| Summary: | Sort out agent user and process user | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Deon Ballard <dlackey> | ||||||
| Component: | Documentation | Assignee: | Deon Ballard <dlackey> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | JON 3.0.0 | CC: | ccrouch, fbrychta, jshaughn | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | JON 3.1.0 | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2013-09-11 10:59:19 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Attachments: |
|
||||||||
|
Description
Deon Ballard
2012-01-25 16:59:36 UTC
I spent some time investigating this this afternoon. The results were a bit surprising. I started to JBAS6, Tomcat6, and Apache2 instances as root, and then tried to discover them with an Agent running as a regular user. Apache was discovered, but JBAS and Tomcat were not, which surprised me. Looking at the code for the AS4 and AS5 plugins, I can tell we intended to support discovering AS servers running as other users, but alas it doesn't work; I would consider it a bug. I think Tomcat falls in the same boat - I can't think of any reason why we should not be able to discover Tomcat processes running as other users. We discover Apache and Postgres processes running as other users with no issues. As for Process Resources, I was able to manually add Process Resources corresponding to processes running as root with no problems, even though my Agent was running as a regular user. I think we need BZ's for fixing the AS4, AS5, and Tomcat plugins, so they are able to discover server instances running as different users. This should not be a huge effort either. I've done some further investigation, and it turns out it's not as bad as I thought. AS4 and AS5 can be discovered even when running as a different user than the Agent, but only if the Agent can read the AS instance's run.jar file (e.g. /home/bob/Applications/jboss/bin/run.jar). On Unix systems this means the Agent user must have execute/search permission on all ancestor directories of run.jar, i.e.: /home/ /home/bob/ /home/bob/Applications/ /home/bob/Applications/jboss/ /home/bob/Applications/jboss/bin/ and it also must have read permission for the run.jar file itself. The search permissions requirement is not obvious, except for Unix gurus. We should improve our logging in the AS4 and AS5 plugins, so they log informative warnings in cases where run.jar cannot be accessed, e.g.: [WARN] /home/bob/Applications/jboss/bin/run.jar is not accessible. Please make sure the file is readable by the user the Agent is running as (ips). In addition, make sure all of its ancestor directories (/home/, /home/bob/, /home/bob/Applications/, /home/bob/Applications/jboss/, and /home/bob/Applications/jboss/bin/) are executable/searchable by ips. I'll create a BZ for adding this improved logging. As for Tomcat, it does not discover Tomcat instances running as other users, even when the Agent can read all files in the Tomcat install. I consider this a bug, and I'll create a BZ for it. Setting the target to 3.1. Somewhat related, see bug 790753. Assigning to Ian for review. Created attachment 587447 [details]
agent and resource users
Ian,
Just review the docs, mark it up (track changes should be on), and re-attach it here.
If anything is missing, insert a note, and I'll write the new content.
Thanks!
Deon
P.S. As per normal, I haven't spell-checked yet. I always do that last, after all the changes are done.
Created attachment 589964 [details]
reviews Agent user docs
|