Depending on the operating system you are running, the init.d-style script quest-fglam is installed to a different location either by the Agent Manager installer or after you run the script fglam-init-script-installer.sh.
The locations of the installed init.d script (listed by operating system) are as follows:
• |
• |
• |
HP-UX: /sbin/init.d |
• |
NOTE: The location of the init.d script depends only on the type of operating system, not on the specific architecture. For example, the location is the same for HP-UX running on either PA‑RISC or Itanium, or for Oracle Solaris® running on either SPARC or x86. |
In addition to starting or stopping the Agent Manager process, the init.d script allows you to obtain the status of the daemon process when you run the script with the status option. When the status option is specified with the init.d script, the script returns one of the following status codes:
• |
0: The Agent Manager daemon process is running. |
• |
1: The Agent Manager daemon process is dead and a pid file is generated. |
• |
3: The Agent Manager daemon process is not running. |
• |
4: The Agent Manager daemon process status is unknown. |
On UNIX® systems, certain Foglight® agents require elevated privileges in order to gather the required system metrics. This is achieved by having the Agent Manager launch these agents with root privileges.
To give these agents the required access, the Agent Manager is configured to launch these agents using an external application like sudo, setuid_launcher, or any other tool that allows privilege escalation (without a password) and supports the same command‑line semantics as sudo.
NOTE: The tool setuid_launcher is included with the Agent Manager, in the <fglam_home>/bin/setuid_launcher directory. |
Instructions for using sudo and setuid_launcher to give these agents the necessary privileges are provided below.
NOTE: Certain agents that require root privileges to gather a more complete set of system metrics are able to function without these privileges. See the Managing Operating Systems User Guide for more information.
The agent does not collect as much data as when it is run with root privileges. |
This section contains instructions for using sudo to give agents elevated permissions.
1 |
2 |
3 |
Set the path to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer). |
4 |
5 |
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to be run as root by a specific user, without requiring a password, and only for the agents that require root privileges. |
6 |
Ensure that the requiretty option is disabled in the sudoers file. For example, to disable this option for the foglight user, add the following entry to the file: |
7 |
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password. |
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:
http://www.gratisoft.us/sudo/man/sudoers.html#wildcards Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents. |
If these permissions are no longer needed, remove the lines that you added to run fog4_launcher or udp2icmp with root permissions.
1 |
Navigate to <fglam_home>/state/default/config. |
2 |
Open the fglam.config.xml file for editing. |
3 |
Edit the <config:path> element under <config:secure-launcher> to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer). |
4 |
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to run as root by a specific user, without requiring a password, and only for the agents that require root privileges. |
5 |
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password. |
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:
http://www.gratisoft.us/sudo/man/sudoers.html#wildcards Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center