VMware Cloud Community
hypermike
Contributor
Contributor
‎06-24-2009 01:05 PM

How can I avoid putting username passwd in agent.properties file and remote

How can I avoid putting username passwd in agent.properties file and remotely upgrade agents.

I have a script that runs out to the various Hyperic agents I want to upgrade . The problem is my boss doesnt want the username and password in the properties files.. How can I get around this .
Running 4.1.1 open source HYPERIC. He doesnt want to have a file with a password in it at all.
Is there any interactive way to provide this information when starting the new agent.???


The scripts get downloaded to the specific machine and execute there .
Reply
0 Kudos
10 Replies
mcmesser
Hot Shot
Hot Shot
‎06-24-2009 11:16 PM

You can't get around the need to supply the agent with an initial password for the user the agent will use to authenticate to HQ. But there is a best practice that can help:

1) Create a user with only "Create Platform" permission to use with agents. This makes the user useless for any purpose other than with the Agent, therefore the password loses all value.

2) After initially setting up the agent, munge the password in agent.properties. It is no longer needed after first setup; from that point tokens are used between agent and server, not the password.
Reply
hypermike
Contributor
Contributor
‎06-25-2009 12:51 PM

Can I create a user as you say with only Create Platform" permission to use with agents with the open source HYPERIC ..??? Dont I need the Enterprise version to do tis OR can I do this with the
HQapi command line stuff ???
Reply
0 Kudos
hypermike
Contributor
Contributor
‎06-26-2009 04:25 PM

How do I do #1 below with OPEN source Hyperic 4.1.1 .. I do have HQ api installed with the command line stufff. Can I use that.???
Reply
0 Kudos
Boris59
Enthusiast
Enthusiast
‎06-27-2009 01:11 AM

> Can I create a user as you say with only Create Platform" permission
> to use with agents with the open source HYPERIC ..???

Nope, User roles are an Enterprise-only feature. Would like to have them
as well 🙂

Cheers, Bjoern

Reply
hypermike
Contributor
Contributor
‎06-30-2009 01:37 PM

Thanks I was hoping I could .. Have to look in another direction !!!
Reply
0 Kudos
bclark_hyperic
Enthusiast
Enthusiast
‎07-02-2009 12:22 PM

The username and password only need to be in the properties file when the agent is registered (ie. run for the first time). You could put the information in the file, launch the agent so that it registers with the HQ server, and then remove the username and password from the file.

Brian
Reply
0 Kudos
hypermike
Contributor
Contributor
‎07-02-2009 05:09 PM

I have 70 + systems to go to and edit the properties file, but my boss doesnt want any passwd in any file.. Hw wants me to supply that interactively some how.. and thats what Im trying to do .. I feel like you just put it in the file and delete it afterwards ,but I have been told NOT to do it that way.
I have tried to use ssh and run a script that echo or appends the userid and passwd but Im having issues with permissions updating the file. The hyperic user is the only one that cand read and write
to it.. and I did a chmod on the properties file to allow me to change it for me to write to but Im still having permission problems beacuse the Hyperic directories are under /opt/ and the opt directory is owned by root. Have to figure out whats going on .. A skeleton agent properties file without userid and passwd are on each machine .. When I try and echo thevalues for the 2 lines foe userid and passwd to the skeleton file I get permission denied.. Dont know why even though the file say rw by other .. I want to update thisproperties file and upgrade in the same script ,but cant get pass the permisiion denied.

Even though I have a previous version of the agent registered, when you upgrade I believe you have to reregister.

Message was edited by: hypermike
Reply
0 Kudos
admin
Immortal
Immortal
‎07-03-2009 05:32 PM

Take a look at the 'expect' program. You can customize it to login to
remote systems, run software, answer questions, etc. in a controlled
manner.

-- Jon


On Jul 2, 2009, at 5:09 PM, mike monczynski wrote:

> I have 70 + systems to go to and edit the properties file, but my
> boss doesnt want any passwd in any file.. Hw wants me to supply that
> interactively some how.. and thats what Im trying to do .. I feel
> like you just put it in the file and delete it afterwards ,but I
> have been told NOT to do it that way.
> I have tried to use ssh and run a script that echo or appends the
> userid and passwd but Im having issues with permissions updating the
> file. The hyperic user is the only one that cand read and write
> to it.. and I did a chmod on the properties file to allow me to
> change it for me to write to but Im still having permission problems
> beacuse the Hyperic directories are under /opt/ and the opt
> directory is owned by root. Have to figure out whats going on .. A
> skeleton agent properties file without userid and passwd are on each
> machine .. When I try and echo thevalues for the 2 lines foe userid
> and passwd to the skeleton file I get permission denied.. Dont know
> why even though the file say rw by other .. I want to update
> thisproperties file and upgrade in the same script ,but cant get
> pass the permisiion denied.


Reply
0 Kudos
hypermike
Contributor
Contributor
‎07-21-2009 02:00 PM

thanks will look into that ..
Reply
0 Kudos
hypermike
Contributor
Contributor
‎08-24-2009 02:39 PM

Using expect requires me to know a progamming languafe ?? or pearl .. I cant remember now. ,but thats more work than I wanted to get into thanks..
Reply
0 Kudos