So I've done some searching on Thwack and I haven't found any good documentation around using sudo (non-root) access for Linux. I figured that I would write up a 'how to' to configure a SAM template to use sudo with a service account.
I'm going to use the SWI SAM application template called 'Linux Disk Monitoring Perl' for this document and I'll be testing the script against a CentOS 6 host.
Before we edit anything in SAM we’ll need to ensure that the linux account has sudo access and set for NOPASSWD. For the sake of this article and security i'll simply point out that you can specify specific commands for a user with sudo access instead of giving them ALL access. Here is a screenshot of part of the sudoers file with my service account called everychad. I added the following line below the root entry:
everychad ALL=(ALL) NOPASSWD:ALL
Image may be NSFW.
Clik here to view.
(Make sure that when you edit the /etc/sudoers file that you simply run visudo (if root) or sudo visudo (if non-root). visudo does validation checking on the sudoers file to ensure the syntax is correct before committing the changes.)
Now on to Solarwind's SAM install...
When I assign the template to my host I have some checks that succeed and some that fail.
Image may be NSFW.
Clik here to view.
At this point we need to edit the SAM template. You can either edit the entire template, which is what I’m going to do, or just override the template for the specific host.
- In the ‘Credential for Monitoring:’ drop the list down and add/select a non-root account.
- In the ‘Command Line:’ add ‘sudo’ at the beginning.
Image may be NSFW.
Clik here to view.
Once those are in place click the 'Edit Script' button and test it on a node. This will tell you if there is an error and if it’s related to permissions, missing packages, etc. Once you fix those errors you’ll see the correct respective Output Results.
Image may be NSFW.
Clik here to view.
I hope this write-up is helpful to others.
