bcm1
Contributor
Contributor

Agent Hq username

Hi,
I tried to find that in the documentation but could not find the answer.

When an agent is "registering " itself to the server and sending the inventory and then metrics, It uses a username. By default hqadmin.
The documentation says :
Supply the username of an HQ user with sufficient permissions to create resources in HQ. The HQ administrator has such permissions

Of course, I don't want the Hqadmin password written somewhere in the agent, for security reasons.
So I created a hqagent user and then created a role Agent. But I have tried multiple configuration and couldn't find the correct set of permission for this user and the newly installed agent would just not work.

Any link / pointer / answer on how to do this ?

Thanks
Ben
0 Kudos
4 Replies
pbruna_hyperic
Contributor
Contributor

I also want to know how to do this.
0 Kudos
laullon
VMware Employee
VMware Employee

The hqadmin password is used only during agent setup, after this, the agent don't need the password to access to the server.

Message was edited by: laullon
bcm1
Contributor
Contributor

Thanks that help a little bit for the first set up.
Go with the default password let the agent register and then change the hqadmin password on the server.

All right, but how should I do for the next agent ?
give away the admin password to the guy that is going to install the agent.

No no, the risk is to big. And again I don't want the agent to talk to the server as admin. I just want them to send their inventory. and I the hqadmin will accept them or not.

I would really doubt that only the admin user can register an agent.

So here is my question again: what are the permission / role / user required to allow an agent to register ?

Thanks
Ben
0 Kudos
MarieMcGarry
Enthusiast
Enthusiast

Hey Ben,

I did a little research on your question, and this is what I learned (and will document accordingly):

A login from the HQ Agent to the HQ Server is only required during the initial configuration of the HQ Agent. The permissions required on the HQ Server for this initialization are Create for Platforms. One need not even give View permissions to the login used.

Please let me know if you have any more questions.
0 Kudos