Changing the service account for the epops-agent in VMware vRealize Operations Manager 6.1.x EndPoint
search cancel

Changing the service account for the epops-agent in VMware vRealize Operations Manager 6.1.x EndPoint

book

Article ID: 340144

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article provides the steps to safely change a service account for the epops-agent.

Symptoms:
  • The epops-agent is installed with an account that needs to be changed.
  • The epops-agent is running using an incorrect account.


Environment

VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.5.x
VMware vRealize Operations Manager 6.6.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.3.x

Resolution

After installing an EndPoint Operations agent on Linux OS using RPM, there are two commands that can be used to start the agent.  Choose once of the below options to start the agent:

  1. service epops-agent start
  2. EPOPS_AGENT_HOME/bin/ep-agent.sh start
Note: Either option can be run as the root user, or the custom guest user used during installation

The first time the agent is started it creates new files and folders in various locations. The owner of the new files and folders depends on the method used (i.e. #1 or #2).

  1. Service: New files and folders will be associated with the user epops.
  2. Shell Script: New files and folders will be associated with the current user.

As a result the service or shell script will only work using the method that was chosen in the initial phase.

For example, if the agent was started using the ep-agent.sh script, the user would not be able to control the agent using service commands.

To resolve the issue, stop the epops-agent and then perform one of these alternatives:

  • Re-install the agent completely.
  • Modify the epops-agent service so it will run as the user who initiated the first service run.
    • Using a text editor, open the /etc/init.d/epops-agent file and find the RUN_AS_USER=epops line.
    • Change the user name to the correct one. For example, if the first attempt to start the service was made with the user root, change it to RUN_AS_USER=root.
  • Give full access rights (permissions) to these files and folders:
    • The EPOPS_AGENT_HOME folder and its subdirectories.
    • /etc/default/epops-agent
    • /etc/epops/

Note: EPOPS_AGENT_HOME is the full path to the EndPoint Operations agent installation directory.

This example script can be used to perform the fix if the EndPoint Operations agent has been started using the ep-agent.sh and you want to switch to service mode:

Sample script

#!/bin/sh
# The full path to the EP Ops agent installation directory
EPOPS_AGENT_HOME=/opt/vmware/epops-agent/
RUN_AS_USER=epops
RUN_AS_USER_GROUP=epops

chown -R $RUN_AS_USER:$RUN_AS_USER_GROUP $EPOPS_AGENT_HOME
chown -R $RUN_AS_USER:$RUN_AS_USER_GROUP /etc/default/epops-agent
chown -R $RUN_AS_USER:$RUN_AS_USER_GROUP /etc/epops/
echo "Done"