Sudo permissions needed for Infrastructure agent

book

Article ID: 207108

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

I have been asked for the permissions required to run the Infrastructure agent with host bundle (SystemEdge) as a non-root user and gather all the default information.  Do you have such a list or can you provide documentation on what is needed?

 

Environment

Release : 20.2

Component : APM Agents

Resolution

APMIA

To run the APMIA with non- root user for MQ monitoring

https://knowledge.broadcom.com/external/article?articleId=189113

 

We want to manually install and run the APM Infrastructure Agent as non root - how can we run this as a service?

https://knowledge.broadcom.com/external/article?articleId=129142

If the APMIA has not been installed and a service created then it can be started using the force_start option and this can be incorporated into a service start script.

Sysedge

Installing SystemEDGE with a non root equivalent account is not supported. 

The effective permissions for SysEdge will be root. There is no way around that. 

There is a Privileged Separation user option that can be enabled. 

With the privilege separation option the network portion of the agent is switching to non-root account after the startup, but all the data collection is always performed as root. 

https://knowledge.broadcom.com/external/article/35714/how-can-i-configure-systemedge-to-use-a.html
SystemEDGE is single threaded - so its either updating the contents of the MIB or responding to SNMP requests but it cannot do both at the same time so that is where this switching comes into play.   

There are certain OS metrics that cannot be retrieved without non root which is why this decision was made.