How to configure JON to manage many servers where each server belongs to a different operating system user and group

Solution Verified - Updated -

Issue

  • RHQ Agent Deployment structure
  • Agent will not be able to deploy files to JBoss profiles as it is currently running under its own account and would not have permission to deploy to the profiles.
  • Can we change the process for deployment to the account which manages the profile so it can automatically change to the one required?
  • Need the agent to switch to user running managed resource when performing operations or deployments
  • Bundles deployed on resource types such as JBoss AS should be deployed using the target server resource's principal, not the agent user.
  • We need to prevent someone deploying to one server cannot tamper with the other servers.
  • There should be some propagation of the user/resource groups authorizations down to the agent so that any action triggered by that user is limited by these authorizations.
  • Even if the agent is running with a root account, actions performed on a resource should be executed as the user who is running the resource and not as the agent user.

Environment

  • Red Hat JBoss Operations Network (ON) 3.1, 3.2, 3.3
  • JBoss ON agent running as a different operating system user then the resources it manages
  • Deployment of provisioning bundles or other managed content to a managed resource
  • Execution of resource operations that invoke operating system or file system commands such as executing start or stop scripts

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In