Does the DX NetOps Performance Management tool allow the install to be owned by an AD user? Can it be owned by a non-local external user?
We have used the local user accounts with sudo level access while installing the DX NetOps solution CAPM, the account is having permissions to the application directories/ files.
As per our organization security policy, password for the local user accounts needs to changed for every 30 days. Due to this we are facing issues at application end as well.
So we are planning to replace the local user accounts with Active Directory service accounts, because this account has an exception for password expiry.
Here, we need your support/ guidance to perform this activity as we are not aware about the list of changes to be done in order to achieve it [ i.e, configuration file modification, DB level modification, file permission level modification etc., ]
How to replace the local user accounts with Active Directory service account
All supported DX NetOps Performance Management releases
Environmental restrictions prevent use of local OS level users.
For all component systems external users are acceptable. They still are required to meet sudo user requirements for successful installation and operation of the software.
Portal, Data Aggregator and Data Collector systems
The DX NetOps Performance Management Portal, Data Aggregator and Data Collector install owners can be external users. There is no requirement to use a local OS level user as the install owner.
The install owner, if not using a root user, does still need to meet the sudo user access requirements in order to successfully install and operate the software on the server.
To move from a local user (root or sudo users) to a non-local external user for the install ownership we would run a reinstall on top of the existing installation. When running the install on top of the existing installation, when prompted for the install owner user specify the new external user. When doing so it will update the necessary files and configure the system to run as the new external or AD user.
Data Repository Vertica DB clusters
Here the external user will need to meet sudo user requirements. It will also need to be capable of successful node to node SSH commands in a multi-node cluster.
For the DR you can create a LDAP user for the dradmin (or whatever user owns the install) with the group (verticadba) for the user and it can use the LDAP account and remove the account in the /etc/passwd file.
Note the DR will complain on an upgrade as it requires a local user. Here is the workaround for DR upgrade.