AnsweredAssumed Answered

Managing agent profiles for websphere

Question asked by GregSanders on Jun 22, 2018
Latest reply on Jul 10, 2018 by Hallett_German

Currently, using the websphere java probe, 10.5.1 on aix.  With websphere upgrade to WAS8.5.5.13, we have run into a few issues.  The scenario is there is one probe installation and multiple applications are using the agent and same profile.  However, the application instances are running with unique accounts. 

 

The umask in these accounts are not all the same.  So, now, if entrypoints are enabled, they are all trying to read/write to the core/config/hotdeploy directory, but with differing permissions, some are not able to read/write successfully.  It seems that sometimes there are also errors logged in the log files related that say an exception occurred checking directives files until I remove the files in the hotdeploy.  The permissions issue can also impact the core/config/dynamic and logs directories also. 

 

There are multiple issues as I indicated, but I was just wondering if someone has come up with some best practices for managing the agents in this kind of scenario that is not so hands on administratively.  The alternatives that support indicates are 1) to turn off automatic entry point detection by setting introscope.agent.deep.entrypoint.enabled to false, 2)have a unique probe install path for each account used, 3) enable read/write for any of the existing accounts, somehow (except their umask prevents this and security frowns on 777 permissions anyway. 

 

There are other issues, not necessarily related to the WAS upgrade, such as apps having issues with crossjvm process tracing with the CorID header growing and causing transactions to fail.  This kind of thing is making me lean toward multiple probe installs and/or multiple profiles, both of which bring administrative overhead.  Just wondering how others are managing agents.

Outcomes