New Relic and CloudLinux

To use New Relic and CloudLinux (with CageFS) together, you have to do some changes to your configuration. This post assumes that you use EasyApache 4.

Some time ago I wrote a blog post “Auto deploy New Relic apps in cPanel“, which covers steps how to make each account in cPanel their own application within New Relic. But since a lot of hosting companies use CloudLinux to increase stability and security of their system it can cause issues due to permissions.

CloudLinux will put each individual user in its own virtual environment using CageFS, this prevents users from reading big parts of the filesystem and other users processes, including things required by New Relic.

New Relic Servers / Infrastructure agent

If you use New Relic Server Monitoring or Infrastructure, you have to ensure the user that runs the agent can read the system processes, for this, you’ll have to modify your /etc/sysctl.conffile.

You need to obtain the group ID of the newrelic user, this can be done using the command:

getent group newrelic

The output will be something like newrelic:x:GroupID: – save the GroupID for later.

In your /etc/sysctl.conf you have to add following lines:

fs.proc_can_see_other_uid = 0
fs.proc_super_gid = GroupID

We put the GroupID in the above line called ‘proc_super_gid’ – it only accepts a single Group ID, so if you’re already making use of this sysctl setting, then create a group for all users that should be able to read other users processes.

When you’ve saved the file, you can apply the settings directly using sysctl -p

If you use CageFS from CloudLinux, you have to add the username to the file /etc/cagefs/exclude/systemuserlist

New Relic APM

If you use New Relic APM you also have to modify your New Relic PHP agent a bit.

To install the New Relic PHP Agent in EasyApache 4 versions, you have to do something like:

NR_INSTALL_PATH=/opt/cpanel/ea-php56/root/usr/bin; export NR_INSTALL_PATH; newrelic-install

NR_INSTALL_PATH=/opt/cpanel/ea-php70/root/usr/bin; export NR_INSTALL_PATH; newrelic-install

NR_INSTALL_PATH=/opt/cpanel/ea-php71/root/usr/bin; export NR_INSTALL_PATH; newrelic-install

This will make New Relic PHP agent detect your new versions.

You’ll also have to add your New Relic socket to the file,/etc/cagefs/cagefs.mp and afterwards perform the command cagefsctl --remount-all.

It should leave you with a working New Relic setup on CloudLinux servers.

• Share on Facebook.
• Share on Twitter.
• Share on Google+
• Share on LinkedIn