Problem:Reports cannot be exported automatically to external SFTP server, as configured under InSight, due to an error "Permission denied" in Insight logs.
Found in Version: 6.6.0
Issue:
First report will be created in the SFTP server successfully. However, when the report is run again, SFTP upload will fail with the above error message. If the directory and files is deleted on the external SFTP server, ClearPass will be able to create the report directory and upload the file successfully.
Expected Behavior:
When report is configured to be exported automatically to SFTP server, for the very first time ClearPass will attempt to create a folder with the report name (any spaces will be replaced by hyphen). Inside this folder, report.tar.gz file will be created. When the report is ran again during the next schedule or ran for a different time frame, ClearPass should uploaded the tar.gz file under the same directory (directory created in the name of report name).
Diagnostics:When the report is generated again, ClearPass will attempt to upload the file in SFTP server with wrong path as shown in the screenshot below.
Log snippet of insight.log file:
2016-06-22 02:12:18,187 ERROR Failed to sftp/scp report:Test Copy
Traceback (most recent call last):
File "/usr/local/avenda/tips/insight/lib/report/run.py", line 369, in remote_copy
fileserver.sftp(fs, tgz, remote_dir, remote_path)
File "/usr/local/avenda/tips/insight/lib/report/fileserver.py", line 54, in sftp
sftp.put(src_file, remote_path)
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 669, in put
return self.putfo(fl, remotepath, file_size, callback, confirm)
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 621, in putfo
with self.file(remotepath, 'wb') as fr:
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 327, in open
t, msg = self._request(CMD_OPEN, filename, imode, attrblock)
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 729, in _request
return self._read_response(num)
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 776, in _read_response
self._convert_status(msg)
File "/usr/lib/python2.6/site-packages/paramiko-1.15.2-py2.6.egg/paramiko/sftp_client.py", line 804, in _convert_status
raise IOError(errno.EACCES, text)
IOError: [Errno 13] Permission denied
SolutionSolution:
This is due to the wrong root directory specified in the Insight configuration. If the 'Root Directory' path is specified with '\' (back slash) instead of '/' (forword slash), then ClearPass will attempt to send the file as "SFTP /tmp/tmpmA1GK1.tgz -> 10.17.168.170:\Test-Copy\21-Jun-2016_20-42-14". Hence the SFTP PUT request wil be sent as "Test-Copy/\Test-Copy\21-June-2016_20-42.tgz". Due to this conflict, SFTP rejects this request and ClearPass logs the failure as permission denied.
Wrong configuration:
Correct Configuration: