Change non-root user owned Data Aggregator install to root owned install
search cancel

Change non-root user owned Data Aggregator install to root owned install

book

Article ID: 411770

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

Fault Tolerant (FT) Data Aggregator (DA) systems need to run as the same user. This is necessary in order to maintain proper access for both DA's to the shared data directory and it's files.

In this scenario an existing root owned FT DA pair had one DA fail. The host was replaced. The DA was rebuilt using a non-root user in attempts to move off of root owned installs.

The FT DA will fail to start properly in this scenario. We'll commonly see it where the consul service fails to start with messages about problems accessing shared data directory files it requires access to.

To resolve this the existing DA needs to be reinstalled as the non-root user and the shared data directory needs to change access to allow it for the non-root user.

A simpler solution is changing the rebuilt or new DA from non-root to root ownership. Allows existing shared data directory access to function without change.

Environment

All supported Network Observability DX NetOps Performance Management releases

Cause

Mistakenly installed the FT DA as the wrong user.

Resolution

Follow these steps to switch a FT DA from non-root install owner to root ownership.
 
  1. Stop the services. Set the target DA to maintenance and stop both consul and consul-ext services.
      1. /opt/IMDataAggregator/scripts/dadaemon maintenance
      2. systemctl stop consul
      3. systemctl stop consul-ext
      4. Use "systemctl status <serviceName>" for daedaemon, activemq, consul and consul-ext, as well as "ps -ef | grep IMD" to confirm the services are down.
  2. Add the consul user required with this command. It is the same command the installer uses. Normally root owned installs create the consul user in the system through the installer. Non-root owned installs use the non-root user as the consul user and does not create a consul user.
    • useradd -M consul
  3. Change install home for the DA install home to root with this command:
    • Sample:
      • chown -R root.root <install-directory>
    • Example using default install home:
      • chown -R root.root /opt/IMDataAggregator
  4. Change the consul directory to consul user ownership.
    • Sample:
      • chown -R consul <install-directory>/consul 
    • Example using default install home:
      • chown -R consul /opt/IMDataAggregator/consul
  5. Set the da.user variable value in the /etc/DA.cfg to use root. Save the changes.
  6. Set the User variable value in the /etc/systemd/system/dadaemon.service file to use the root user. Save the changes.
  7. Set the User variable value in the /etc/systemd/system/activemq.service file to use the root user. Save the changes.
  8. Set the User variable value in the /etc/systemd/system/consul.service file to use the consul user. Save the changes.
  9. Run the following command to reload the systems services:
    • systemctl daemon-reload
  10. Start the consul and consul-ext services.
    • systemctl start consul
    • systemctl start consul-ext
  11. Run activate on the DA to set it to a Ready state.
    • /opt/IMDataAggregator/scripts/dadaemon activate

Additional Information

These steps could be used for a single DA owner change. It is nearly the same just remove the consul related changes.

Powered by Wolken Software