Absent Member.. Absent Member..
Absent Member..
668 views

Use of sudo in DDMA

Hi

 

Can anyone share their experience with using sudo when running discovery jobs?  I'm trying to run host connection by shell and host resource and application by shell jobs.

 

How should I set up the credential? And how should the target be configured?

 

I'm not so familiar with sudo, any input would be of great help.

 

 

Thanks

Ang

Tags (1)
0 Likes
5 Replies
Absent Member.. Absent Member..
Absent Member..

Hi Ang,

 

Did you get it to work now? If not what is the problem, it should be really simple.

make shure the user exists on the node to be discoverd, and that he has the rights to execute the nescesary commands via sudo, edit /etc/sudoers.

Then import his ssh key in the users authorized_key file that you also use in credential manager.

Absent Member.. Absent Member..
Absent Member..

Hi Ronald

 

Yes, I did get it to work, probably not the best way since I set * for sudo commands. Still fine tuning at the moment. What's the best way to go about this? Configure command by command?

 

 

 

 

 

 

0 Likes
Absent Member.. Absent Member..
Absent Member..

You can set it per command but we use * also. We only use sudo to prevent the command history of root being poluted with all the commands the discovery process is creating.

0 Likes
Absent Member.. Absent Member..
Absent Member..

I guess that's one way to go. I'll stick with the * for the time being, unless the security guys start making noise 😄

0 Likes
Absent Member.. Absent Member..
Absent Member..

I've implemented it both ways - using * and command by command.  The * method is certainly easier, if it's allowable under whatever security policies are in place.

 

If you do it command by command, it's just a delimited list in the credential set.  You have to make sure the commands listed match the sudo rules on the target systems though, and ensure the NOPASSWD option is set for your sudo user on the targets.

 

-Mike

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.