Monitoring IBM Storage Scale without requiring root privileges

You can enable a non-root user on a IBM Storage Scale™ cluster node to monitor IBM Storage Scale storage systems.

Before you add the IBM Storage Scale storage system for monitoring, complete this task.

To grant access to the user, make the following changes to the sudoers file on the cluster node that is used for authentication:

Add the set of administration commands that are required to monitor the storage system.
Associate the user with the set of administration commands.

Important:

You must configure IBM Storage Scale cluster nodes for SSH login without requiring a password.
You can't monitor IBM Storage Scale clusters that are configured with a sudo wrapper environment. This configuration is not supported because mmdsh* commands are required to collect configuration information from the IBM Storage Scale cluster.

Log on to the cluster node that is used for authentication with a user name that has root privileges.
To edit the sudoers file, enter the following command:
```
visudo -f /etc/sudoers
```

Add the following command aliases to the sudoers file.

The command aliases contain the commands that the user must be able to issue to monitor the storage system.

Important: Each command alias must be on a single line without line breaks.

Cmnd_Alias TPC_GPFS_MMCMD = /usr/lpp/mmfs/bin/mmsdrquery, /usr/lpp/mmfs/bin/mmlsconfig, 
    /usr/lpp/mmfs/bin/mmgetstate, /usr/lpp/mmfs/bin/mmlsnodeclass, /usr/lpp/mmfs/bin/mmlsfs, 
    /usr/lpp/mmfs/bin/mmdf, /usr/lpp/mmfs/bin/mmlsnsd, /usr/lpp/mmfs/bin/mmlsfileset, 
    /usr/lpp/mmfs/bin/mmcloudgateway, /usr/lpp/mmfs/bin/mmlsmount, /usr/lpp/mmfs/bin/mmlssnapshot, 
    /usr/lpp/mmfs/bin/mmrepquota, /usr/lpp/mmfs/bin/mmlspolicy, /usr/lpp/mmfs/bin/mmapplypolicy

Cmnd_Alias TPC_GPFS_MMDSH = /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmdiag --version,
    /usr/lpp/mmfs/bin/mmdsh -N * /lib/udev/scsi_id --whitelisted *,
    /usr/lpp/mmfs/bin/mmdsh -N * /sbin/blockdev --getsize64 *,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/bin/getconf DISK_SIZE *, 
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -N linuxNodes 'cat /sys/class/fc_host/*',
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces node list,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces service list -a,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces address list|grep object_database_node,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces address list
    --by-node|grep object_database_node,
    /usr/lpp/mmfs/bin/mmdsh -v -N cesNodes /usr/lpp/mmfs/bin/mmobj config list 
    --ccrfile object-server.conf --section DEFAULT --property devices,
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N * "test -e /opt/IBM/zimon/ZIMonSensors.cfg && 
    (grep -w collectors -A 4 /opt/IBM/zimon/ZIMonSensors.cfg | grep -w host) || true",
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N nonWindowsNodes hostname

Cmnd_Alias TPC_GPFS_MMDSH2 = /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N localhost  test -e /opt/IBM/zimon/ZIMonSensors.cfg && (grep\
\ -w 'collectors' -A 4 /opt/IBM/zimon/ZIMonSensors.cfg\ \ | grep -w 'host') || true

Cmnd_Alias TPC_GPFS_MMDSH3 = /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N linuxNodes  test -e /opt/IBM/zimon/ZIMonSensors.cfg && (grep\
\ -w 'collectors' -A 4 /opt/IBM/zimon/ZIMonSensors.cfg\ \ | grep -w 'host') || true

Cmnd_Alias TPC_GPFS_OTHER = /bin/cat *release,/usr/bin/lsb_release -a, /bin/date, /usr/bin/date, /bin/grep,
/bin/true, /usr/bin/test

Cmnd_Alias TPC_GPFS_CMDS = TPC_GPFS_MMCMD, TPC_GPFS_MMDSH, TPC_GPFS_OTHER, TPC_GPFS_MMDSH2, TPC_GPFS_MMDSH3

To enable the user to issue the commands, add the following lines after the command aliases:
```
Defaults:user_name !requiretty
```
```
user_name ALL=(ALL) TPC_GPFS_CMDS
```
where user_name is the user name that you enter when you add the storage system for monitoring.

The user that you added to the sudoers file can now monitor the IBM Storage Scale storage system.