Chat now with support
Chat with Support

Foglight Agent Manager 5.9.3 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Using sudo to configure secure launcher permissions

Using sudo to configure secure launcher permissions

This section contains instructions for using sudo to give agents elevated permissions.

2
Navigate to the Configure Secure Launcher or Secure Launcher step.
3
Set the path to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer).
5
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to be run as root by a specific user, without requiring a password, and only for the agents that require root privileges.
For example, to allow the user foglight to execute fog4_launcher for two specific agents without being prompted for a password:
6
Ensure that the requiretty option is disabled in the sudoers file. For example, to disable this option for the foglight user, add the following entry to the file:
7
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password.
For detailed examples of how to edit the sudoers file to restrict the granted permissions to a specific set of agents, see the Foglight for Infrastructure User and Reference Guide.
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:

http://www.gratisoft.us/sudo/man/sudoers.html#wildcards

Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents.

If these permissions are no longer needed, remove the lines that you added to run fog4_launcher or udp2icmp with root permissions.

1
Navigate to <fglam_home>/state/default/config.
2
Open the fglam.config.xml file for editing.
3
Edit the <config:path> element under <config:secure-launcher> to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer).
4
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to run as root by a specific user, without requiring a password, and only for the agents that require root privileges.
For example, to allow the user foglight to execute fog4_launcher for two specific agents without being prompted for a password:
5
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password.
See the Managing Operating Systems User Guide for detailed examples of how to edit the sudoers file to restrict the granted permissions to a specific set of agents.
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:

http://www.gratisoft.us/sudo/man/sudoers.html#wildcards

Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents.

Using setuid_launcher to configure secure launcher permissions

Using setuid_launcher to configure secure launcher permissions

This section contains instructions for using setuid_launcher to give agents elevated permissions.

5
Use the command chmod u+s to set the sticky bit on <fglam_home>/bin/setuid_launcher.
6
Change the owner of <fglam_home>/bin/setuid_launcher to root. This permits the agents that need root privileges to be run as the root user without requiring a password.

If these permissions are no longer needed, issue the following command:

chmod u-s <fglam_home>/bin/setuid_launcher

1
Navigate to <fglam_home>/state/default/config.
2
Open the fglam.config.xml file for editing.
3
Edit the <config:path> element under <config:secure-launcher> to point to your local setuid_launcher executable. This executable is located in <fglam_home>/bin/setuid_launcher.
4
Issue the command chmod u+s to set the sticky bit on <fglam_home>/bin/setuid_launcher.
5
Change the owner of <fglam_home>/bin/setuid_launcher to root. This permits the agents that need root privileges to be run as the root user without requiring a password.

Using the HP patch checking tool

If your database is installed on an HP-UX server, HP® provides a tool for ensuring that all the patches required to run JavaTM on HP-UX are installed.

The tool is available from http://www.hp.com/go/java.

To use the tool, issue the following command:

About Agent Manager installations on AIX

On newly installed AIX® systems, the base operating system can be further customized by the install_assist program provided by IBM®. By default, this program is listed in the /etc/inittab file so that it starts automatically when the system is started.

When install_assist runs automatically, it can interfere with the Agent Manager startup scripts that are installed in /etc/rc.d/rc2.d, and with other startup scripts, such as those provided by OpenSSH.

To prevent install_assist from starting automatically:
1
Edit the /etc/inittab file.

# rmitab install_assist

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating