1 2 Previous Next 27 Replies Latest reply on Feb 3, 2015 4:38 PM by Bill Robinson

    BladeLogic 8.5.01.231 Agent Permissions

    Curtis Martin

      I am  deploying a BLpackage to Windows servers that creates a PostgreSQL database.  The process of the creating the Postgres database apparently requires local admin rights.  How can I give the BladeLogicRSCD user local admin rights for this jobs?

       

      PS - I am used to using BSA on Linux servers and am still trying to figure out all the nuances of BSA permissions in Windows.

        • 1. Re: BladeLogic 8.5.01.231 Agent Permissions
          Bill Robinson

          The BladeLogicRSCD user should never have local admin rights.  You need to be mapped to a local user that has local admin rights.  Is that the case ?  there’s really no difference in that regard between Linux and windows.  you must always map to a user that has permissions to perform the action on the target.

          • 2. Re: BladeLogic 8.5.01.231 Agent Permissions
            Curtis Martin

            I am executing the job with a user account that has BLAdmin rights in BladeLogic.

             

            In the users.local file I see BLAdmins is mapped to the correct local account.  However, in the users file my account is not mapped to the correct user.  Which file takes priority?

            • 3. Re: BladeLogic 8.5.01.231 Agent Permissions
              Bill Robinson

              Doesn’t matter what rights in bladelogic your user has, as long as the role(s) it’s in can run the job, and the role is mapped to the correct local account on the target(s).

               

              Users.local is processed first, if there’s a match, that’s used.  if there’s no match, then users is checked.

               

              So i would confirm in the rscd.log that the bldeploy is indeed kicked off as the correct user.  then the question is how is your deploy failing ?

              • 4. Re: BladeLogic 8.5.01.231 Agent Permissions
                Curtis Martin

                Users.local looks fine but I changed the mapping in the role just to be save.  When I observe the running installation/deploy process on the target server, under what context/user should it be running?

                • 5. Re: BladeLogic 8.5.01.231 Agent Permissions
                  Bill Robinson

                  The process will run as BladeLogicRSCD but it will be assigned the rights from the mapped user.

                   

                  Why is the install failing?  is there an error ?

                  • 6. Re: BladeLogic 8.5.01.231 Agent Permissions
                    Curtis Martin

                    I’m deploying TeamQuest.  It’s a two part installation involving PostgreSQL and the TQ application.  The error appears to be permission related.

                     

                    [[1-12-2015 08:58:49]  Command '"C:\Program Files (x86)\Teamquest\Manager\bin/tqlicmgr" -u ""' terminated with exit code (7).    Creating database from custom database file.  TQDBU 11.2 PF 20141013  (America/New_York) 1/12/2015 8:58:50 AM   Copyright (c) 2012-2014 TeamQuest Corporation.  All Rights Reserved.   ESHBGMR901 Windows x64 6.3.0.9600 3092   Detecting revision 5 database specification file.   Info The PostgreSQL architecture will be used for the database.   Creating database 'production' in C:\ProgramData\teamquest\data\production   Error Unable to create role 'administrator'.   Reason: could not connect to server: Connection refused (0x0000274D/10061)      Is the server running on host "localhost" (::1) and accepting           TCP/IP connections on port 2732?   could not connect to server: Connection refused (0x0000274D/10061)           Is the server running on host "localhost" (127.0.0.1) and accepting     TCP/IP connections on port 2732?   Attempting to delete the database 'production' because of reported errors.   Failed to delete the connection information for database 'production'.]

                    • 7. Re: BladeLogic 8.5.01.231 Agent Permissions
                      Bill Robinson

                      Is the server running on host "localhost" (::1) and accepting           TCP/IP connections on port 2732?

                       

                      That doesn’t look like permission problems…

                      • 8. Re: BladeLogic 8.5.01.231 Agent Permissions
                        Curtis Martin

                        The PostgreSQL service is not starting after the installation is complete.  The application support personell have been telling me that the reason it’s not installing correctly is because the installation is running under the wrong context.  I’m trying to cover all the bases.

                        • 9. Re: BladeLogic 8.5.01.231 Agent Permissions
                          Bill Robinson

                          Ok, so are there any logs from the install itself ?  what’s the install command ?

                          • 10. Re: BladeLogic 8.5.01.231 Agent Permissions
                            Curtis Martin

                            We just got off the phone with TeamQuest support.  We have now ironed out some problems with the installation commands and we were able to install TeamQuest successfully via command line in Windows.  However, it still fails part way through the installation when it is deployed and executed with Bladelogic.

                             

                            The installation process is able to create files and folders in c:\program files but it fails when a perl script kicks off an initdb executable which first tries to create the following directory:

                             

                            c:\programdata\teamquest

                             

                            The next thing the initdb process is supposed to do is create a PostgreSQL database in that location.  But c:\programdata\teamquest is never successfully created.  TeamQuest thinks it is a permission issue.

                            • 11. Re: BladeLogic 8.5.01.231 Agent Permissions
                              Curtis Martin

                              A BMC suport case has been openned.

                               

                              ISS04412319

                               

                              From: Martin, Curtis

                              Sent: Tuesday, January 13, 2015 3:12 PM

                              To: 'jive-1311929838-1e8r-2-apxw@bmc-sdn.hosted.jivesoftware.com'

                              Subject: RE:  - BladeLogic 8.5.01.231 Agent Permissions New message on BMC Communities

                               

                              We just got off the phone with TeamQuest support.  We have now ironed out some problems with the installation commands and we were able to install TeamQuest successfully via command line in Windows.  However, it still fails part way through the installation when it is deployed and executed with Bladelogic.

                               

                              The installation process is able to create files and folders in c:\program files but it fails when a perl script kicks off an initdb executable which first tries to create the following directory:

                               

                              c:\programdata\teamquest

                               

                              The next thing the initdb process is supposed to do is create a PostgreSQL database in that location.  But c:\programdata\teamquest is never successfully created.  TeamQuest thinks it is a permission issue.

                              • 12. Re: BladeLogic 8.5.01.231 Agent Permissions
                                Bill Robinson

                                ok, so is there an error from the perl script?  can you attach the perl script ?  w/o knowing what the perl script is running or what the errors are from it, it's really hard to have any idea what might not be working.

                                • 13. Re: BladeLogic 8.5.01.231 Agent Permissions
                                  Curtis Martin

                                  I'll attach the perl script tomorrow morning. There is no error, it just hangs. Maybe we didn't wait long enough.

                                  • 14. Re: BladeLogic 8.5.01.231 Agent Permissions
                                    Bill Robinson

                                    ?it's possible it's expecting the environment of the mapped user, and when run via bsa it's getting the environment of localsystem.  does the script produce any log output so we can see where it might be hanging ?

                                    1 2 Previous Next