Using the PowerHA SystemMirror GUI with non-root users
The PowerHA SystemMirror graphical user interface (GUI) uses encrypted communication to monitor and to manage clusters through a PowerHA SystemMirror GUI agent. The PowerHA SystemMirror GUI agent is configured and started when a cluster is added to the PowerHA SystemMirror GUI.
Before a cluster is added to the PowerHA SystemMirror GUI, PowerHA SystemMirror uses Secure Shell (SSH) for secure remote communication.
The following tasks use SSH and you must have the
root
authority to perform the following tasks:- Add an existing cluster to the PowerHA SystemMirror GUI. This feature is available in PowerHA SystemMirror Version 7.2.3, or later.
- Create a cluster that is automatically added to the PowerHA SystemMirror GUI. This feature is available in PowerHA SystemMirror Version 7.2.4, or later.
- Clone a cluster from a snapshot and add the cluster to the PowerHA SystemMirror GUI. This feature is available in PowerHA SystemMirror Version 7.2.4, or later.
A non-root user must be provided
root authority to perform
these tasks. A root user must use the sudo command to provide
root access to a non-root user. The sudo command must be preconfigured to allow
the specific commands to be run as root user.Note: After the PowerHA SystemMirror GUI agent is started, the
communication switches from SSH to the PowerHA SystemMirror GUI agent. The PowerHA SystemMirror GUI agent provides the necessary
authority to perform the specific tasks.
To use the sudo command, you must install the following RPMs from the AIX® Toolbox for Linux® Applications website:
- cyrus-sasl
- db
- gettext
- libgcc
- ncurses
- openldap
- sudo
- zlib
A root user must complete the following steps to configure the sudo command to
create a user login, and to provide the created user the ability to discover clusters:
- Run the visudo command or directly edit the /etc/sudoers file with a text editor.
- If you are using PowerHA
SystemMirror Version 7.2.4 for AIX, or earlier, add the following text that corresponds to your
operating system to the end of the /etc/sudoers
file:
User_Alias POWERHA_GUI_USERS = user1,user2,user3,user4 Cmnd_Alias POWERHA_GUI_CMDS = /usr/es/sbin/cluster/utilities/clmgr -v query nodes, \ /usr/es/sbin/cluster/utilities/clmgr list hosts TYPE=$TYPE, \ /usr/es/sbin/cluster/utilities/clmgr -g SMUI list physical_volume NODES=$NODES, \ /usr/es/sbin/cluster/utilities/clmgr query cluster, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add cluster $NAME NODES=$NODES TYPE=$TYPE REPOSITORIES=$DISKS, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add cluster $NAME NODES=$NODES TYPE=$TYPE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add site $NAME NODES=$NODES, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add repository $DISK SITE=$SITE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add repository $DISK NODE=$NODE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID manage snapshot $SNAPSHOT_NAME restore NODES=$NODES REPOSITORIES=$DISKS CLUSTER_NAME=$NAME CONFIGURE=$CONFIGURE FORCE=$FORCE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID modify node $NODE name=$NAME, \ /bin/mkdir -p /usr/es/sbin/cluster/ui/security, \ /bin/tar -xf /tmp/smui-security.tar, \ /bin/ksh93 ./deployment.sh,/bin/ksh93 ./distribute.sh, \ /bin/rm -f ./deployment.sh ./distribute.sh ./configuration-agent.json ./smui-security.tar POWERHA_GUI_USERS ALL= NOPASSWD:SETENV: POWERHA_GUI_CMDS - If you are using PowerHA
SystemMirror Version 7.2.5 for AIX, or earlier, add the following text that corresponds to your
operating system to the end of the /etc/sudoers
file:
User_Alias POWERHA_GUI_USERS = User1, User2, User3 Cmnd_Alias POWERHA_GUI_CMDS = /usr/es/sbin/cluster/utilities/clmgr -v query nodes, \ /usr/es/sbin/cluster/utilities/clmgr list hosts TYPE=$TYPE, \ /usr/es/sbin/cluster/utilities/clmgr -g SMUI list physical_volume NODES=$NODES, \ /usr/es/sbin/cluster/utilities/clmgr query cluster, \ /usr/es/sbin/cluster/utilities/clmgr -v query physical_volume NODES=$NODES TYPE=all, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add cluster $NAME NODES=$NODES TYPE=$TYPE REPOSITORIES=$DISKS, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add cluster $NAME NODES=$NODES TYPE=$TYPE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add site $NAME NODES=$NODES, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add repository $DISK SITE=$SITE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID add repository $DISK NODE=$NODE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID manage snapshot restore $SNAPSHOT_NAME NODES=$NODES REPOSITORIES=$DISKS CLUSTER_NAME=$NAME CONFIGURE=$CONFIGURE FORCE=$FORCE, \ /usr/es/sbin/cluster/utilities/clmgr -T $ACTIVITY_ID modify node $NODE name=$NAME, \ /bin/mkdir -p /usr/es/sbin/cluster/ui/security, \ /usr/es/sbin/cluster/utilities/clmgr -v query interface ATTR=public, \ /bin/tar -xf /tmp/smui-security.tar, /bin/ls, /usr/bin/uname, \ /bin/ksh93 ./deployment.sh,/bin/ksh93 ./distribute.sh, \ /usr/es/sbin/cluster/glvm/utils/cl_glvm_configuration -p $vgName -n $remoteNodes, \ /bin/rm -f ./deployment.sh ./distribute.sh ./configuration-agent.json ./smui-security.tar ./server-auth.key ./create_user_and_group.sh POWERHA_GUI_USERS ALL= NOPASSWD:SETENV: POWERHA_GUI_CMDS - Create a user login and password.
- Add the login ID of the user to the /etc/sudoers configuration file that
was represented as the user
user1in step 2.