4.4. Using sudo with JBoss ON Operations
sudois for long-running operations, such as starting a service or a process, or for scripts which are owned by a resource user. The user which executes the script should be the same as the resource user because that user already has the proper authorization and permissions.
sudorights to the given command.
- There can be no required interaction from the user, including no password prompts.
- It should be possible for the agent to pass variables to the script.
sudofor resource scripts:
- Grant the JBoss ON agent user
sudorights to the specific script or command. For example, to run a script as the
[root@server ~]# visudo jbosson-agent hostname=(jbossadmin) NOPASSWD: /opt/jboss-eap/jboss-as/bin/*myScript*.shUsing the
NOPASSWDoption runs the command without prompting for a password.
ImportantJBoss ON passes command-line arguments with the start script when it starts an EAP instance. This can be done either by including the full command-line script (including arguments) in the
sudoersentry or by using the
sudo -uuser command in a wrapper script or a script prefix.The second option has a simpler
- Create or edit a wrapper script to use. Instead of invoking the resource's script directly, invoke the wrapper script which uses
sudoto run the script.
NoteFor the EAP start script, it is possible to set a script prefix in the connection settings, instead of creating a separate wrapper script:
/usr/bin/sudo -u jbosson-agentFor example, for a start script wrapper,
#!/bin/sh # start-myScript.sh # Helper script to execute start-myConfig.sh as the user jbosson-agent # sudo -u jbosson-agent /opt/jboss-eap/jboss-as/bin/start-myConfig.sh
- Create the start script, with any arguments or settings to pass with the
run.shscript. For example, for
nohup ./run.sh -c MyConfig -b jonagent-host 2>&1> jboss-MyConfig.out &