Sisense Service Permissions
  • 18 May 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Sisense Service Permissions

  • Dark
    Light
  • PDF

Starting from Sisense Linux V8.2.1, Sisense services will run only as part of the Sisense user and will not use Root user permissions. The Sisense application is installed as a Kubernetes namespace with about 30 microservices. Starting with version L8.2.1, the services will run as the Sisense User - ID - 1000.

For deploying Sisense on a 3rd party cloud provider's Kubernetes (EKS / AKS / GKE / OpenShift), Sisense requires a Sudo to Root on the bastion machine during the installation.

During the installation, Sisense requires an Administrator role on the cluster. After the installation, the user's role can be reduced.

If you cannot provide Sudo permissions for the installation, there is a workaround to install Sisense with a Root user:

  1. Log in or switch to the Root user:

    sudo su -

  2. Enable SSH access:

    ssh-keygen
    cd /root/.ssh
    cat id_rsa.pub >> authorized_keys
    Optional: You can back up the keys as follows:
    authorized_keys
    cp authorized_keys
    authorized_keys.back

  3. Download or unpack the Sisense Linux installation archive:

    wget sisense_linux_latest.tar.gz
    tar zxf sisense_linux_latest.tar.gz

  4. Modify the installation by removing the comments out of the user validation:

    vi sisense.sh
    #validate_user_and_permission

  5. Configure your installation file:

    vi single_config.yaml]

  6. Modify the following values:

    k8s_nodes:- { node: node1, internal_ip: 0.0.0.0, external_ip: 0.0.0.0 }
    linux_user = root
    ssh_key = "/root/.ssh/id_rsa"
    external_monitoring = false

    Instead of node1, enter your hostname. Replace the value of internal ip with your host' private IP and external ip with your host public IP , even if they are both the same.

  7. Run the installation.

    ./sisense.sh single_config.yaml

  8. Disable SSH access:

    mv authorized_keys authorized_keys_remove
    Optional: You can restore the authorized keys if you backed them up.

Monitoring:

Monitoring and logging use optional infrastructure components such as Grafana, Prometheus, FluentD, and Metric bit. Some of them require the Root user, but they are optional and can be turned off if necessary.


Was this article helpful?