Adding the user root as a SDM admin user

Whenever a remote component is contacted by a user, the SDM system needs some credentials in order to authenticate the user.  The credentials can be stored in a keystore (default location <local_spool_dir>/security/users/<username>.keystore) or username/password (you need the global -ppw switch).

The default installation only creates the keystore for the SDM administrator. The user, root, has no keystore.

If any sdmadm command, started as the user root, communicates with any remote component, it will end up with a "permission denied" error.

However, for some commands such as the command show_resource_types, show_modules and show_bootstrap_config does not communicate with a remote component. These commands can be invoked without having any credentials.

The following steps show how to create a keystore for the user root manually.


# export SDM_SYSTEM=sdm62beta2 [Equivalent to the global -s sdm62beta2 flag]


# env|grep SDM
SDM_SYSTEM=sdm62beta2

# sdmadm -ppw add_admin_user -au root
[One-time only]
username [root] > sdmadmin
password >           
[password for the SDM admin user]
Admin user "root" added

After the user root has been added to the admin user list, you can use the username and password of the user root for authentication.

In a next step you can create the private keys and certificates of the user root on the SDM master_host, node0, in this example.

# sdmadm -ppw add_admin_user_cert -e root@node0 -au root
[One-time only]
username [root] >  
password >        
[Password for the user root]
Private key and certificate for user, root, succesfully created

Now the private keys and certifiates are created in the certificate authority of the SDM.  To use it, they must be stored in an keystore on the host where you want to run the SDM commands as the user root.

# sdmadm -ppw update_keystore -n root -t user 
[Repeat on each host]
username [root] >
password >       [Password for the user root]

The specified keystore has been exported to the local SDM spool directory as shown below:

/var/spool/sdm/sdm62beta2/security/users/root.keystore


# find /var/spool/sdm/ | grep keystore
/var/spool/sdm/sdm62beta2/security/users/sdmadmin.keystore
/var/spool/sdm/sdm62beta2/security/users/root.keystore
/var/spool/sdm/sdm62beta2/security/daemons/cs_vm.keystore
/var/spool/sdm/sdm62beta2/security/daemons/executor_vm.keystore
/var/spool/sdm/sdm62beta2/security/daemons/rp_vm.keystore

Now the user root can execute any SDM commands:

# sdmadm -s sdm62beta2 show_component
host  jvm         component         type             state
-----------------------------------------------------------------
node0 executor_vm ca                Other            STARTED
                  executor          Executor         STARTED
      rp_vm       reporter          Other            STARTED
                  resource_provider ResourceProvider STARTED
                  spare_pool        Service          STARTED
node1 executor_vm executor          Executor         STARTED
node2 executor_vm executor          Executor         STARTED
node3 executor_vm executor          Executor         STARTED

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Chansup Byun

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today