Unable to add a host - err state

First time setting up OpenNebula, having issues adding an Alma Linux 8.10 KVM / LXC host. Same outcome on both hosts, I can SSH between the hosts and the Front End. Followed the guides in OpenNebula 6.10 Documentation — OpenNebula 6.10.2 documentation

Tried using FQDN and IP, getting this error in ‘/var/log/one/monitor.log’

"Sat Jan 11 19:50:49 2025 [Z0][MDP][I]: Error executing monitord-client_control.sh: ruby: Operation not permitted – /var/tmp/one/im/lxc.d/monitord-client.rb (LoadError)
Sat Jan 11 19:50:51 2025 [Z0][MDP][I]: Command execution failed (exit code: 1): ‘if [ -x “/var/tmp/one/im/run_monitord_client” ]; then /var/tmp/one/im/run_monitord_client lxc 5 192.168.40.40; else exit 42; fi’
Sat Jan 11 19:50:51 2025 [Z0][MDP][I]: Error executing monitord-client_control.sh: ruby: Operation not permitted – /var/tmp/one/im/lxc.d/monitord-client.rb (LoadError)
Sat Jan 11 19:50:51 2025 [Z0][MDP][W]: Start monitor failed for host 5: Error executing monitord-client_control.sh: ruby: Operation not permitted – /var/tmp/one/im/lxc.d/monitord-client.rb (LoadError)
Sat Jan 11 19:50:51 2025 [Z0][HMM][E]: Unable to monitor host id: 5
Sat Jan 11 19:50:51 2025 [Z0][HMM][D]: Updated Host 5, state ERROR
"

On the host, when I try to interact I get the following:

head -n 1 /var/tmp/one/im/kvm.d/monitord-client.rb
head: cannot open ‘/var/tmp/one/im/kvm.d/monitord-client.rb’ for reading: Operation not permitted

Adding the oneadmin account to wheel solves that, but I believe that’s not the answer

sudo head -n 1 /var/tmp/one/im/kvm.d/monitord-client.rb
#!/usr/bin/env ruby

Tried disabling SELinux, and modifying the permissions, but still nothing

ls -l /var/tmp/one/im/kvm.d/monitord-client.rb
-rw-r-----. 1 oneadmin oneadmin 8940 Aug 27 17:22 /var/tmp/one/im/kvm.d/monitord-client.rb

Any ideas?

The oneadmin user needs to be able to start that script on the host. This script triggers the monitoring process which should lead to the host information being reported. Please review the LXC node setup to find out why there are permissions issues.