Registering an Agent

Each PEM agent must be registered with the PEM server. The registration process provides the PEM server with the information it needs to communicate with the agent. The PEM agent graphical installer for Windows supports self-registration for the agent. You must use the pemworker utility to register the agent if the agent is on a Linux host.

The RPM installer places the PEM agent in the /usr/edb/pem/agent/bin directory. To register an agent, include the --register-agent keywords along with registration details when invoking the pemworker utility:

pemworker -–register-agent

Append command line options to the command string when invoking the pemworker utility. Each option should be followed by a corresponding value:

Option Description
–pem-server Specifies the IP address of the PEM server. This parameter is required.
–pem-user Specifies the name of the PEM user. This parameter is required.
–pem-port Specifies the port that PEM monitors for connections. The default value is 5432.
–cert-path Specifies the complete path to the directory in which certificates will be created. If you do not provide a path, certificates will be created in: On Linux, ~/.pem On Windows, %APPDATA%/pem
–display-name Specifies a user-friendly name that will be displayed in the PEM Browser tree control. The default is the system hostname.
–group The name of the group in which the agent will be displayed.
–team The name of the group role that may access the PEM Agent.
–owner The name of the owner of the PEM Agent.
–force-registration Include the force_registration clause to instruct the PEM server to register the agent with the arguments provided; this clause is useful if you are overriding an existing agent configuration. The default value is Yes.
–enable-heartbeat-connection Enable the enable-heartbeat-connection parameter to create a dedicated heartbeat connection between PEM Agent and server to update the active status. The default value is No.

You can use the PEM_SERVER_PASSWORD environment variable to set the password of the PEM Admin User. If the PEM_SERVER_PASSWORD is not set, the server will use the PGPASSWORD or pgpass file when connecting to the PEM Database Server.

Failure to provide the password will result in a password authentication error; you will be prompted for any other required but omitted information. When the registration is complete, the server will confirm that the agent has been successfully registered.

Setting PEM Agent Configuration Parameters

The PEM agent RPM installer creates a sample configuration file named agent.cfg.sample in the /usr/edb/pem/agent/etc directory. When you register the PEM agent, the pemworker program creates the actual agent configuration file (named agent.cfg). You must modify the agent.cfg file, adding the following configuration parameter:

heartbeat_connection = true

You must also add the location of the ca-bundle.crt file (the certificate authority). By default, the installer creates a ca-bundle.crt file in the location specified in your agent.cfg.sample file. You can copy the default parameter value from the sample file, or, if you use a ca-bundle.crt file that is stored in a different location, specify that value in the ca_file parameter:

ca_file=/usr/libexec/libcurl-pem7/share/certs/ca-bundle.crt

Then, use a platform-specific command to start the PEM agent service; the service is named pemagent. For example, on a CentOS or RHEL 6.x system, you would use the command:

/etc/init.d/pemagent

On a CentOS or RHEL 7.x host, use systemctl to start the service:

systemctl start pemagent

The service will confirm that it is starting the agent; when the agent is registered and started, it will be displayed on the Global Overview dashboard and in the Object browser tree control of the PEM web interface.

For information about using the pemworker utility to register a server, please see the PEM Getting Started Guide, available at:

Using a non-root User Account to Register a PEM Agent

To register a PEM agent using a non-root user, you first need to install PEM agent as a root user. After installation, assume the identity of a non-root user (for example edb) and perform the following steps:

  1. Create the .pem directory and logs directory as following and assign read, write, and execute permissions to the file:
mkdir /home/<edb>/.pem
mkdir /home/<edb>/.pem/logs
chmod 700 /home/<edb>/.pem
chmod 700 /home/<edb>/.pem/logs
  1. Register the agent with PEM server using the pemworker utility as following:
./pemworker --register-agent --pem-server <172.19.11.230> --pem-user <postgres> --pem-port <5432> --display-name <non_root> --cert-path /home/<edb> --config-dir /home/<edb>

The above command creates agent certificates and an agent configuration file (agent.cfg) in the /home/edb/.pem directory. Assign read and write permissions to these files using the command:

chmod -R 600 /home/edb/.pem/agent*
  1. Change the parameters of the agent.cfg file as following:
agent_ssl_key=/home/edb/.pem/agent<id>.key
agent_ssl_crt=/home/edb/.pem/agent<id>.crt
log_location=/home/edb/.pem/worker.log
agent_log_location=/home/edb/.pem/agent.log
  1. Update the value for path and user in the pemagent service file:
  • If you are using CentOS 6, update the pemagent service file to reflect the correct path of agent.cfg file and also change user su to su edb.
  • If you are using CentOS 7, update the parameters as following:
User=edb
ExecStart=/usr/edb/pem/agent/bin/pemagent -c /home/edb/.pem/agent.cfg
  1. Kill the agent process that was started earlier, and then restart the agent service using the non-root user as follows:

    sudo /etc/init.d/pemagent start/stop/restart

  2. Check the agent status on PEM dashboard.