Setting and securing the tmp directory for the DataStax Agent
About this task
Many enterprise security policies require mounting /tmp directories with the no execution (noexec) flag.
OpsCenter runs the JVM using Jython, which requires access to its temporary directory to which it can copy executable files.
The JDK requires an executable directory to start and is mapped to /tmp by default.
If the /tmp directory has the noexec flag set, the agent cannot start.
By default, the DataStax agent when installed by deb or rpm packages runs as the same user as DSE, which is cassandra.
If you are running the agent as a different user (tarball install), see Setting permissions to run the DataStax Agent as the DSE user.
Remap the default temporary directory to a different (executable) directory and change its permissions to allow full access for the agent. Follow this procedure to securely mount a /tmp directory for OpsCenter and the DataStax agent.
Procedure
-
Create a temporary directory and grant full access to the
cassandrauser. -
Locate the datastax-agent-env.sh file. The default location of this DataStax agent environment shell script depends on the type of installation:
-
Package installations: /etc/datastax-agent/datastax-agent-env.sh
-
Tarball installations: install_location/agent/conf/datastax-agent-env.sh
-
-
Map the new temporary directory in the datastax-agent-env.sh file by specifying its path.
Set the
-Djava.io.tmpdirproperty to the path for the new /tmp directory.JVM_OPTS="$JVM_OPTS -Xmx512M -Djava.io.tmpdir=/path/to/tmp/dir"The example also shows doubling the agent max heap size to
512Mwith the-Xmxproperty. -
Save the file and restart the agents.
