seosd running in Real Time priority in Redhat versions above 7.0
search cancel

seosd running in Real Time priority in Redhat versions above 7.0

book

Article ID: 380538

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PAM SC 14.1 documentation states the following

To start seosd with a real-time priority on newer Linux distributions with active cgroups, the native /usr/bin/cgexec binary must be present. The native binary is normally contained in the libcgroup-tools rpm.

However libcgroup has been deprecated in higher versions of Redhat, notably in versions above 7.7

This document discusses how seosd runs in real time priority (RT) in the latest versions of RHEL

Environment

CA PAM SC 14.1.X on RHEL versions above 7.7

Resolution

While RT is a feature present in all recent Linux kernels, it depends on tools that can be packaged differently by different vendors and user-space area also still changes

 

To clarify this subject:

  1.  PAM SC and PIM normally run seosd at real-time priority to ensure that any requests are processed ASAP and some other block cannot block seosd and cause apps or the system to freeze.
  2. To see if seosd is running at real-time priority run and anything is needed at all execute:

/root> ps -e -o rtprio,pri,comm | sed -n '1p;/seosd/p'
RTPRIO PRI COMMAND
   98 138 seosd

 

If you there is number in the RTPRIO column for seosd, it is already running at RT priority and nothing has to be done.  

seosd is likely to run like this even on newest distributions, e.g., RHEL 9.2, where cgroups component are installed by default, unless one creates and enables actual cgroups and uses CPU allocations.

 

  1. 3.  If seosd does not run at RT on Linux, then cgroups with CPU allocations must be actually be used and seosd needs to be started in its own group that is allowed to run at RT by creating an appropriate CPU allocation.  In that case, it has to be started in its group via the cgexec binary, which is packaged in libcgroup-tools rpm.

PAM SC installation already displays a note with a similar explanation than this one:

 

/tmp> rpm -U CAeAC-1500-0.478.x86_64.rpm

                   Copyright © 2009-2024 Broadcom.
                         All rights reserved                          
                                                                       

Installation complete.
Check seos.ini file for the right configuration.
Installation process messages have been logged in /opt/CA/PAMSC/install.log.

Legal Notice: CA Privileged Access Manager Server Control 1500 may use Wildfly Application Server v.8.2.1
and Wildfly v.12.0.0 service scripts, which are licensed under the Lesser General Public License (LGPL).
Copies of Wildfly Application Server v.8.2.1, Wildfly v.12.0.0 service scripts and the LGPL are provided 
by a separate installation. Use of Wildfly Application Server v.8.2.1 and
Wildfly v.12.0.0 service scripts is subject to the terms of the LGPL as set forth in such installation.

Transferring token settings from the pre-upgrade seos.ini file

NOTE: Make sure the /usr/bin/cgexec binary is present on the system 
     so that seosd can be started to run at real-time priority when               <---  the keyword here is "when" ...
     cgroups are enabled and used.

Please refer to the log file for full information.