From fe03905f1447d3de895e995767fd62841aae9622 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:26:03 +0000 Subject: [PATCH 1/9] Clarify which values are optional. Explain that PEM will still create agent users even when pem-agent-user is provided. --- product_docs/docs/pem/9/registering_agent.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index 3c617e4f678..2aef3d97389 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -49,22 +49,22 @@ set PEM_SERVER_PASSWORD=edb | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | | `--pem-user` | The name of the database user having superuser privileges of the PEM backend database server. This parameter is required. | -| `--pem-agent-user` | The agent user to connect the PEM server backend database server. | -| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. | +| `--pem-agent-user` | The user as which the agent will connect to the PEM backend database server. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where N is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | +| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `prefer`. | | `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | | `--force-registration` | Include the `force_registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | -| `--group` | The name of the group in which the agent is displayed. | -| `--team` | The name of the database role on the PEM backend database server with access to the monitored database server. | -| `--owner` | The name of the database user on the PEM backend database server who owns the agent. | +| `--group` | The name of a group inw which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | +| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role and `pem_admin`. This parameter is optional. If omitted, no team will be assigned meaning all users can access this agent. | +| `--owner` | The name of a database user on the PEM backend database server. This user will be used to create the agent. If omitted, the specified `pem-user` will be used. | | `--allow_server_restart` | Enable the `allow_server_restart` parameter to allow PEM to restart the monitored server. The default value is `True`. | | `--allow-batch-probes` | Enable the `allow-batch-probes` parameter to allow PEM to run batch probes on this agent. The default value is `False`. | | `--batch-script-user` | The operating system user to use for executing the batch/shell scripts. The default value is none. The scripts don't execute if you leave this parameter blank or the specified user doesn't exist. | | `--enable-heartbeat-connection` | Enable the `enable-heartbeat-connection` parameter to create a dedicated heartbeat connection between the PEM agent and server to update the active status. The default value is `False`. | | `--enable-smtp` | Enable the `enable-smtp parameter` to allow the PEM agent to send the email on behalf of the PEM server. The default value is `False`. | | `--enable-snmp` | Enable the `enable-snmp parameter` to allow the PEM agent to send the SNMP traps on behalf of the PEM server. The default value is `False`. | -| `-o` | Specifies whether you want to override the configuration file options. | +| `-o` | Used to override the configuration file options. See below for example usage. | !!! Note Allowing the agent to restart the database server If you use any feature of PEM that requires a database server restart by the PEM agent (such as Audit Manager, Log Manager, or the Tuning Wizard), then you must set the value of `allow_server_restart` to `true` in the `agent.cfg` file or restart the server manually for changes to take effect. From ebe99d47ba4d5bcf5f079be8cc0baa863efc7219 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:35:55 +0000 Subject: [PATCH 2/9] Change ssl default --- product_docs/docs/pem/9/registering_agent.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index 2aef3d97389..b1102744668 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -50,7 +50,7 @@ set PEM_SERVER_PASSWORD=edb | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | | `--pem-user` | The name of the database user having superuser privileges of the PEM backend database server. This parameter is required. | | `--pem-agent-user` | The user as which the agent will connect to the PEM backend database server. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where N is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | -| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `prefer`. | +| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | | `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | From 5d344b6a240af4257bfde21eea892a98f46f28df Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:52:05 +0000 Subject: [PATCH 3/9] format N --- product_docs/docs/pem/9/registering_agent.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index b1102744668..a8e0dfbc963 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -49,7 +49,7 @@ set PEM_SERVER_PASSWORD=edb | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | | `--pem-user` | The name of the database user having superuser privileges of the PEM backend database server. This parameter is required. | -| `--pem-agent-user` | The user as which the agent will connect to the PEM backend database server. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where N is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | +| `--pem-agent-user` | The user as which the agent will connect to the PEM backend database server. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | | `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | | `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | From edd570e19cda743867e9dec1c5a505197b2fb778 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:03:34 +0000 Subject: [PATCH 4/9] Further improvements to wording --- product_docs/docs/pem/9/registering_agent.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index a8e0dfbc963..e200b7ac226 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -48,16 +48,16 @@ set PEM_SERVER_PASSWORD=edb |---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | -| `--pem-user` | The name of the database user having superuser privileges of the PEM backend database server. This parameter is required. | -| `--pem-agent-user` | The user as which the agent will connect to the PEM backend database server. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | +| `--pem-user` | The name of a database user with `pem_admin` and `rolcreaterole` roles (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | | `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | +| `--pem-agent-user` | The name of a database user on the PEM backend database server. This user will be used by the agent after registration to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | | `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | | `--force-registration` | Include the `force_registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | | `--group` | The name of a group inw which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | -| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role and `pem_admin`. This parameter is optional. If omitted, no team will be assigned meaning all users can access this agent. | -| `--owner` | The name of a database user on the PEM backend database server. This user will be used to create the agent. If omitted, the specified `pem-user` will be used. | +| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. If omitted, no team will be assigned meaning all users can access this agent. | +| `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. If omitted, the specified `pem-user` will be assigned as the owner. | | `--allow_server_restart` | Enable the `allow_server_restart` parameter to allow PEM to restart the monitored server. The default value is `True`. | | `--allow-batch-probes` | Enable the `allow-batch-probes` parameter to allow PEM to run batch probes on this agent. The default value is `False`. | | `--batch-script-user` | The operating system user to use for executing the batch/shell scripts. The default value is none. The scripts don't execute if you leave this parameter blank or the specified user doesn't exist. | From 34a590f475083034306a2f635109da0ab95dafa6 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:24:48 +0000 Subject: [PATCH 5/9] Update SSL mode and cert path --- product_docs/docs/pem/9/registering_agent.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index e200b7ac226..e0431ff1d76 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -49,9 +49,9 @@ set PEM_SERVER_PASSWORD=edb | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | | `--pem-user` | The name of a database user with `pem_admin` and `rolcreaterole` roles (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | -| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | | `--pem-agent-user` | The name of a database user on the PEM backend database server. This user will be used by the agent after registration to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | -| `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | +| `--pem-ssl-mode` | The [SSL mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION) to be used by the PEM agent user (see above). The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | +| `--cert-path` | The complete path to a directory in which certificates will be stored. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | | `--force-registration` | Include the `force_registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | From 48d7caceeaff3e9f448a50ba6cbbf55521cc2d47 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:36:11 +0000 Subject: [PATCH 6/9] typo --- product_docs/docs/pem/9/registering_agent.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index e0431ff1d76..29605edfa59 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -54,7 +54,7 @@ set PEM_SERVER_PASSWORD=edb | `--cert-path` | The complete path to a directory in which certificates will be stored. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | -| `--force-registration` | Include the `force_registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | +| `--force-registration` | Include the `force-registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | | `--group` | The name of a group inw which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | | `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. If omitted, no team will be assigned meaning all users can access this agent. | | `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. If omitted, the specified `pem-user` will be assigned as the owner. | From 5cf5d59c2e8f1cffd20d6d64e68045d8d68f3c56 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:36:42 +0000 Subject: [PATCH 7/9] Apply suggestions from code review Co-authored-by: nidhibhammar <59045594+nidhibhammar@users.noreply.github.com> --- product_docs/docs/pem/9/registering_agent.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index 29605edfa59..b374232521d 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -49,22 +49,22 @@ set PEM_SERVER_PASSWORD=edb | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | | `--pem-user` | The name of a database user with `pem_admin` and `rolcreaterole` roles (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | -| `--pem-agent-user` | The name of a database user on the PEM backend database server. This user will be used by the agent after registration to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | +| `--pem-agent-user` | The name of a database user on the PEM backend database server. After registration, the agent will use this user to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | | `--pem-ssl-mode` | The [SSL mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION) to be used by the PEM agent user (see above). The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | | `--cert-path` | The complete path to a directory in which certificates will be stored. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | | `--force-registration` | Include the `force-registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | | `--group` | The name of a group inw which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | -| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. If omitted, no team will be assigned meaning all users can access this agent. | -| `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. If omitted, the specified `pem-user` will be assigned as the owner. | +| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. No team will be assigned if omitted, meaning all users can access this agent. | +| `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. The specified `pem-user` will be assigned as the owner if omitted. | | `--allow_server_restart` | Enable the `allow_server_restart` parameter to allow PEM to restart the monitored server. The default value is `True`. | | `--allow-batch-probes` | Enable the `allow-batch-probes` parameter to allow PEM to run batch probes on this agent. The default value is `False`. | | `--batch-script-user` | The operating system user to use for executing the batch/shell scripts. The default value is none. The scripts don't execute if you leave this parameter blank or the specified user doesn't exist. | | `--enable-heartbeat-connection` | Enable the `enable-heartbeat-connection` parameter to create a dedicated heartbeat connection between the PEM agent and server to update the active status. The default value is `False`. | | `--enable-smtp` | Enable the `enable-smtp parameter` to allow the PEM agent to send the email on behalf of the PEM server. The default value is `False`. | | `--enable-snmp` | Enable the `enable-snmp parameter` to allow the PEM agent to send the SNMP traps on behalf of the PEM server. The default value is `False`. | -| `-o` | Used to override the configuration file options. See below for example usage. | +| `-o` | Used to override the configuration file options. See the below [example](#overriding-default-configurations---examples) for usage. | !!! Note Allowing the agent to restart the database server If you use any feature of PEM that requires a database server restart by the PEM agent (such as Audit Manager, Log Manager, or the Tuning Wizard), then you must set the value of `allow_server_restart` to `true` in the `agent.cfg` file or restart the server manually for changes to take effect. From 0086311a776dc28be0370cc689390fc343eb8b94 Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:37:30 +0000 Subject: [PATCH 8/9] Update product_docs/docs/pem/9/registering_agent.mdx --- product_docs/docs/pem/9/registering_agent.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index b374232521d..dda3d40dae1 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -55,7 +55,7 @@ set PEM_SERVER_PASSWORD=edb | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | | `--force-registration` | Include the `force-registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | -| `--group` | The name of a group inw which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | +| `--group` | The name of a group in which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | | `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. No team will be assigned if omitted, meaning all users can access this agent. | | `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. The specified `pem-user` will be assigned as the owner if omitted. | | `--allow_server_restart` | Enable the `allow_server_restart` parameter to allow PEM to restart the monitored server. The default value is `True`. | From bb2fd2a54eb2eb6ab285dc47189e8e213cae984e Mon Sep 17 00:00:00 2001 From: Simon Notley <43099400+sonotley@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:39:32 +0000 Subject: [PATCH 9/9] Update product_docs/docs/pem/9/registering_agent.mdx --- product_docs/docs/pem/9/registering_agent.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index dda3d40dae1..551a8e2e737 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -48,7 +48,7 @@ set PEM_SERVER_PASSWORD=edb |---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | -| `--pem-user` | The name of a database user with `pem_admin` and `rolcreaterole` roles (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | +| `--pem-user` | The name of a database user with the `pem_admin` role and the `rolcreaterole` flag set (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | | `--pem-agent-user` | The name of a database user on the PEM backend database server. After registration, the agent will use this user to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | | `--pem-ssl-mode` | The [SSL mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION) to be used by the PEM agent user (see above). The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | | `--cert-path` | The complete path to a directory in which certificates will be stored. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. |