Configuring Ambari agents for non-root access to IBM Big SQL

If Ambari agents are configured to run as a non-root user, you must configure the agents to operate without direct root access to Big SQL.

Before you begin

Ensure that you installed Hortonworks Data Platform (HDP) and you configured the Ambari server and all agent nodes as part of an Ambari non-root installation. For more information, see Configuring Hortonworks for Non-Root - Hortonworks Data Platform.

To perform specific Big SQL related commands, the non-root user (ambari in this example) requires new privileged commands which need to be added in /etc/sudoers by running the visudo command in all the nodes in the cluster.

About this task

To set up non-root access on all Ambari agents to Big SQL, sudo permissions for the Ambari non-root user must be added to the sudo configuration file /etc/sudoers.

Procedure

On each Ambari agent host, edit the sudo configuration file, /etc/sudoers to add new sudo permissions for the Ambari non-root user by running the visudo command:

# HDP Big SQL Commands
ambari ALL=(ALL) NOPASSWD:SETENV: /usr/hdp/current/*/sbin/*, /usr/hdp/current/*/bin/*, /usr/hdp/*


# Ambari Big SQL Commands
ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/updatedb  *, /usr/bin/sh *, /usr/bin/scp *, /usr/bin/pkill *, /bin/unlink *,  /usr/bin/mysqld_safe, /usr/bin/mysql_install_db,  /bin/bash, /usr/bin/kinit, /usr/bin/hadoop, /usr/bin/mysqladmin, /usr/sbin/userdel, /usr/sbin/groupdel, /usr/sbin/ambari-server,  /usr/bin/klist

Cmnd_Alias BIGSQL_SERVICE_AGENT = /var/lib/ambari-agent/cache/extensions/IBM-Big_SQL/*/services/BIGSQL/package/scripts/*, /var/lib/ambari-agent/cache/stacks/HDP/*/services/BIGSQL/package/scripts/*
Cmnd_Alias BIGSQL_SERVICE_SERVER =  /var/lib/ambari-server/resources/extensions/IBM-Big_SQL/*/services/BIGSQL/package/scripts/*, /var/lib/ambari-server/resources/stacks/HDP/*/services/BIGSQL/package/scripts/*
Cmnd_Alias BIGSQL_DIST_EXEC =  /usr/ibmpacks/current/bigsql/bigsql/bin/*,  /usr/ibmpacks/current/bigsql/bigsql/libexec/*, /usr/ibmpacks/current/bigsql/bigsql/install/*, /usr/ibmpacks/scripts/*/upgrade/*, /usr/ibmpacks/current/IBM-DSM/ibm-datasrvrmgr/bin/*, /usr/ibmpacks/bin/*
Cmnd_Alias BIGSQL_OS_CALLS =  /bin/su, /usr/bin/getent, /usr/bin/id, /usr/bin/ssh, /bin/echo, /bin/find, /usr/bin/du, /sbin/mkhomedir_helper, /bin/curl
Cmnd_Alias KERBEROS_CALLS = /usr/kerberos/bin, /usr/lib/mit/bin, /usr/lib/mit/sbin


ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/*, /bin/*, /usr/sbin/*, /sbin/*, /etc/init.d/httpd *, /etc/init.d/apache2 *, BIGSQL_SERVICE_AGENT, BIGSQL_SERVICE_SERVER, BIGSQL_DIST_EXEC, BIGSQL_OS_CALLS, KERBEROS_CALLS