Minimum sudo rights for running the DA server

book

Article ID: 207865

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

Due to internal security requirements, we need to keep the minimum workable rights in the sudoers file post install

Cause

The docset only includes the sudo rights needed for a full install as well as long term management

Environment

Release : 20.2

Component : PERFORMANCE MANAGEMENT INSTALLATIONS/UPGRADES

Resolution

There are 2 options here:

Here is the minimum required entry for management of a single node DA after the install is finished:

    Cmnd_Alias CA_DATAAGG = /sbin/service dadaemon *,/sbin/service activemq *,/opt/IMDataAggregator/RemoteEngineer/re.sh

## Allows the Data Aggregator user to manage the Data Aggregator

Sudouser  ALL = CA_DATAAGG

….

Here is the minimum required entry for management of a fault tolerant DA after the install is finished:

Cmnd_Alias CA_DATAAGG = /opt/IMDataAggregator/RemoteEngineer/re.sh, /opt/IMDataAggregator/scripts/dadaemon *, /sbin/service/consul *,/sbin/service/consul-ext *

## Allows the Data Aggregator user to manage the Data Aggregator

dasudouser_name ALL = CA_DATAAGG

Additional Information

Please notice the difference,

for a single node DA, you manage the services directly,

but for a f/t DA you use the activate and maintenance switches.

 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/20-2/installing/prepare-to-install-the-data-aggregator.html#concept.dita_478e531f58fbbf4198c96a503f2af55490ae53fd_OptionalConfiguretheSudoUserAccountforDataAggregator