How to configure JON to manage many servers where each server belongs to a different operating system user and group

Solution Verified - Updated -

Issue

  • RHQ Agent Deployment structure
  • Agent will not be able to deploy files to JBoss profiles as it is currently running under its own account and would not have permission to deploy to the profiles.
  • Can we change the process for deployment to the account which manages the profile so it can automatically change to the one required?
  • Need the agent to switch to user running managed resource when performing operations or deployments
  • Bundles deployed on resource types such as JBoss AS should be deployed using the target server resource's principal, not the agent user.
  • We need to prevent someone deploying to one server cannot tamper with the other servers.
  • There should be some propagation of the user/resource groups authorizations down to the agent so that any action triggered by that user is limited by these authorizations.
  • Even if the agent is running with a root account, actions performed on a resource should be executed as the user who is running the resource and not as the agent user.

Environment

  • Red Hat JBoss Operations Network (ON) 3.1, 3.2, 3.3
  • JBoss ON agent running as a different operating system user then the resources it manages
  • Deployment of provisioning bundles or other managed content to a managed resource
  • Execution of resource operations that invoke operating system or file system commands such as executing start or stop scripts

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content