start of change

Logging in as a non-root user

The PowerHA® SystemMirror® graphical user interface (GUI) uses encrypted communication to monitor and to manage clusters through a PowerHA SystemMirror GUI agent. The PowerHA SystemMirror GUI agent is configured and started when a cluster is added to the PowerHA SystemMirror GUI.

Before a cluster is added to the PowerHA SystemMirror GUI, PowerHA SystemMirror uses Secure Shell (SSH) for secure remote communication.

The following tasks use SSH and you must have the root authority to perform the following tasks:
  • Add an existing cluster to the PowerHA SystemMirror GUI
  • Create a cluster that is automatically added to the PowerHA SystemMirror GUI
  • Clone a cluster from a snapshot and add the cluster to the PowerHA SystemMirror GUI
A non-root user must be provided root authority to perform these tasks. A root user must use the sudo command to provide root access to a non-root user. The sudo command must be preconfigured to allow the specific commands to be run as root user.
Note: After the PowerHA SystemMirror GUI agent is started, the communication switches from SSH to the PowerHA SystemMirror GUI agent. The PowerHA SystemMirror GUI agent provides the necessary authority to perform the specific tasks.
To use the sudo command, you must install the following RPMs from the AIX® Toolbox for Linux Applications website:
  • cyrus-sasl
  • db
  • gettext
  • libgcc
  • ncurses
  • openldap
  • sudo
  • zlib
A root user must complete the following steps to configure the sudo command to create a user login, and to provide the created user the ability to discover clusters:
  1. Run the visudo command or directly edit the /etc/sudoers file with a text editor.
  2. Add the following text that corresponds to your operating system to the end of the /etc/sudoers file:
    
User_Alias    POWERHA_GUI_USERS = user1,user2,user3,user4
Cmnd_Alias    POWERHA_GUI_CMDS = /usr/bin/clmgr -v query nodes, /usr/bin/clmgr query cluster, \
                                 /usr/bin/clmgr list hosts TYPE=$TYPE, \
                                 /usr/bin/clmgr -g SMUI list physical_volume NODES=$NODES, \
                                 /usr/bin/clmgr query cluster, \
                                 /usr/bin/clmgr -T $ACTIVITY_ID add cluster $NAME NODES=$NODES, \
                                 /usr/bin/clmgr -T $ACTIVITY_ID manage snapshot restore *, \
                                 /bin/mkdir -p /usr/es/sbin/cluster/ui/security, \
                                 /bin/tar -xf /tmp/smui-security.tar,  \
                                 /bin/ksh93 ./deployment.sh,/bin/ksh93 ./distribute.sh, \
                                 /bin/rm -f ./deployment.sh ./distribute.sh ./configuration-agent.json ./smui-security.tar
POWERHA_GUI_USERS ALL= NOPASSWD:SETENV: POWERHA_GUI_CMDS
  3. Create a user login and password.
  4. Add the login ID of the user to the /etc/sudoers configuration file that was represented as the user user1 in step 2.
end of change