PASOE Broker Owner/Username

Posted by Jeff Ledbetter on 10-Apr-2019 18:05

Hi.

In "traditional" AppServer, one can specify a broker owner (i.e. username) that the agent runs under. If not specified, it inherits the user specified for the Admin Server. That property is N/A for PASOE. Is there a way to specify a username for the agent in PASOE? 

All Replies

Posted by marian.edu on 11-Apr-2019 13:10

I will simply assume Windows here, if you register the pasoe (tomcat) instance as a service you can then set a different user for it as for any other service.


Marian Edu

Acorn IT 
www.acorn-it.com
www.akera.io
+40 740 036 212

Posted by Jeff Ledbetter on 11-Apr-2019 13:17

Hi Marian. My question is for all supported platforms, but especially Linux in this case.

Posted by Peter Judge on 11-Apr-2019 14:00

Are you looking for the user that runs the instance?  
 
 

Posted by Jeff Ledbetter on 11-Apr-2019 14:04

I want to know how to specify the user/owner (like in traditional appserver) when setting up a PASOE instance.

Posted by Peter Judge on 11-Apr-2019 14:08
Posted by Jeff Ledbetter on 11-Apr-2019 14:13

I've never used tcman. I just set it up in OpenEdge Explorer. Are those options available there somewhere that I am overlooking?

Posted by Paul Koufalis on 11-Apr-2019 14:14

[mention:9e4ee96fac634b8f91b580e1fb4f7e71:e9ed411860ed4f2ba0265705b8793d05] I seem to remember that the -U and -G switches are broken.

Posted by Matt Baker on 11-Apr-2019 14:19

The -U and -G switches are supposed to set the file ownership.  They don't control the user that owns the process.  There is not a way provide the user that runs the process from OEE.  What "can" do, at least on windows, is register the process as a service, and start the service under a particular user account.

Posted by Jeff Ledbetter on 11-Apr-2019 14:23

"The -U and -G switches are supposed to set the file ownership."

That is what I am interested in: controlling the ownership of OS files that my PASOE ABL application writes.

In traditional AppServer, setting the broker owner accomplished this. I do not see a way through the OpenEdge Explorer/Management to set a similar value.

Posted by Jeff Ledbetter on 11-Apr-2019 14:24

I tried to edit my post and it disappeared, so here it is again (sorry for duplicate if it reappears):

"The -U and -G switches are supposed to set the file ownership."

That is what I am interested in: controlling the ownership of OS files that my PASOE ABL application writes.

In traditional AppServer, setting the broker owner accomplished this. I do not see a way through the OpenEdge Explorer/Management to set a similar value.

Posted by Peter Judge on 11-Apr-2019 14:38

If it’s not available, and it should be, then that’s a bug – please log it.
 
 

Posted by Jeff Ledbetter on 11-Apr-2019 14:45

I'm not sure if it is available or not because I don't quite know what I am looking for. In the migration guide, the table indicated that there was no matching username property (N/A) hence my original post. I don't know much about Tomcat; I assumed that OpenEdge Management would hide the complexities.

Posted by Matt Baker on 11-Apr-2019 14:47

OEE definitely does not have these options during create.  They are only available on the command line.

Posted by Jeff Ledbetter on 11-Apr-2019 14:56

As Paul point out, they do not work (according to this kbase):

knowledgebase.progress.com/.../Unable-to-use-U-and-G-options-with-tcman-create-or-pasman-create

Perhaps this is the work-around:

knowledgebase.progress.com/.../Is-it-possible-to-run-a-PASOE-instance-as-a-non-root-user

I've never used tcman so I guess this will be an adventure.

Posted by Roy Ellis on 11-Apr-2019 15:24

Hi Jeff,

if you are using OE Explorer to start the PASOE instance, it will use what ever user started the AdminServer on that same machine.

So stop your AdminServer (proadsv -stop).

Then change to the user you want to run both AdminServer and PASOE instances

Start AdminServer (proadsv -start)

Once started, start PASOE

LMK, Roy

Posted by Jeff Ledbetter on 11-Apr-2019 16:32

Hi Roy. Thanks. That would be a valid work-around but not really a solution to what we (or our customers) may need. Going back to my traditional appserver example, one may have their admin server starting as a root but want/need to specify different appserver broker owners for each appserver that is running. For PASOE, it looks like this is something that has to be done via the command line with tcman. We'll have to educate ourselves on using it and see if that is a solution. I was under the impression that one could do everything they need via OEM.

Posted by David Cleary on 11-Apr-2019 16:46

PASOE doesn’t require an admin server in production. Having said that, maybe there is an enhancement request for OEM/Admin Server to support this functionality. Does your software rely on an admin server?
 
Dave
 

Posted by Jeff Ledbetter on 11-Apr-2019 16:54

Hi.

What would the enhancement request be? The ability to specify the -U and -G via the OEM UI? If so, then I am all for that.

"Does your software rely on an admin server?"

Not specifically; it just runs on an appserver.

My overall goal with this question is to be able to provide our users some general guidance when they are setting up our application (Rountable) on either a traditional AppServer or PASOE server. Since PASOE is new to many, the more questions that we can answer up-front in our installation documentation the better.

Posted by David Cleary on 12-Apr-2019 12:54

-U -G is only applicable at instance creation time, and because the workaround is to manually use chown and chmod, it hasn’t been a high priority.
 
Starting a PASOE instance under a specific user is a feature for the entity that is starting it. In this case it would be OEM/Admin Server. This currently isn’t in our backlog, so working with PM and the OEM Product Owner to get it created and prioritized would be what I suggest.
 
Dave
 

Posted by Jeff Ledbetter on 12-Apr-2019 13:12

Ok.

Just to clarify.. assuming that the -U and -G parameters work at instance creation time, does that mean the instance will inherit those at run-time as well? And any OS access/file-creation will respect those values? If so, that is probably fine.

The doc states:

"–U user_id

Specify the user-id of the owner of all the files and directories of the instance. The default is the user-id of the current process"

The last sentence confused me a bit. If this a tcman parameter, what is meant by "use-id of the current process"? Since this is is the command-line, the user-id executing the command?

Posted by David Cleary on 12-Apr-2019 13:18

That just means if you don’t specify -U, then the file owner will be the user that executed the tcman command.
 
Dave
 

This thread is closed