Configure sudo user
In an environment that demands high security measures in
place, the systems admin can create
sudo user in PowerVC 2.1.0. A
sudo user has roles
and privileges similar to a
root user but with a limited scope for PowerVC operations.
Creating a sudo user
The system admin can create a user on all PowerVC controller nodes. Later, add user to
wheel group (assigning the user as sudo user).
passwordlesssudo access such that PowerVC OpsMgr can run commands as
pvc_internal group: pvcservicesbut limiting the commands as mentioned.
- /bin/sh -c echo BECOME-SUCCESS-[a-z]* ;*/usr/libexec/platform-python*
- /bin/sh -c echo BECOME-SUCCESS-[a-z]* ;*/usr/bin/python*
- /usr/bin/rsync *
<sudo_user_username>\tALL=(root, %pvcservices, pvc_internal)\tNOPASSWD: /bin/sh -c echo BECOME-SUCCESS-[a-z]* ;*/usr/libexec/platform-python*, /bin/sh -c echo BECOME-SUCCESS-[a-z]* ;*/usr/bin/python*, /usr/bin/rsync *
sudouser must have same password on all nodes.
- Provide sudo user login details during inventory creation.
- If installation is performed as a sudo user, login will work with only sudo
sudo powervc-services status or sudo powervc-validate --startOutput
[user1@vm-1376 ~]$ sudo powervc-cloud-config policy-list [sudo] password for user1: Enter password for root: No cloud policy set by admin for project: ibm-default DEFAULT POLICY SET: project_id: 51eb7853a18a457b9cdd8636686adb75, project_name: ibm-default, policy_type: default_expiration_days, value: 30