Release Automation

Expand all | Collapse all

RA agents unable to start on RHEL 7 servers as non root users

Jump to Best Answer
  • 1.  RA agents unable to start on RHEL 7 servers as non root users

    Posted 11-08-2018 03:16 PM

    RA agents installed on RHEL 7 servers and configured to run as a user which isn't root are unable to be start, and throw an error like this:

    root@ip-192-168-121-223 PROD # ./deployer_daemon.sh start -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied root@ip-192-168-121-223 PROD # ./deployer_daemon.sh restart -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied

    Rebooting the server doesn't help and the agent does not auto start when the server comes back up after reboot.

    I have followed the setup/install steps from the DocOps wiki Deploy Agents - CA Release Automation - 6.5 - CA Technologies Documentation , steps followed are detailed below

     

    1. Install agent using script 

    nolio-linux-x64-6.5.0.10007.sh

    (answering prompts to get successful install)

     

    2. Remove the installed service

    root@ip-192-168-121-223 PROD # cd /apps/Nolio/NolioAgent/ root@ip-192-168-121-223 PROD # ./deployer_daemon.sh remove Stopping Nolio Deployer Agent Service... Stopped Nolio Deployer Agent Service. Detected RHEL or Fedora: Removing Nolio Deployer Agent Service daemon... Note: Forwarding request to 'systemctl disable nolioagent.service'. Removed symlink /etc/systemd/system/multi-user.target.wants/nolioagent.service.

     

    3. Edit conf/deployer_configuration.sh to set RUN_AS_USER=sysnoliounix

     

    4. Install the Nolio Agent service again

    root@ip-192-168-121-223 PROD # ./deployer_daemon.sh install Detected RHEL or Fedora: Installing the Nolio Deployer Agent Service daemon.. Writing nolioagent.service file... Created symlink from /etc/systemd/system/multi-user.target.wants/nolioagent.service to /etc/systemd/system/nolioagent.service.

     

    5. Try to use deployer_daemon.sh to start/restart and get the error message

    root@ip-192-168-121-223 PROD # ./deployer_daemon.sh start -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied root@ip-192-168-121-223 PROD # ./deployer_daemon.sh restart -bash: /apps/Nolio/NolioAgent/./deployer_daemon.sh: Permission denied

     

    RHEL version is

    root@ip-192-168-121-223 PROD # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.5 (Maipo)


  • 2.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Broadcom Employee
    Posted 11-09-2018 01:37 AM

    Hi,

     

    RHEL 7.5 is not certified officially.

    System Requirements - CA Release Automation - 6.5 - CA Technologies Documentation 

     

    If you need, please vote here.

    CA RA - OS Platform compatibility with RHEL 7.5 

     

    By the way, it seems you tried to run the agent by root in step 5.  Please re-login with sysnoliounix and try to start it.

     

    Thanks

    Yas



  • 3.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Posted 11-13-2018 11:15 AM

    I have tried on RHEL 7.4 as well, get the same error and the agent cannot start. Also tried using sudo to run the deployer_daemon start script as sysnoliounix as well as root, both failed

     

    1. Install agent using script 

    nolio-linux-x64-6.5.0.10007.sh

    (answering prompts to get successful install)

     

    2. Created the user and group required (note this was done in the instructions as part of the original post but wasn't mentioned in the steps)

    root@ip-192-168-121-134 PROD #useradd sysnoliounix root@ip-192-168-121-134 PROD #groupadd uGLBsysnoliounix root@ip-192-168-121-134 PROD #usermod -g uGLBsysnoliounix sysnoliounix

     

    3. Remove the installed service

    root@ip-192-168-121-223 PROD # cd /apps/Nolio/NolioAgent/ root@ip-192-168-121-223 PROD # ./deployer_daemon.sh remove Stopping Nolio Deployer Agent Service... Stopped Nolio Deployer Agent Service. Detected RHEL or Fedora: Removing Nolio Deployer Agent Service daemon... Note: Forwarding request to 'systemctl disable nolioagent.service'. Removed symlink /etc/systemd/system/multi-user.target.wants/nolioagent.service.

     

    3. Edit conf/deployer_configuration.sh to set RUN_AS_USER=sysnoliounix

     

    4. Change owner of the directory and files to sysnoliounix account

    root@ip-192-168-121-134 PROD # chown -R sysnoliounix:uGLBsysnoliounix /apps/Nolio/NolioAgent/

     

    5. Install nolio agent service

    root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh install Detected RHEL or Fedora: Installing the Nolio Deployer Agent Service daemon.. Writing nolioagent.service file... Created symlink from /etc/systemd/system/multi-user.target.wants/nolioagent.service to /etc/systemd/system/nolioagent.service.

     

    6. Trying to start service fails

    root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh start -bash: /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied root@ip-192-168-121-134 PROD # sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh start sudo: unable to execute /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied

     

    OS version

    root@ip-192-168-121-134 PROD # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo)


  • 4.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Broadcom Employee
    Posted 11-13-2018 01:10 PM

    Hi Luke,

     

    It almost looks like sudo is being used somewhere and its unable. Maybe try and manually run: 

    sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh

     

    I don't know if sudo is preventing root from doing this (never seen that) or if maybe the user (sysnoliounix) is somehow being restricted via sudoers. If you try and login as sysnoliounix then can it start the agent?

     

    Regards,

    Gregg



  • 5.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Posted 11-13-2018 02:05 PM

    I tried running sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh, it's in point 6 in my reply above, but it's hidden by the scroll bar to the right because the carriage returns didn't come through on the copy and paste for some reason.

    root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh start
    -bash: /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied
    root@ip-192-168-121-134 PROD # sudo -u sysnoliounix /apps/Nolio/NolioAgent/deployer_daemon.sh start
    sudo: unable to execute /apps/Nolio/NolioAgent/deployer_daemon.sh: Permission denied

    I can't login as the account, we don't know have the password for it. I'm also doing this as part of an automated agent install process through Chef and there could be many different accounts which are used to run the agents, sysnoliounix is just an example account.

     

    This automated Chef install process works on RHEL6 servers, when it runs the deployer_daemon.sh as root it starts/restarts the agent successfully.

    root@ip-192-168-121-168 DEV # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.9 (Santiago)
    root@ip-192-168-121-168 DEV # /apps/Nolio/NolioAgent/deployer_daemon.sh stop Stopping Nolio Deployer Agent Service... Stopped Nolio Deployer Agent Service.
    root@ip-192-168-121-168 DEV # service nolioagent status Nolio Deployer Agent Service is not running.
    root@ip-192-168-121-168 DEV # /apps/Nolio/NolioAgent/deployer_daemon.sh start Starting Nolio Deployer Agent Service... Waiting for Nolio Deployer Agent Service...... running: PID:5463
    root@ip-192-168-121-168 DEV # service nolioagent status Nolio Deployer Agent Service is running: PID:5463, Wrapper:STARTED, Java:STARTED
    root@ip-192-168-121-168 DEV #


  • 6.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Broadcom Employee
    Posted 11-13-2018 02:32 PM

    Sorry, I thought that was part of the output. I didn't realize it was a separate attempt to start the agent.

     

    If you're logged in as root then you could probably run the command: su - sysnoliounix

    And then cd to the RAAgentInstallFolder and try running: ./deployer_daemon.sh start

     

    What are the permissions for that RAAgentInstallFolder, its files and immediate subfolders?

     

    Regards,
    Gregg



  • 7.  Re: RA agents unable to start on RHEL 7 servers as non root users
    Best Answer

    Posted 11-13-2018 04:46 PM

    Thanks, that was useful and helped me find what was causing the problem. After I logged in as sysnoliounix with su - sysnoliounix I couldn't cd to /apps/Nolio, I got permissions denied

    sysnoliounix@ip-192-168-121-134 PROD $ cd /apps/Nolio/
    -bash: cd: /apps/Nolio/: Permission denied

    Looking at the permissions and /apps/Nolio is owned by root and has permissions 750, so isn't readable by sysnoliounix

    sysnoliounix@ip-192-168-121-134 PROD $ ls -la /apps/
    total 44
    drwxr-xr-x.  8 root root  4096 Nov 13 15:45 .
    drwxr-xr-x. 20 root root  4096 May  2  2018 ..
    drwxr-xr-x.  2 root root  4096 May  2  2018 cloud
    drwxr-xr-x.  5 root root  4096 May  2  2018 confuse-2.6
    drwxr-xr-x.  7 root root  4096 May  2  2018 galaxy
    drwxr-xr-x.  8 root root  4096 May  2  2018 ganglia-3.1
    drwx------.  2 root root 16384 May  2  2018 lost+found
    drwxr-x---.  3 root root  4096 Nov 13 15:45 Nolio

    The NolioAgent folder underneath this (/apps/Nolio/NolioAgent) also has permissions 750 but is owned by sysnoliounix:uGLBsysnoliounix so is ok

    root@ip-192-168-121-134 PROD # ls -la /apps/Nolio/
    total 12
    drwxr-xr-x.  3 root         root             4096 Nov 13 15:45 .
    drwxr-xr-x.  8 root         root             4096 Nov 13 15:45 ..
    drwxr-x---. 16 sysnoliounix uGLBsysnoliounix 4096 Nov 13 15:47 NolioAgent

    I changed permissions on /apps/Nolio to 755 and after that could run deployer_daemon to restart the agent, and I'm able to run this as root which is what I need. The agent is also started and runs as the correct user

    root@ip-192-168-121-134 PROD # /apps/Nolio/NolioAgent/deployer_daemon.sh restart
    Stopping Nolio Deployer Agent Service...
    Stopped Nolio Deployer Agent Service.
    Starting Nolio Deployer Agent Service...
    Waiting for Nolio Deployer Agent Service......
    running: PID:1142
    root@ip-192-168-121-134 PROD # ps -ef | grep Nolio
    sysnoli+  1142     1  0 21:38 ?        00:00:00 /apps/Nolio/NolioAgent/bin/wrapper-linux-x86-64 /apps/Nolio/NolioAgent/conf/wrapper.conf wrapper.syslog.ident=NolioAgent wrapper.pidfile=/apps/Nolio/NolioAgent/./NolioAgent.pid wrapper.name=NolioAgent wrapper.displayname=Nolio Deployer Agent Service wrapper.daemonize=TRUE wrapper.statusfile=/apps/Nolio/NolioAgent/./NolioAgent.status wrapper.java.statusfile=/apps/Nolio/NolioAgent/./NolioAgent.java.status
    sysnoli+  1145  1142 23 21:38 ?        00:00:02 /apps/Nolio/NolioAgent/jre/bin/NolioAgent -Djava.ext.dirs=./jre/lib/ext:./lib:./libNoUpgrade:./lib/ext:./lib/db -Duser.country=US -Duser.language=en -Djava.library.path=./lib:./bin -classpath ./lib/wrapper.jar -Dwrapper.key=AiL3F9kuwhbWIzFSlIIHBjzWBp-Y3jYd -Dwrapper.port=32001 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.disable_console_input=TRUE -Dwrapper.pid=1142 -Dwrapper.version=3.5.24-pro -Dwrapper.native_library=wrapper -Dwrapper.arch=x86 -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 -Dwrapper.lang.domain=wrapper -Dwrapper.lang.folder=../lang com.nolio.platform.deployer.AgentWrapper com.nolio.platform.agent.Deployer
    root      1206 32144  0 21:38 pts/0    00:00:00 grep --color=auto Nolio

     

    I just need to look back at my Chef recipe now and see why/make sure that the permissions on the folders are set appropriately



  • 8.  Re: RA agents unable to start on RHEL 7 servers as non root users

    Broadcom Employee
    Posted 11-13-2018 04:50 PM

    Awesome! Glad it helped. Thanks for the update. I'll go ahead and mark your update as the answer.