Monitoring Tool was running so there existed a lock file. The directory '/opt/cisco/jrtmt' is owned by user 'root'. Group is 'cucm' that has read, write and access permission.

File 'SFTPServerList.xml' is owned by 'user1' and has been assigned to group 'cucm' while only owner has write permissions. This way the other users cannot accidentally add a new task as they will get the above message 'The file SFTPServerList.xml is used by other RTMT client!'. I suppose if write permissions are granted to the group all the group's administrators can configure a SFTP download.

The attached list 'stat-jrtmt.txt' has been generated by the following statement:

find /opt/cisco/jrtmt -exec /bin/bash -c 'f="{}"; echo "$( stat -c "%a %A %U:%G" "${f}" ) ${f}"' \; >stat-jrtmt.txt

To adapt permissions to match the above values type:

chown -c root:cucm /opt/cisco/jrtmt
# use symbolic representation
chmod -c u=rwx,g=rwx,o=rx /opt/cisco/jrtmt
# use octal mode
chmod -c 775 /opt/cisco/jrtmt
# check changes
ls -l /opt/cisco/jrtmt

Option '-c' ('--changes') means "like verbose but report only when a change is made". For example it will be reported:

user1@pc:~$ chmod -c 775 /opt/cisco/jrtmt
mode of ‘/opt/cisco/jrtmt’ changed from 0770 (rwxrwx---) to 0775 (rwxrwxr-x)

File 'SFTPServerList.xml' contains preselection data for SFTP configuration. Let me introduce our setup:

a server list (in RTMT field is named 'Host IP Address'): '123.12.123.12' is the destination ip address where Cisco UCM copies the download files
a username list (in RTMT field is named 'User Name'): we download call detail records (cdr) and audit logs to the home directory of some low-privileged users
a directory list (in RTMT field is named 'Download Directory Path'): each download has its own directory so scheduled downloads can be checked and obsole copies can be removed easily
- if daily cdr download fails for some reason it is automatically recovered with a weekly download
- this has been decided as failed tasks are not repeatedly triggered at a future date by Cisco UCM and with RTMT you cannot configure an offset daily schedule task (schedule wizard just provides a field 'Collect Files generated in the last')

<SFTP>
<ServerList>
<Server>
123.12.123.12
</Server>
</ServerList>
<UserNameList>
<UserName>
cucm-cdr
</UserName>
<UserName>
cucm-audit
</UserName>
</UserNameList>
<DirList>
<Dir>
audit
</Dir>
<Dir>
cdr-daily
</Dir>
<Dir>
cdr-weekly
</Dir>
</DirList>
</SFTP>

jeremiah88 · ‎02-07-2015

Ok, so I feel like a moron! I was over thinking this issue, and I misunderstood. the file path you were referring to is on the client that RTMT is installed on, not on the CUCM. I was using an account that did not have local admin rights to the client PC. I ran the program with an admin account, and the issue went away.