RA agents installed on RHEL 7 servers and configured to run as a user which isn't root are unable to be start, and throw an error like this:
root@ip-192-168-121-223 PROD # ./deployer_daemon.sh start -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied root@ip-192-168-121-223 PROD # ./deployer_daemon.sh restart -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied
Rebooting the server doesn't help and the agent does not auto start when the server comes back up after reboot.
I have followed the setup/install steps from the DocOps wiki Deploy Agents - CA Release Automation - 6.5 - CA Technologies Documentation , steps followed are detailed below
1. Install agent using script
(answering prompts to get successful install)
2. Remove the installed service
root@ip-192-168-121-223 PROD # cd /apps/Nolio/NolioAgent/ root@ip-192-168-121-223 PROD # ./deployer_daemon.sh remove Stopping Nolio Deployer Agent Service... Stopped Nolio Deployer Agent Service. Detected RHEL or Fedora: Removing Nolio Deployer Agent Service daemon... Note: Forwarding request to 'systemctl disable nolioagent.service'. Removed symlink /etc/systemd/system/multi-user.target.wants/nolioagent.service.
3. Edit conf/deployer_configuration.sh to set RUN_AS_USER=sysnoliounix
4. Install the Nolio Agent service again
root@ip-192-168-121-223 PROD # ./deployer_daemon.sh install Detected RHEL or Fedora: Installing the Nolio Deployer Agent Service daemon.. Writing nolioagent.service file... Created symlink from /etc/systemd/system/multi-user.target.wants/nolioagent.service to /etc/systemd/system/nolioagent.service.
5. Try to use deployer_daemon.sh to start/restart and get the error message
RHEL version is
root@ip-192-168-121-223 PROD # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.5 (Maipo)
RHEL 7.5 is not certified officially.
System Requirements - CA Release Automation - 6.5 - CA Technologies Documentation
If you need, please vote here.
CA RA - OS Platform compatibility with RHEL 7.5
By the way, it seems you tried to run the agent by root in step 5. Please re-login with sysnoliounix and try to start it.
I have tried on RHEL 7.4 as well, get the same error and the agent cannot start. Also tried using sudo to run the deployer_daemon start script as sysnoliounix as well as root, both failed
2. Created the user and group required (note this was done in the instructions as part of the original post but wasn't mentioned in the steps)
root@ip-192-168-121-134 PROD #useradd sysnoliounix root@ip-192-168-121-134 PROD #groupadd uGLBsysnoliounix root@ip-192-168-121-134 PROD #usermod -g uGLBsysnoliounix sysnoliounix
3. Remove the installed service
4. Change owner of the directory and files to sysnoliounix account
root@ip-192-168-121-134 PROD # chown -R sysnoliounix:uGLBsysnoliounix /apps/Nolio/NolioAgent/
5. Install nolio agent service
root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh install Detected RHEL or Fedora: Installing the Nolio Deployer Agent Service daemon.. Writing nolioagent.service file... Created symlink from /etc/systemd/system/multi-user.target.wants/nolioagent.service to /etc/systemd/system/nolioagent.service.
6. Trying to start service fails
root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh start -bash: /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied root@ip-192-168-121-134 PROD # sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh start sudo: unable to execute /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied
root@ip-192-168-121-134 PROD # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo)
It almost looks like sudo is being used somewhere and its unable. Maybe try and manually run:
sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh
I don't know if sudo is preventing root from doing this (never seen that) or if maybe the user (sysnoliounix) is somehow being restricted via sudoers. If you try and login as sysnoliounix then can it start the agent?
I tried running sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh, it's in point 6 in my reply above, but it's hidden by the scroll bar to the right because the carriage returns didn't come through on the copy and paste for some reason.
root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh start-bash: /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission deniedroot@ip-192-168-121-134 PROD # sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh startsudo: unable to execute /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied
I can't login as the account, we don't know have the password for it. I'm also doing this as part of an automated agent install process through Chef and there could be many different accounts which are used to run the agents, sysnoliounix is just an example account.
This automated Chef install process works on RHEL6 servers, when it runs the deployer_daemon.sh as root it starts/restarts the agent successfully.
root@ip-192-168-121-168 DEV # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.9 (Santiago)root@ip-192-168-121-168 DEV # /apps/Nolio/NolioAgent/deployer_daemon.sh stop Stopping Nolio Deployer Agent Service... Stopped Nolio Deployer Agent Service.root@ip-192-168-121-168 DEV # service nolioagent status Nolio Deployer Agent Service is not running.root@ip-192-168-121-168 DEV # /apps/Nolio/NolioAgent/deployer_daemon.sh start Starting Nolio Deployer Agent Service... Waiting for Nolio Deployer Agent Service...... running: PID:5463root@ip-192-168-121-168 DEV # service nolioagent status Nolio Deployer Agent Service is running: PID:5463, Wrapper:STARTED, Java:STARTEDroot@ip-192-168-121-168 DEV #
Sorry, I thought that was part of the output. I didn't realize it was a separate attempt to start the agent.
If you're logged in as root then you could probably run the command: su - sysnoliounix
And then cd to the RAAgentInstallFolder and try running: ./deployer_daemon.sh start
What are the permissions for that RAAgentInstallFolder, its files and immediate subfolders?
Thanks, that was useful and helped me find what was causing the problem. After I logged in as sysnoliounix with su - sysnoliounix I couldn't cd to /apps/Nolio, I got permissions denied
sysnoliounix@ip-192-168-121-134 PROD $ cd /apps/Nolio/-bash: cd: /apps/Nolio/: Permission denied
Looking at the permissions and /apps/Nolio is owned by root and has permissions 750, so isn't readable by sysnoliounix
sysnoliounix@ip-192-168-121-134 PROD $ ls -la /apps/total 44drwxr-xr-x. 8 root root 4096 Nov 13 15:45 .drwxr-xr-x. 20 root root 4096 May 2 2018 ..drwxr-xr-x. 2 root root 4096 May 2 2018 clouddrwxr-xr-x. 5 root root 4096 May 2 2018 confuse-2.6drwxr-xr-x. 7 root root 4096 May 2 2018 galaxydrwxr-xr-x. 8 root root 4096 May 2 2018 ganglia-3.1drwx------. 2 root root 16384 May 2 2018 lost+founddrwxr-x---. 3 root root 4096 Nov 13 15:45 Nolio
The NolioAgent folder underneath this (/apps/Nolio/NolioAgent) also has permissions 750 but is owned by sysnoliounix:uGLBsysnoliounix so is ok
root@ip-192-168-121-134 PROD # ls -la /apps/Nolio/total 12drwxr-xr-x. 3 root root 4096 Nov 13 15:45 .drwxr-xr-x. 8 root root 4096 Nov 13 15:45 ..drwxr-x---. 16 sysnoliounix uGLBsysnoliounix 4096 Nov 13 15:47 NolioAgent
I changed permissions on /apps/Nolio to 755 and after that could run deployer_daemon to restart the agent, and I'm able to run this as root which is what I need. The agent is also started and runs as the correct user
root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh restartStopping Nolio Deployer Agent Service...Stopped Nolio Deployer Agent Service.Starting Nolio Deployer Agent Service...Waiting for Nolio Deployer Agent Service......running: PID:1142root@ip-192-168-121-134 PROD # ps -ef | grep Noliosysnoli+ 1142 1 0 21:38 ? 00:00:00 /apps/Nolio/NolioAgent/bin/wrapper-linux-x86-64 /apps/Nolio/NolioAgent/conf/wrapper.conf wrapper.syslog.ident=NolioAgent wrapper.pidfile=/apps/Nolio/NolioAgent/./NolioAgent.pid wrapper.name=NolioAgent wrapper.displayname=Nolio Deployer Agent Service wrapper.daemonize=TRUE wrapper.statusfile=/apps/Nolio/NolioAgent/./NolioAgent.status wrapper.java.statusfile=/apps/Nolio/NolioAgent/./NolioAgent.java.statussysnoli+ 1145 1142 23 21:38 ? 00:00:02 /apps/Nolio/NolioAgent/jre/bin/NolioAgent -Djava.ext.dirs=./jre/lib/ext:./lib:./libNoUpgrade:./lib/ext:./lib/db -Duser.country=US -Duser.language=en -Djava.library.path=./lib:./bin -classpath ./lib/wrapper.jar -Dwrapper.key=AiL3F9kuwhbWIzFSlIIHBjzWBp-Y3jYd -Dwrapper.port=32001 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.disable_console_input=TRUE -Dwrapper.pid=1142 -Dwrapper.version=3.5.24-pro -Dwrapper.native_library=wrapper -Dwrapper.arch=x86 -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 -Dwrapper.lang.domain=wrapper -Dwrapper.lang.folder=../lang com.nolio.platform.deployer.AgentWrapper com.nolio.platform.agent.Deployerroot 1206 32144 0 21:38 pts/0 00:00:00 grep --color=auto Nolio
I just need to look back at my Chef recipe now and see why/make sure that the permissions on the folders are set appropriately
Awesome! Glad it helped. Thanks for the update. I'll go ahead and mark your update as the answer.