Follow

How To Install, Upgrade or Apply Service Packs (ZenUp) To Resource Manager Without Using A root Privileged User

Applies To

  • Zenoss 4.2.3 and later

Summary

When you install, update, or upgrade Zenoss Resource Manager, the procedures documented in the Zenoss Service Dynamics Resource Manager Installation guide assume that the administrator completing the procedures can run as root. However, root privileges may not be available to administrators tasked with installing, updating or upgrading Resource Manager. This document explains methods for completing these tasks while running as a non-root user.

Procedures

The following procedures assume:

  • The personnel responsible for administering the Resource Manager host operating systems are different from those administering the Resource Manager application. This article will refer to these teams as "Server Administrators" and "Resource Manager Administrators" for the sake of clarity.
     
  • The Server Administrators have root level access to the host operating systems, while the Resource Manager Administrators do not.
     
  • The Resource Manager Administrators get an independent login to the host operating system. In the examples below the user detailed will be zenossadmin.
     
  • The zenossadmin user has sudo privileges enabled by adding zenossadmin to the /etc/sudoers file. This account is granted sudo access either to the specific list of commands needed or to all commands. This document will detail both scenarios.

Scenario 1: Installing Or Upgrading Zenoss Resource Manager As a Non-root User With The Least Viable Privileges

The following steps must be completed by the Server Administrators prior to the installation of Resource Manager on the host:

  1. Log on to the host server as root or as a user with full root privileges.
  2. Create the non-root zenosadmin user.
  3. Using the visudo command, add the following line to the /etc/sudoers file for zenossadmin:

    zenossadmin ALL=/sbin/service, /sbin/iptables, /sbin/chkconfig, /bin/rpm, /usr/bin/yum, /bin/tar, /usr/sbin/rabbitmqctl, /bin/su zenoss

  4. Complete the Disabling SELINUX and Installing Oracle Java sections in the Zenoss Service Dynamics Resource Manager Installation guide.

    Note: the root user will be needed subsequent to these steps for one more action during the installation process. After the zends and / or the zenoss installation rpms are run, a password must be created for the zenoss user such that the zenossadmin user can change to the zenoss user using the su command.

The following must be completed by the Resource Manager Administrators:

  1. Log on to the host system as zenossadmin.
  2. Complete the remaining steps detailed in the Zenoss Service Dynamics Resource Manager Installation guide to install, update or upgrade Resource Manager. Prepend each command that requires root privileges with sudo.

    Note: When required, switch to the zenoss user by entering the following command:

    # su - zenoss

Scenario 2: Installing Or Upgrading Zenoss Resource Manager as a Non-root User With Full sudo Privileges

The following steps must be completed by the Server Administrators prior to the installation of Resource Manager on the host:

  1. Log on to the host server as root or as a user with full root privileges.
  2. Create the zenossadmin user.
  3. Using the visudo command, create the following line in the /etc/sudoers file for zenossadmin:

    zenossadmin ALL=(ALL) ALL

The following must be completed by the Resource Manager Administrators:

  1. Log on to the host server as zenossadmin.
  2. Complete the steps detailed in the Zenoss Service Dynamics Resource Manager Installation guide to install, update or upgrade Resource Manager. Prepend each command that requires root privileges with sudo.

    Note: When required, switch to the zenoss user by entering the following command:

    # su - zenoss

Adding a Remote Collector to Resource Manager as a Non-root User (Both Scenarios)

The following steps must be completed by the Server Administrators prior to the host being added to Resource Manager as a collector:

  1. Log on to the new collector host as root.
  2. Create the zenossadmin user.
  3. Using the visudo command, follow the syntax detailed above for either Scenario 1 or Scenario 2 to create the appropriate line in the /etc/sudoers file for the zenossadmin user. If sudo access to all commands is not desired (Scenario 1), review the procedures for preparing a collector host detailed in the Zenoss Resource Manager Installation guide and add only those commands to the user's line in /etc/sudoers that are necessary.

The following must be completed by the Resource Manager Administrators:

  1. Log on to the new collector host as the zenossadmin user.
  2. Install the required software and configurations for the remote collector by following the instructions in the Zenoss Resource Manager Installation guide. Ensure that you follow the steps that correspond to the Zenoss user SSH keys method. Prepend each command that requires root privileges with sudo.
  3. Add the new collector to the Resource Manager deployment by following the instructions in the Zenoss Resource Manager Installation guide. Ensure that you follow the steps that correspond to the Zenoss user SSH keys method.

Adding a Remote Hub to Resource Manager as a Non-root User (Both Scenarios)

The following steps must be completed by the Server Administrators prior to the installation of Resource Manager on the host:

  1. Log on to the new hub host as root.
  2. Create the zenossadmin user.
  3. Using the visudo command, follow the syntax detailed above for either Scenario 1 or Scenario 2 to create the appropriate line in the /etc/sudoers file for the zenossadmin user. If sudo access to all commands is not desired (Scenario 1), review the procedures for preparing a hub host detailed in the Zenoss Resource Manager Installation guide and add only those commands to the user's line in /etc/sudoers that are necessary.

The following must be completed by the Resource Manager Administrators:

  1. Log on to the new collector host as the zenossadmin user.
  2. Install the required software and configurations for the remote hub. Follow the installation instructions in the Zenoss Resource Manager Installation guide. Ensure that you follow the instructions that correspond to the Zenoss user SSH keys method. Prepend each command that requires root privileges with sudo.
  3. Add the new hub to the Resource Manager deployment by following the instructions in the Zenoss Resource Manager Installation guide. Ensure that you follow the steps that correspond to the Zenoss user SSH keys method.
Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk