Setup Login Node to allow non-root users to run xCAT command
This article discusses how to setup login node so that your non-root user can use a Login Node and run xCAT commands from the Login Node.
Author: Todd (Jiangtao) Sun
By default, only root on the management node can run xCAT commands. But xCAT can be configured to allow both non-root users and remote users to run xCAT commands. The steps below will explain how(user input is highlighted in bold).
Note: This article assumes the non-root and root userids are maintained in /etc/passwd. All steps verified on RedHat Linux 6.
1. Create SSL certification so that user can be authenticated to xCAT
Login as root on Management Node, running the following command:
By running this command you will see SSL certificates created. Enter "yes" where prompted and take the defaults. This will create the following files in the $HOME/.xcat directory of your userid:
This will let xCAT to recognize this userid, so that it can be specified in the policy table in the next step.
2. Change the policy table to allow the user to run commands
To give a user all xCAT command privileges, run "tabedit policy", and add a line:
Where <username> is the name of the user that you are granting privileges to. This user can now perform all xCAT commands, including changing the policy table to do things like allow them to become other users, so this should be userd with caution.
3. Setup Login Node (remote client)
To setup a Linux Login Node, first install the following rpms:
The dependencies rpms:
3.1 Download xCAT and dependence packages.
xCAT core: http://sourceforge.net/projects/xcat/files/xcat/2.8.x_Linux/xcat-core-2.8.3.tar.bz2/download
xCAT dependence: http://sourceforge.net/projects/xcat/files/xcat-dep/2.x_Linux/xcat-dep-201312061624.tar.bz2/download
3.2 Copy xCAT core and dependence to Login Node and untar them
#tar jxvf xcat-core-2.8.3.tar.bz2
#tar jxvf xcat-dep-201312061624.tar.bz2
3.3 Setup YUM repositories for xCAT and Dependencies
# cd xcat-dep/rh6/x86_64/
3.4 Check Yum repositories
repo id repo name status
rhel6.4 Red Hat Enterprise Linux 6.4 3,648
xcat-2-core xCAT 2 Core packages 16
xcat-dep xCAT 2 depedencies 28
3.5 Install xCAT packages
#yum clean metadat
#yum install perl-xCAT-* xCAT-client-* -y
3.6 Export XCATHOST environment variable
When running on the Login Node, the environment variable XCATHOST must be export to the name or address of the Management Node and the port to connections(usually 3001).
On Login Node, switch to non-root user
$export XCATHOST=<management node>:3001
The userids and groupids of the non-root users should be kept the same on the Login Node, the Management Node, Service Nodes and compute nodes.
As in the Step 1, setup the credentials on the Management node by running the /opt/xcat/share/xcat/scripts/setup-local-client.sh <username> command as root. The credentials are placed in $HOME/.xcat directory. These file must be copied to the $HOME/.xcat directory of the username on the Login Node.
At this time, the id must be able to execute any commands that have been set in the policy table from the Login Node as their userid.