Agent configuration parameters
Theme: Configure
Who Is It For? System Administrator
What is it?
Reference for Unix Agent configuration parameters covering job handling, user impersonation, health monitoring, and privilege settings.
- When configuring the maximum number of jobs the agent can simultaneously manage
- When setting job submission permissions, such as allowing or restricting root-level job runs
- When enabling agent self-monitoring or defining the action taken upon detection of a malfunction
- When configuring user impersonation behavior for job execution
Configuration parameters
The following parameters reference basic agent settings for job handling, user impersonation, health monitoring, and privilege configuration.
max_number_of_jobs_to_run
Default Value: 50
Description:
- Defines the maximum number of jobs the agent can simultaneously manage.
- The value for this parameter must be numeric and greater than zero.
The machine's capabilities (e.g., memory, processor speed, and so forth) determine this maximum.
- Typical customer usage ranges from 10 to 30 jobs.
- The agent can detect a change to this setting when the agent is refreshed with the lsam
<SAM_Socket>refresh command. For information on the agent refresh command, refer to lsam refresh.
If setting the MAX_NUMBER_OF_JOBS_TO_RUN parameter to a high value (i.e., greater than 50), ensure that your system can manage the load; otherwise, the system may hang. The minimum number of processes which are generated is 10 + (2 * MAX_NUMBER_OF_JOBS_TO_RUN). For example, if set to 200, then the system must be able to handle at least 410 processes.
allowed_privileged_runs
Default Value: 1
Description:
- Enables/Disables the processing of jobs submitted as root
(0/0). - If set to zero, the agent does not process jobs submitted as root
(0/0). - If set to one, the agent processes jobs submitted as root
(0/0).
require_HOME_directory
Default Value: 0
Description:
- Enables/Disables the requirement that all users who submit OpCon jobs have $HOME directories on the system.
- If set to zero, the agent attempts to issue a UNIX "cd $HOME" command before starting a job. The job proceeds without indicating if the "cd" command was successful. This is the traditional behavior of the agent. If the "cd" command fails, the job executes at the root ("/").
- If set to one, the agent aborts jobs submitted by a user with no $HOME directory (i.e., the "cd $HOME" command fails).
LSAM_job_statistics
Default Value: 0
Description:
- Enables/Disables reporting of resource-usage statistics for users' jobs.
- If set to zero, the agent does not report resource-usage statistics for users' jobs.
- If set to one, the agent reports resource-usage statistics for users' jobs.
- This applies to all jobs. Note that this can result in creation of a large amount of data on the SAM machine, which can adversely affect SAM's performance.
monitor_LSAM_health
Default Value: 60
Description:
- The period (in seconds) the agent performs self-monitoring for signs of malfunction.
- Zero disables agent self-monitoring.
- The parameter requires a minimum of 30 seconds.
LSAM_malfunction_action
Default Value: 1
Description:
- This parameter determines, if self-monitoring is enabled (refer to above), the action to be taken upon detection of an agent malfunction:
- If set to one, the agent terminates itself.
- If set to two, the agent sends an event (i.e., the first line of file "
$LSAM_ROOT/config/<SMA_LSAM_INSTANCE>/LSAM_malfunction_event") to the SAM-SS.- Ensure that "LSAM_malfunction_event" contains a valid OpCon event. For more information, refer to Introduction in the OpCon Events online help.
- To prevent the generation of recurring events, the agent disables self-monitoring upon detection of a malfunction.
LSAM_0_255
Default Value: yes
Description:
This is the global configuration setting for how the agent will impersonate users when running jobs. For a full discussion of the options, please refer to "Considerations for path_to_su" below this table.
The options for this setting include:
- no: Setting the value to no causes the agent to use the legacy method of user impersonation for all jobs.
- yes or the full path to the su program: Setting the value to yes or the full path to su causes the agent to use the su method of user impersonation for all jobs.
Full path Examples:
/usr/bin/su
/bin/su
/sbin/su
Considerations for path_to_su
Before deciding to change from the default of "No" for the path_to_su configuration setting, it is important to consider the differences in behavior between the options.
When switching the value for path_to _su, be sure to retest all jobs running through this LSAM. Differences in behavior can cause jobs to start failing that previously were finishing OK.
When path_to_su is set to No, the agent will not load your profile when a job runs. The agent will use only the user name/id and group name/id passed with the job to determine permissions for the job execution. If a user is a member of multiple groups, only the group defined in the job will be honored. You can also configure the user_setup script to emulate a profile script for all things except interactive commands. For more information refer to Edit the user_setup Script.
If you set path_to_su to yes, the agent will search in default directories for the su program at startup and log the location where it is found. If either su method is used, all jobs will run calling "su -" to perform user impersonation. The agent will load the profile for your default shell as well as your full group list. The su utility will then handle all command line interpretation, including special characters. Since the agent is not running as a logged in user, any command in the profile that requires a console to be logged in may not run successfully.
Jack Henry provides for AIX servers for running Episys with a standard profile configuration with settings that require the Unix Agent to be configured with path_to_su set to no.
If the LSAM is configured to use "su" to run the jobs, and the su executable is not found on start up, the LSAM will log an error and stop.