cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

privileges dynatrace OS user (redhat) Problem with installation

Alexander_R_
Advisor

Hi all!

Can you tell me what OS user privileges need to user dynatrace:dynatrace by default.

Insufficient system privileges on SERVER at location
's' (id=1)Dynatrace is not able to gain elevated privileges.
This means that the automatic upgrades and adding/removing nodes to cluster
will not work. Check if the executable /opt/dtrun/dtrun has the root privileges granted

User was created manually by administrators... I think, automatic user creation dynatrace:dynatrace not passed in this case.

What flags and privileges i need to add to user dynatrace:dynatrace to have ability automatic update and e.t.c.

Regards,

Alexander

12 REPLIES 12

antonio_villarr
Advisor

Hi,

Your dynatrace user needs to be able to use sudo (or similar) to run these commands without asking password:

sudo /opt/dtrun/dtrun

sudo systemctl ...

You can specify this in the file /etc/sudoers, or request this to the server administrators.

If you don't have sudo available because customer use another tool, you have to check the documentation (What if my company uses a privilege management system other than sudo?😞

https://www.dynatrace.com/support/help/installatio...

You have to request the privileges listed above and pass a special parameter to the dynatrace installer, like: /bin/sh dynatrace-managed-installer.sh ..... --sudo-cmd "/usr/bin/pbrun \$CMD"

The installer does a check on the sudo replacement you specified, and aborts if the checks fails.

In my case, customer used centrify (utility dzdo instead of sudo). Additionally to the above, I had to force that the dynatrace services start AFTER centrify service.

Regards,

Antonio V.

i have this output from /etc/passwd

dynatrace:x:1000:1000::/home/dynatrace:/bin/bash

I know that customer uses "sudo" on server....

User dynatrace include in sudoers group and can sudo command. I have no idea why it not working.

Hi,

Ok the user exists. Now, you have to request the instruction in the sudoers file where the dynatrace user is being granted to run the commands without asking password. See my last post about how to do it. You can test it yourself, try:

sudo systemctl -a

If this command requests a password, it is not configured properly. Use this as a evidence that the configuration is not correct. The line in the sudoers file should start like this:

dynatrace ALL=(ALL) NOPASSWD:/bin/systemctl, /opt/dtrun/dtrun

Regards,

Antonio V.

Ok, thanks, i will try it tommorow and tell you about results.

Thank you for help.

regards,

Alexander

emiliano
Inactive

Hi Antonio.

I have a same problem, but i need exactly what lines the sysadmin must add...

Can you help me?

Thanks in advance

antonio_villarr
Advisor

Hi,

The following is how to do it for sudo:

1.- Log in as root

2.- Specify vi as the editor to use

export EDITOR=vi

3.- Edit file /etc/sudoers. To do this you use the utility visudo, which calls the editor and checks/parse that the sintax is correct.

visudo

3.- Add this to the end of the file to allow one specific user to run a list of commands without asking password:

dynatrace ALL=(ALL) NOPASSWD:/bin/systemctl, /opt/dtrun/dtrun

where dynatrace is the service account that you are going to use to install dynatrace managed. That user should exists before running visudo.

4.- The way to test this is: log in as the user dynatrace, and run

sudo /opt/dtrun/dtrun /bin/ls /tmp

It should not prompt for a password and it should run as root the command "/bin/ls /tmp".

I think that should do the trick.

Kind regards,

Antonio V.

As you mentioned to test this, I need to login as the user dynatrace, however do you know what is the password for login into account 'dynatrace'? Since this user is created during installation.


Hi,

No idea. I had root access, so a simple "su - dynatrace" will log you in as that user.

Regards,

A.


emiliano
Inactive

Thanks a lot Antonio, i will try and let you know! one shot more... do the user must have password or shell?

Hi,

Yes, at least for the installation, it should have both: password and a shell (usually bash).

Regards,

Antonio V.

emiliano
Inactive

Antonio, amazing! the user worked successfully! Thanks for your support!

Hi Emiliano,

Good news! You welcome.

Antonio V.