Run JMXFetch as a different user (to use AttachAPI for instance)

README.md

These instructions are known to work with version 5.10.1 of the packaged linux Datadog Agent

Using the AttachAPI can require running JMXFetch as the same user as the JVM you want to monitor.

To run JMXFetch as the jmv_user user (once you've identified which user your JVM is running as), please follow these steps:

1. Make 2 changes on the /etc/dd-agent/supervisor.conf file: supervisord should be configured to run with user=root and jmxfetch with user=jvm_user. See lines 20 and 58 of the attached file below.
2. Add jvm_user to the dd-agent group (on Debian distros: sudo usermod -G dd-agent jvm_user, on RHEL: sudo gpasswd -a jvm_user dd-agent)
3. Grant the dd-agent group write access to the JMXFetch log file and the agent's run directory (/opt/datadog-agent/run/): sudo chmod -R g+w /var/log/datadog/jmxfetch.log /opt/datadog-agent/run/
4. Restart the Agent: sudo /etc/init.d/datadog-agent restart

NB: The permissions on the /var/log/datadog/jmxfetch.log log file are currently not guaranteed to persist when the log file is rotated. Please double check the permissions on this file if no entries get written to it while JMXFetch is running.

supervisor.conf

[supervisorctl]
serverurl = unix:///opt/datadog-agent/run/datadog-supervisor.sock

[unix_http_server]
file=/opt/datadog-agent/run/datadog-supervisor.sock

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisord]
http_port = /opt/datadog-agent/run/datadog-supervisor.sock
minfds = 1024
minprocs = 200
loglevel = info
logfile = /var/log/datadog/supervisord.log
logfile_maxbytes = 50MB
nodaemon = false
pidfile = /opt/datadog-agent/run/datadog-supervisord.pid
logfile_backups = 10
user=root
environment=PYTHONPATH=/opt/datadog-agent/agent:/opt/datadog-agent/agent/checks,LANG=POSIX

[program:collector]
command=/opt/datadog-agent/embedded/bin/python /opt/datadog-agent/agent/agent.py foreground --use-local-forwarder
stdout_logfile=NONE
stderr_logfile=NONE
priority=999
startsecs=5
startretries=3
user=dd-agent
environment=PYTHONPATH='/opt/datadog-agent/agent:/opt/datadog-agent/agent/checks/libs:$PYTHONPATH'

[program:forwarder]
command=/opt/datadog-agent/embedded/bin/python /opt/datadog-agent/agent/ddagent.py
stdout_logfile=NONE
stderr_logfile=NONE
startsecs=5
startretries=3
priority=998
user=dd-agent

[program:dogstatsd]
command=/opt/datadog-agent/embedded/bin/python /opt/datadog-agent/agent/dogstatsd.py --use-local-forwarder
stdout_logfile=NONE
stderr_logfile=NONE
startsecs=5
startretries=3
priority=998
user=dd-agent

[program:jmxfetch]
command=/opt/datadog-agent/embedded/bin/python /opt/datadog-agent/agent/jmxfetch.py
stdout_logfile=NONE
stderr_logfile=NONE
redirect_stderr=true
priority=999
startsecs=3
user=jvm_user

[program:go-metro]
command=/opt/datadog-agent/bin/go-metro -cfg="/etc/dd-agent/conf.d/go-metro.yaml"
stdout_logfile=NONE
stderr_logfile=NONE
redirect_stderr=true
priority=999
startsecs=2
startretries=2
user=dd-agent

[group:datadog-agent]
programs=forwarder,collector,dogstatsd,jmxfetch,go-metro

if anyone else finds this and struggle, I also had to change the systemd config for the service to run as root:

systemctl edit datadog-agent.service

And then use this as the config:

[Service]
User=root