Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
rolandti Super Contributor.
Super Contributor.
182 views

opctrapi process did not start on non-root HPOM installations

Hi,

 

I have a HPOM server version 09.20.190 and HPOA version 11.14.014 running on RHEL 6.4.

During the installation I have choosed the option:

 

./ovoinstall

[...]

 - Do you want to switch HPOM to non-root operation [exit,back,?,y|n,"n"] ?
> y
Configuring non-root operation . . . . . . . . OK

 

In this non-root operation mode the process opctrapi semms no longer be able to start.

 

# ovc -status | grep opctrapi
opctrapi OVO SNMP Trap Interceptor AGENT,EA Aborted

 

The logfile /var/opt/OV/log/System.txt contains:

[...]

0: ERR: Fri Sep 19 14:30:48 2014: opctrapi (8852/140362518345504): [opcevti.cpp:1601]: Can't open SNMP session: bind() failed: Permission denied.
 (OpC30-201)
0: ERR: Fri Sep 19 14:30:48 2014: ovcd (8539/139743527388928): (ctrl-94) Component 'opctrapi' exited after very short runtime, therefore it will not be automatically restarted. Use 'ovc -start opctrapi'.

[...]

 

For me it's not a big suprise that a process running as user opc_op is not able to connect to

the priviledged port 162.

 

# grep snmptrap /etc/services
snmptrap 162/tcp # SNMPTRAP
snmptrap 162/udp snmp-trap # Traps for SNMP

 

What is the recommended way to start the process opctrapi on a non-root HPOM installation?

Any documentation links to non-root config issues are also welcome.

 

BR

--

Roland

5 Replies
Account_Closed
Not applicable

Re: opctrapi process did not start on non-root HPOM installations

the steps to setup OM agent in non-privileged mode is documented in the OM agent guides.

 

here's a short cheat-sheet to install the agent. since you are installing this with HP OM, you can set the SNMP_TRAP_PORT to 1162 (or any port higher than 1024) in eaagt namespace.

 

To install in NPU mode you can simply enter this details in a profile file,

 

set eaagt:MODE=NPU

set eaagt:SNMP_TRAP_PORT=1162

set eaagt:OPC_RPC_ONLY=TRUE

set bbc.cb:SERVER_PORT=2006

set ctrl.sudo:OV_SUDO_USER=opc_op

set ctrl.sudo:OV_SUDO_GROUP=opcgrp

set eaagt.license:ALL=PERMANENT

 

And then Run,

./oainstall.sh  –a  –c  –agent_profile  <full-path-to-profile file>  -f

 

 

To revert the NPU configuration remove the line

set eaagt:MODE=NPU and additionally set

SUDO_USER=root and

SUDO_GROUP=root and re-run the configuration using

 ./oainstall.sh  –a  –c  –agent_profile  <full-path-to-profile file>  -f.

Micro Focus Expert
Micro Focus Expert

Re: opctrapi process did not start on non-root HPOM installations

Hello Roland,

 

The OM server non-root configuration already includes the agent non-root configuration. So there is no need to re-configure the agent again.

 

But like Ram wrote, you will need to use a trap port > 1024 using SNMP_TRAP_PORT.

 

A few ideas how to deal with having the non-default trap port:

- If you are using NNMi to forward traps to OML, you can choose any port for forwarding traps, so you can configure  a trap port > 1024 there and have all your SNMP devices (that use the default 162 trap port) to report to the NNMi server.

- You could use a standalone agent on a different system that runs as root as trap destination for all the SNMP devices instead of the management server (and not use the SNMP trap policy on the management server at all).

 

Best regards,

Tobias

 

rolandti Super Contributor.
Super Contributor.

Re: opctrapi process did not start on non-root HPOM installations

Hello Ramkumar and Tobias,

 

thanks for your answers. I checked my current agent configuration and found that

variable MODE had value MIXED and the variables SNMP_TRAP_PORT, SERVER_PORT

and ALL were not defined. For this reason I decided to follow the recommendations

of Ramkumar.

The following steps has solved the probem:

 

- Creating a file /tmp/egggt_profile with:

set eaagt:MODE=NPU

set eaagt:SNMP_TRAP_PORT=1162

set eaagt:OPC_RPC_ONLY=TRUE

set bbc.cb:SERVER_PORT=2006

set ctrl.sudo:OV_SUDO_USER=opc_op

set ctrl.sudo:OV_SUDO_GROUP=opcgrp

set eaagt.license:ALL=PERMANENT

 

# cd /opt/OV/bin/OpC/install

# ./oainstall.sh -a -configure -agent_profile /tmp/eaagt_profile
INFO: Checking if HP Operations-agent is installed
INFO: HP Operations-agent is installed, configuration starting
====================================================================================
INFO: HP Operations agent configuration started on - Tue Sep 23 10:46:28 CEST 2014
====================================================================================
INFO: Configuring the HPOvXpl component...
INFO: Configuring the HPOvSecCo component...
INFO: Configuring the HPOvBbc component...
INFO: Configuring the HPOvSecCC component...
INFO: Configuring the HPOvCtrl component...
INFO: Configuring the HPOvDepl component...
INFO: Configuring the HPOvConf component...
INFO: Configuring the HPOvPacc component...
INFO: Configuring the HPOvPerlA component...
INFO: Configuring the HPOvPerfMI component...
INFO: Configuring the HPOvGlanc component...
INFO: Configuring the HPOvPerfAgt component...
INFO: Configuring the HPOvAgtLc component...
INFO: Configuring the HPOvEaAgt component...
INFO: Configuring the HPOvOpsAgt component...
======================================================================================
INFO: HP Operations agent configuration is complete - Tue Sep 23 10:49:01 CEST 2014
======================================================================================

INFO: Performing the HP Operations agent product activation...
eaagt_profile

INFO: HP Operations agent product activation completed successfully
INFO: HP Operations-agent configuration is successful

 

Now the process opctrapi is running as user opc_op.

 

[root@cls1205 log]# ovc -status | grep opctrapi
opctrapi OVO SNMP Trap Interceptor AGENT,EA (19672) Running

 

[root@cls1205 log]# ps -ef | grep 19672
root 2882 16091 0 11:35 pts/1 00:00:00 grep 19672
opc_op 19672 16434 0 11:04 ? 00:00:00 /opt/OV/lbin/eaagt/opctrapi

 

BUT from now on I get a lot of new OVO messages/error messages in System.txt:

 

[...]

0: ERR: Tue Sep 23 11:38:09 2014: ovoareqsdr (16751/140565471258400): [uxping.c:1319]: Could not send IP package to host with address <ip-address>.
No appropriate route statement.
Bad file descriptor (OpC20-1103)
Could not open socket
Operation not permitted (OpC20-1100)
Can't initialize the alive check for the responsible HPOM
management servers. (OpC30-40)

[...]

 

The command ping to the corresponging IP addresses are working but

the "alive check" seems to no longer work.

For this reason I will switch back to run the agent in root mode.

 

Any hints what is going wrong here?

 

BR

--

Roland

Account_Closed
Not applicable

Re: opctrapi process did not start on non-root HPOM installations

In general when you change the port of communication on the node with the [eaagt].SERVER_PORT setting, you need to let the server know of the change in port number too.

 

On the server add this config setting -

 

[bbc.cb.ports]
PORTS=nodename.domain.com:2006

 

Use comma for additional entries. like here - node1:13001,node2:443,node3:12345

 

This should at least ensure that that communication from server to node works. i don't know if alive check is affected because of this.

rolandti Super Contributor.
Super Contributor.

Re: opctrapi process did not start on non-root HPOM installations

Hello Ramkumar,

 

under this circumstances I will go back to run the agent as root

because the config effort is too complex.

Thanks for your feedback.

 

BR

--

Roland

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.