Skip to content

Commit

Permalink
Merge pull request #2856 from EnterpriseDB/content/docs/pem/8.5/updates
Browse files Browse the repository at this point in the history 
PEM 8.5 - updates
  • Loading branch information
@drothery-edb
drothery-edb authored Jun 27, 2022
2 parents 21e1894 + 6bb3a96 commit bb34237
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 23 deletions.
4 changes: 2 additions & 2 deletions product_docs/docs/pem/8/pem_rel_notes/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ The Postgres Enterprise Manager (PEM) documentation describes the latest version

| Version | Release Date | Upstream Merges | Accessibility Conformance |
| ------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------- |
| [8.5.0](03_850_rel_notes) | 23 Jun 2022 | NA | NA |
| [8.5.0](03_850_rel_notes) | 23 Jun 2022 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.4.0](04_840_rel_notes) | 01 Apr 2022 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.3.0](05_830_rel_notes) | 24 Nov 2021 | pgAdmin [5.7](https://www.pgadmin.org/docs/pgadmin4/5.7/release_notes_5_7.html#bug-fixes) | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.2.0](06_820_rel_notes) | 09 Sep 2021 | pgAdmin [5.4](https://www.pgadmin.org/docs/pgadmin4/5.4/release_notes_5_4.html#bug-fixes), [5.5](https://www.pgadmin.org/docs/pgadmin4/5.5/release_notes_5_5.html#bug-fixes), and [5.6](https://www.pgadmin.org/docs/pgadmin4/5.6/release_notes_5_6.html#bug-fixes) | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.1.1](07_811_rel_notes) | 22 Jul 2021 | NA | NA |
| [8.1.1](07_811_rel_notes) | 22 Jul 2021 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.1.0](08_810_rel_notes) | 16 Jun 2021 | pgAdmin [5.0](https://www.pgadmin.org/docs/pgadmin4/5.3/release_notes_5_0.html#bug-fixes), [5.1](https://www.pgadmin.org/docs/pgadmin4/5.3/release_notes_5_1.html#bug-fixes), [5.2](https://www.pgadmin.org/docs/pgadmin4/5.3/release_notes_5_2.html#bug-fixes), and [5.3](https://www.pgadmin.org/docs/pgadmin4/5.3/release_notes_5_3.html#bug-fixes) | [Conformance Report](https://www.enterprisedb.com/accessibility) |
| [8.0.1](09_801_rel_notes) | 3 Mar 2021 | pgAdmin [4.29](https://www.pgadmin.org/docs/pgadmin4/4.29/release_notes_4_29.html#bug-fixes), [4.30](https://www.pgadmin.org/docs/pgadmin4/4.30/release_notes_4_30.html#bug-fixes), and [5.0](https://www.pgadmin.org/docs/pgadmin4/5.3/release_notes_5_0.html#bug-fixes) | NA |
| [8.0.0](10_800_rel_notes) | 9 Dec 2020 | pgAdmin [4.27](https://www.pgadmin.org/docs/pgadmin4/4.29/release_notes_4_27.html#bug-fixes), [4.28](https://www.pgadmin.org/docs/pgadmin4/4.29/release_notes_4_28.html#bug-fixes), and [4.29](https://www.pgadmin.org/docs/pgadmin4/4.29/release_notes_4_29.html#bug-fixes) | [Conformance Report](https://www.enterprisedb.com/accessibility) |
Expand Down
86 changes: 65 additions & 21 deletions product_docs/docs/pem/8/registering_agent.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,43 +97,87 @@ For information about using the pemworker utility to register a server, see [Reg

To use a non-root user account to register a PEM agent, you must first install the PEM agent as a root user. After installation, assume the identity of a non-root user (for example, `edb`) and perform the following steps:

1. Create the `.pem` directory and `logs` directory and assign read, write, and execute permissions to the file:
1. Login as `edb` user. Create `pem` and `logs` directories and assign read, write, and execute permissions:

```shell
mkdir /home/<edb>/.pem
mkdir /home/<edb>/.pem/logs
chmod 700 /home/<edb>/.pem
chmod 700 /home/<edb>/.pem/logs
$ mkdir /home/edb/pem
$ mkdir /home/edb/pem/logs
$ chmod 700 /home/edb/pem
$ chmod 700 /home/edb/pem/logs
```

2. Register the agent with PEM server:

```shell
./pemworker --register-agent --pem-server <172.19.11.230> --pem-user <postgres> --pem-port <5432> --display-name <non_root> --cert-path /home/<edb> --config-dir /home/<edb>

The above command creates agent certificates and an agent configuration file (``agent.cfg``) in the ``/home/edb/.pem`` directory. Use the following command to assign read and write permissions to these files:

``chmod -R 600 /home/edb/.pem/agent*``
$ export PEM_SERVER_PASSWORD=edb

# Use the following command to create agent certificates and an agent
# configuration file (`agent.cfg`) in the `/home/edb/pem` directory.
$ /usr/edb/pem/bin/pemworker --register-agent --pem-server <172.19.11.230> --pem-user postgres --pem-port 5432 --display-name non_root_pem_agent --cert-path /home/edb/pem --config-dir /home/edb/pem

# Use the following command to assign read and write permissions to
# these files:
$ chmod -R 600 /home/edb/pem/agent*
```

3. Change the parameters of the `agent.cfg` file:

```ini
agent_ssl_key=/home/edb/.pem/agent<id>.key
agent_ssl_crt=/home/edb/.pem/agent<id>.crt
log_location=/home/edb/.pem/worker.log
agent_log_location=/home/edb/.pem/agent.log
$ vi /home/edb/pem/agent.cfg
agent_ssl_key=/home/edb/pem/agent<id>.key
agent_ssl_crt=/home/edb/pem/agent<id>.crt
log_location=/home/edb/pem/worker.log
agent_log_location=/home/edb/pem/agent.log
```

4. Update the values for the configuration file path and the user in the `pemagent` service file:
Where `<id>` is the assigned PEM agent ID.

4. Create a `tmp` directory, set the environment variable and start the agent:

```ini
User=edb
ExecStart=/usr/edb/pem/agent/bin/pemagent -c /home/edb/.pem/agent.cfg
$ mkdir /home/edb/pem/tmp

# Create a script file, add the environment variable, give permissions, and execute:
$ vi /home/edb/pem/run_pemagent.sh
#!/bin/bash
export TEMP=/home/edb/agent/tmp
/usr/edb/pem/agent/bin/pemagent -c /home/edb/agent/etc/agent.cfg
$ chmod a+x /home/edb/pem/run_pemagent.sh
$ cd /home/edb/pem
$ ./run_pemagent.sh
```

5. Stop the agent process, and then restart the agent service using the non-root user:
```shell
sudo systemctl start/stop/restart pemagent
```
Your PEM agent is now registered and started with `edb` user. If your machine restarts then this agent does not restart automatically and you need to start it manually using the previous command.

5. Optionally, you can create the service for this PEM agent as root user to start this agent automatically at machine restart as follows:

a. Update the values for the configuration file path and the user in the `pemagent` service file as superuser:

```ini
$ sudo vi /usr/lib/systemd/system/pemagent.service
User=edb
Group=edb
WorkingDirectory=/home/edb/pem/agent
Environment=LD_LIBRARY_PATH=/usr/edb/pem/agent/lib
Environment=TEMP=/home/edb/pem/agent/tmp
ExecStart=/usr/edb/pem/agent/bin/pemagent -c /home/edb/pem/agent.cfg
```

b. Stop the running agent process, and then restart the agent service:

```shell
# Find the process id of the running pem agent and pem worker process and kill that process
$ ps -ax | grep pemagent
$ kill -9 <process_id_of_pemagent>
$ ps -ax | grep pemworker
$ kill -9 <process_id_of_pemworker>
# Start the pem agent services as superuser
$ sudo systemctl enable pemagent
$ sudo systemctl start pemagent
$ sudo systemctl status pemagent
```

6. Check the agent status on PEM dashboard.

!!! Note
Any probes and jobs that require root permission or the file access owned by another user (for example, enterprisedb), will fail.

0 comments on commit bb34237

Please sign in to comment.