If you do not want to use the root user
to start and stop ICFM components, you can use an alternative technique
that uses a combination of the ICFM administrative ID (cfmadmin)
and the Linux sudoers capability. In brief, the generated sudoers
definitions authorize cfmadmin to run commands using
the identities of a various administrative users.
About this task
Files that contain the ICFM sudoers directives are automatically
created and customized at installation time. Installation properties
are applied to sudoers template files and the resultant file is suitable
for copying directly to the /etc/sudoers.d directory.
Using this technique does not require merging the ICFM sudoers directives
directly into the /etc/sudoers file.
Table 1. ICFM sudoers file name
Topology Type
ICFM Sudoers File Name
Single server
ICFM_1_sudoers
Three server
ICFM_3_sudoers
Figure 1 depicts
the creation of the sudoers files. There are two sets of files (one
per topology type), only one of which is generated. This illustration
shows installation properties being applied to sudoers template files
to produce customer and installation-specific start/stop commands.
Since it's presumptuous to modify a customer's security file, the
results are stashed in the install_home/bin directory
of each ICFM server.Figure 1. Creating sudoers files
There is a single option for running the ICFM sudoers-enabled
control scripts.
# As user icfmadmin
# cd /opt/IBM/icfm/2.0/bin
# ./icfm.1.sudo-ctl-all.sh stop | start
cd /opt/IBM/icfm/2.0/bin
./icfm.1.sudo-ctl-all.sh start
Three server topology use
Figure 2 illustrates two options
to running ICFM sudoers-enabled control scripts in a ICFM three-server
topology.
Option 1: Run a script on each server
Log on to each ICFM server (Analytics, Core, Data) as the
cfmadmin
user.
For each server, invoke the server-specific script to start/stop
ICFM components.
Table 2. ICFM server start/stop scripts
ICFM Server
Script Name
Analytics server
ICFM.3.sudo-ctl-analytic-all.sh
Core server
ICFM.3.sudo-ctl-core-all.sh
Data server
ICFM.3.sudo-ctl-data-all.sh
For example:
# As user icfmadmin
# cd /opt/IBM/icfm/2.0/bin
# ./icfm.3.sudo-ctl-core-all.sh stop | start | status
cd /opt/IBM/icfm/2.0/bin
./icfm.3.sudo-ctl-core-all.sh stop
Option 2: Run a common control script from any server
This option avoids having to log into each server independently.
Log into any ICFM server as the cfmadmin user.
Run the ICFM.3.sudo-ctl.sh script.
For each server, invoke the server-specific script to start/stop
the ICFM components.
For example:
# As user icfmadmin, from any ICFM server
# cd /opt/IBM/icfm/2.0/bin
# ./icfm.3.sudo-ctl.sh stop | start | status icfm_server_type
cd /opt/IBM/icfm/2.0/bin
./icfm.3.sudo-ctl.sh start data
Where server_type specifies analytic, core,
or data. This option calls the server-specific control
script on the appropriate server.
Note: The ICFM.3.sudo-ctl.sh script
behaves differently depending on the target server of the start/stop
commands.
Scenario:
A user logs into the Analytics server as cfmadmin.
cfmadmin uses ICFM.3.sudo-ctl.sh to
start the Data server. Since the Data server is remote, ICFM.3.sudo-ctl.sh uses
SSH to run the start commands remotely (on the Data server).
cfmadmin uses ICFM.3.sudo-ctl.sh to
start the Core server. Since the Core server is remote, ICFM.3.sudo-ctl.sh uses
SSH to run the start commands remotely (on the Core server).
cfmadmin uses ICFM.3.sudo-ctl.sh to
start the Analytics server. Since the Analytics server is local, ICFM.3.sudo-ctl.sh runs
the local start/stop script (ICFM.3.sudo-ctl-analytic-all.sh).
