Monitoring IBM Spectrum® Scale with non-root user privileges

You can enable a non-root user on a IBM Storage Scale cluster node to monitor IBM Storage Scale storage systems.

Before you add the IBM Storage Scale storage system for monitoring, configure the following properties in the scale cluster.

To grant access to the user, make the following changes to the sudoers file on the cluster node that is used for authentication:

Add the set of administration commands that are required to monitor the storage system.
Associate the user with the set of administration commands.

Important:

Configure IBM Storage Scale cluster nodes for SSH login without requiring a password.
You can't monitor IBM Storage Scale clusters that are configured with a sudo wrapper environment. This configuration is not supported because mmdsh* commands are required to collect configuration information from the IBM Storage Scale cluster.

There are two ways to configure access for non-root user:

Configuring non-root user with access to limited commands
Configuring non-root user with access to all commands

Configuring non-root user with access to limited commands

Create a user.

adduser <user_name>
passwd <user_name>
usermod -aG wheel <user_name>

To edit the sudoers file, enter the following command:
```
visudo -f /etc/sudoers
```

Add the following command aliases in /etc/sudoers file for all nodes in the cluster.

Important: Each command alias must be on a single line without line breaks.


Cmnd_Alias TPC_GPFS_MMCMD = /usr/lpp/mmfs/bin/mmsdrquery, /usr/lpp/mmfs/bin/mmlsconfig, 
    /usr/lpp/mmfs/bin/mmgetstate, /usr/lpp/mmfs/bin/mmlsnodeclass, /usr/lpp/mmfs/bin/mmlsfs, 
    /usr/lpp/mmfs/bin/mmdf, /usr/lpp/mmfs/bin/mmlsnsd, /usr/lpp/mmfs/bin/mmlsfileset, 
    /usr/lpp/mmfs/bin/mmcloudgateway, /usr/lpp/mmfs/bin/mmlsmount, /usr/lpp/mmfs/bin/mmlssnapshot, 
    /usr/lpp/mmfs/bin/mmrepquota, /usr/lpp/mmfs/bin/mmlspolicy, /usr/lpp/mmfs/bin/mmapplypolicy

Cmnd_Alias TPC_GPFS_MMDSH = /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmdiag --version,
    /usr/lpp/mmfs/bin/mmdsh -N * /lib/udev/scsi_id --whitelisted *,
    /usr/lpp/mmfs/bin/mmdsh -N * /sbin/blockdev --getsize64 *,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/bin/getconf DISK_SIZE *, 
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -N linuxNodes 'cat /sys/class/fc_host/*',
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces node list,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces service list -a,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces address list|grep object_database_node,
    /usr/lpp/mmfs/bin/mmdsh -N * /usr/lpp/mmfs/bin/mmces address list 
    --by-node|grep object_database_node,
    /usr/lpp/mmfs/bin/mmdsh -v -N cesNodes /usr/lpp/mmfs/bin/mmobj config list 
    --ccrfile object-server.conf --section DEFAULT --property devices,
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N * "test -e /opt/IBM/zimon/ZIMonSensors.cfg && 
    (sudo grep -w collectors -A 4 /opt/IBM/zimon/ZIMonSensors.cfg | grep -w host) || true",    
    /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N nonWindowsNodes hostname

Cmnd_Alias TPC_GPFS_MMDSH2 = /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N localhost test -e /opt/IBM/zimon/ZIMonSensors.cfg && (grep 
-w 'collectors' -A 4 /opt/IBM/zimon/ZIMonSensors.cfg\ \ | grep -w 'host') || true

Cmnd_Alias TPC_GPFS_MMDSH3 = /usr/lpp/mmfs/bin/mmdsh -f 20000 -v -N linuxNodes test -e /opt/IBM/zimon/ZIMonSensors.cfg && (grep 
-w 'collectors' -A 4 /opt/IBM/zimon/ZIMonSensors.cfg\ \ | grep -w 'host') || true

Cmnd_Alias TPC_GPFS_OTHER = /bin/cat *release,/usr/bin/lsb_release -a, /bin/date, /usr/bin/date, /bin/grep,
/bin/true, /usr/bin/test

Cmnd_Alias TPC_GPFS_CMDS = TPC_GPFS_MMCMD, TPC_GPFS_MMDSH, TPC_GPFS_OTHER, TPC_GPFS_MMDSH2, TPC_GPFS_MMDSH3

# Preserve GPFS environment variables:
Defaults env_keep += "MMMODE environmentType GPFS_rshPath GPFS_rcpPath mmScriptTrace GPFSCMDPORTRANGE GPFS_CIM_MSG_FORMAT"

To enable the user to issue the commands, add the following lines after the command aliases:
```
Defaults:<user_name>  !requiretty
<user_name> ALL=(ALL) TPC_GPFS_CMDS
```

Configuring non-root user with access to all commands

Log on to the cluster node that is used for authentication with a user that has root privileges.
To edit the sudoers file, enter the following command in the terminal (or open the file in an editor)
```
visudo -f /etc/sudoers
```
Locate the line: "## Same thing without a password". Enter the following command on the subsequent line:
```
<user_name>    ALL=(root)   NOPASSWD: ALL
```
where <user_name> is the non-root user that is used to add the device to IBM Storage Insights.
Following is an example with the <user_name> as abc
```
## Same thing without a password
# %wheel    ALL=(ALL)     NOPASSWD: ALL
abc         ALL=(root)     NOPASSWD: ALL
```
Save the file.

The user <user_name> that you have added to the sudoers file can now monitor the IBM Storage Scale storage system.