automated_deployment_engine sudo user is not allowed to execute when trying to auto-deploy Robot
search cancel

automated_deployment_engine sudo user is not allowed to execute when trying to auto-deploy Robot

book

Article ID: 384424

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

12112024 14:26:29,694 [pool-6-thread-1] DEBUG RobotRPMCommon$InstallRPM - Install command : sudo rpm -ivh /tmp/nimsoft-robot.x86_64.rpm --prefix /opt/nimsoft
12112024 14:26:29,882 [pool-6-thread-1] INFO  RobotRPMCommon$InstallRPM - Output from sudo rpm -ivh /tmp/nimsoft-robot.x86_64.rpm --prefix /opt/nimsoft on target <FQDN>: Password123$ Please enter AD password: Sorry, user svcuimdeploy01 is not allowed to execute '/usr/bin/sudo rpm -ivh /tmp/nimsoft-robot.x86_64.rpm --prefix /opt/nimsoft' as root on <FQDN> RC: 1
12112024 14:26:29,884 [pool-6-thread-1] ERROR AbstractDeploymentStrategy - Error encountered during command InstallRPM.
12112024 14:26:29,885 [pool-6-thread-1] INFO  AbstractDeploymentStrategy - Executing rollback.

We are getting the error below while deploying linux rpm package automatically from UIM application using this probe - automated_deployment_engine.

<hosts>
 <host>
 <profile>centos</profile>
 <arch>64</arch>
 <hostname><hostname_FQDN></hostname>
 <username><userid></username>
 <password><sample_password></password>
 <sudo_password><sample_password></sudo_password>
 <domain>sample_domain</domain>
 <hubip><ip_address></hubip>
 <hub>sample_hub</hub>
 <hubrobotname><sample_robot></hubrobotname>
 <hubport>48002</hubport>
 <robotname><hostname></robotname>
 <tempdir>/tmp</tempdir>
 <installdir>/opt/nimsoft</installdir>
 </host>
</hosts>

I'm using a user with sudo access and can install the package manually from the server but through auto deployment it's failing.

Environment

  • CentOS 7.9
  • DX UIM 20.4 CU6

Resolution

Linux (CentOS) notes
------------------------------

  • The UIM robot must be version v9.38 or later.

  • The source and target systems must have /bin/bash, ssh (secure shell), and glibc. Most supported Linux distributions include bash and ssh by default; all versions include glibc by default.

  • You must have access to root or a non-administrative account that supports sudo to perform per-command, root-level operations.

  • The sudo_password parameter is only required for non-root users with administrative privileges.

  • sudo_password (Password string for sudo).

  • This password lets you use sudo over SSH during installation. 

    The ssh password is still required. 

    This parameter is not applicable to root users.

  • Ensure that you are adding the following commands to the NOPASSWD: section for your sudo user. Also, ensure that you are using the visudo command to edit the etc/sudoer file, not a text editor.

    • (root) /usr/bin/sh -c /usr/sbin/pkgadd -d /tmp/nimsoft-robot-amd64 -a /tmp/ask < /tmp/input
    • (root) /usr/bin/bash /opt/nimsoft/install/RobotConfigurer.sh
    • (root) /etc/init.d/nimbus start

Add Non-Root User to sudoers File (Linux)

  • Perform the following steps to add the non-root user to the sudoers file. If the robot service start/stop privilege is not needed for the non-root user with sudo, you can remove the respective user from the sudoers file after the installation.

  • Create a non-root user.

  • Open the sudoers file from the /etc directory:

  • Use visudo to add the privileges to the non-root user.

  • For example (assuming that the operator is a non-root user)

    operator ALL=(ALL:ALL) ALL

  • This is needed during the robot installation for robot service configuration, and robot service start/stop is done with ROOT privileges.

  • After you complete these steps, log in to the DX UIM server machine as a non-admin/non-root user, and run the installer as an Administrator.


This seems to be a permissions problem-> "Sorry, user user1 is not allowed to execute '/bin/ls' as root on hostname."

This article with similar error occured on Ubuntu but its worth reviewing.

https://askubuntu.com/questions/950658/sorry-user-user1-is-not-allowed-to-execute-bin-ls-as-root-on-hostname 

due to a problem in the file /etc/sudoers.d/user1

They had set user1 to execute only sudo bash command and forgotten about it.

Use the sudo -l command.

user1   ALL=NOPASSWD: !ALL, /bin/bash

Usually it is a problem with your additions to /etc/sudoers or /etc/sudoers.d If you use a command outside of files in secure_path you need to add the path (for example, /my/special/path/bin

 

 

Additional Information