Use of sudo in DDMA
Can anyone share their experience with using sudo when running discovery jobs? I'm trying to run host connection by shell and host resource and application by shell jobs.
How should I set up the credential? And how should the target be configured?
I'm not so familiar with sudo, any input would be of great help.
Did you get it to work now? If not what is the problem, it should be really simple.
make shure the user exists on the node to be discoverd, and that he has the rights to execute the nescesary commands via sudo, edit /etc/sudoers.
Then import his ssh key in the users authorized_key file that you also use in credential manager.
Yes, I did get it to work, probably not the best way since I set * for sudo commands. Still fine tuning at the moment. What's the best way to go about this? Configure command by command?
You can set it per command but we use * also. We only use sudo to prevent the command history of root being poluted with all the commands the discovery process is creating.
I've implemented it both ways - using * and command by command. The * method is certainly easier, if it's allowable under whatever security policies are in place.
If you do it command by command, it's just a delimited list in the credential set. You have to make sure the commands listed match the sudo rules on the target systems though, and ensure the NOPASSWD option is set for your sudo user on the targets.