How to configure JON to manage many servers where each server belongs to a different operating system user and group
Issue
- RHQ Agent Deployment structure
- Agent will not be able to deploy files to JBoss profiles as it is currently running under its own account and would not have permission to deploy to the profiles.
- Can we change the process for deployment to the account which manages the profile so it can automatically change to the one required?
- Need the agent to switch to user running managed resource when performing operations or deployments
- Bundles deployed on resource types such as JBoss AS should be deployed using the target server resource's principal, not the agent user.
- We need to prevent someone deploying to one server cannot tamper with the other servers.
- There should be some propagation of the user/resource groups authorizations down to the agent so that any action triggered by that user is limited by these authorizations.
- Even if the agent is running with a
root
account, actions performed on a resource should be executed as the user who is running the resource and not as the agent user.
Environment
- Red Hat JBoss Operations Network (ON) 3.1, 3.2, 3.3
- JBoss ON agent running as a different operating system user then the resources it manages
- Deployment of provisioning bundles or other managed content to a managed resource
- Execution of resource operations that invoke operating system or file system commands such as executing start or stop scripts
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.