Services run as root after upgrading to/installingPerformance Center to 25.4.4-25.4.6
search cancel

Services run as root after upgrading to/installingPerformance Center to 25.4.4-25.4.6

book

Article ID: 436342

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

Performance Management services run as root even when a non-root installation owner is specified during the upgrade or fresh install to version 25.4.4-25.4.6

SYMPTOMS:

  • Upgrade completes successfully.

  • Installation owner is correctly identified in install logs (e.g., [system-id]).

  • System processes run under root privileges despite configuration.

IMPACT: Security compliance risk due to services running with elevated root privileges.

Environment

Products: Performance Management 25.4.4 to 25.4.6

Environment

  • Installation Owner: Non-root (e.g., [system-id])

Cause

The new Tanuki wrapper version failed to include necessary changes to the App.sh.ini template. The installer fails to replace the [email protected]@ placeholder with the $INSTALL_OWNER$ value in the caperfcenter service files, causing services to default to root.

Resolution


The resolution for this issue is currently targeted for DX NetOps 25.4.7

Note that this is subject to change, and there are no release dates which can be provided at this time.

There is a list of fixed issues in the documentation which is updated with each release.

You can sign up for notifications in your support account to be notified when new DX NetOps releases are available:

 

 WORKAROUND


    1. LOCATE SERVICE CONFIGURATION FILES: Navigate to the binary directories for the following four services:

    • /opt/CA/PerformanceCenter/PC/bin/caperfcenter_console

    • /opt/CA/PerformanceCenter/EM/bin/caperfcenter_eventmanager

    • /opt/CA/PerformanceCenter/sso/bin/caperfcenter_sso

    • /opt/CA/PerformanceCenter/DM/bin/caperfcenter_devicemanager

    • /opt/CA/PerformanceCenter/PA/bin/netops_productanalytics   

        MODIFY RUN_AS_USER SETTING: Edit each of the four files listed in Step 1.

        Search for the following line: #RUN_AS_USER=

        Uncomment the line and add the correct non-root installation owner: RUN_AS_USER=[system-id]

    2. LOCATE SERVICE CONFIGURATION FILES: Navigate to the binary directories for the following four services:

    • /etc/systemd/system/caperfcenter_console.service

    • /etc/systemd/system/caperfcenter_eventmanager.servoce

    • /etc/systemd/system/caperfcenter_sso.service

    • /etc/systemd/system/caperfcenter_devicemanager.service

    • /etc/systemd/system/netops_productanalytics.service


         Add the following to the "[Service]" section:

             User=[system-id]

        In the /etc/systemd/system/caperfcenter_console.service also add the following to the same section:

              AmbientCapabilities=CAP_NET_BIND_SERVICE

  3. Make sure any log files are owned by the [system-id] user:

     cd <installDir>

     chown -R [system-id-user] PerformanceCenter    
   

  3. RESTART SERVICES: Restart the modified services to apply changes (mysql does not need to be restarted)

EXPECTED: Services run under the [system-id] account instead of root.

VERIFY SUCCESS:

  • Execute 'ps -ef | grep caperfcenter' to check process owners.

  • Confirm all services show [system-id] in the user column.

  • Verify system functionality remains stable.

Powered by Wolken Software