| To: | nv-l@lists.us.ibm.com |
|---|---|
| Subject: | Re: [nv-l] : Adding nvmaputil.sh, seed editor, /etc/hosts to web menu and GUI menu |
| From: | Leslie Clark <lclark@us.ibm.com> |
| Date: | Wed, 29 Jun 2005 17:38:02 -0400 |
| Delivery-date: | Wed, 29 Jun 2005 22:39:06 +0100 |
| Envelope-to: | nv-l-archive@lists.skills-1st.co.uk |
| In-reply-to: | <OFFDAEF0F4.C1F80099-ON8625702F.006D45DD-8625702F.006E532D@AMSOUTH.COM> |
| Reply-to: | nv-l@lists.us.ibm.com |
| Sender: | owner-nv-l@lists.us.ibm.com |
|
My current customer does almost everyting through the framework to avoid using root. We made a Tivoli Tasklib with all sorts of front-ends to Tivoli commands. Their logins are associated with a Tivoli Administrator that executes as root. To start the gui from the Tivoli desktop, though, since it is not associated with a policy region, requires a global senior role. This is probably not the way to appease the security folks. Instead, we gave them sudo to run /usr/OV/bin/netview as root. Then they only need a global role of user or admin. Also sudo for serversetup. So some things you can do through the menus and other things you cannot. For those things, we made tasks and jobs. We chose to keep the code on the Netview server itself, since it is a Managed Node, but if it is just an endpoint, the stuff would all be on the TMR server. For instance, a task to run 'netmon -y' : nvadmin_netmon_reload_seedfile.sh : a script that issues 'netmon -y' , real simple; you could log if you wanted. del_nvadmin_NetviewCommands.sh: a script to delete the tasks and jobs in the NetviewCommands tasklib make_nvadmin_NetviewCommands.sh: a script to build the tasklib and all of the tasks and jobs Here's what's in make_nvadmin_NetviewCommands.sh: . /etc/Tivoli/setup_env.sh TMR= # Name of this TMR POLREG= # Name of the Policy Region LIB= # Name of the Task Library SUBSCR= # Name of the subscribed Profile Manager NEWGRP= # grup to run as RUNAS="-u \$root_user -g $NEWGRP" # user and group to run this as ROLE=admin # Role of user # wcrttlib $LIB $POLREG # Create the Task Library if it does not exist ######################## # TASKS .... wcrttask -t nvadmin_netmon_reload_seedfile -l $LIB -r $ROLE -i $INTERP $NVSERVER $LSDIR/nvadmin_netmon_reload_seedfile.sh $RUNAS ...... # ######################## # JOBS ...... wcrtjob -j nvadmin_netmon_reload_seedfile_job -t nvadmin_netmon_reload_seedfile -l $LIB -p $SUBSCR -o 17 -M serial -m 300 ... exit 0 ------------------------------------------------------------------------------------------------------------------------------------------ And here's what's in del_nvadmin_NetviewCommands.sh: TMR=`wtmrname | cut -f1 -d\-` # Name of this TMR LIB=nvadmin_NetviewCommands_$TMR # Name of the Task Library ######## # JOBS ######## .... wdeljob nvadmin_netmon_reload_seedfile_job $LIB .... ######## # TASKS ######## ... wdeltask nvadmin_netmon_reload_seedfile $LIB .... exit 0 ------------------------------------------------------------------------------------- And of course there is a sched_nvadmin_NetviewCommands.sh for any that need to be scheduled jobs (they won't let us mess with cron), and a rebuild_nvadmin_NetviewCommands.sh to run all three. And.... for those who are too lazy to launch the Tivoli desktop, you can just run these things from the commandline. I make little scripts to launch them like this: runetchosts.sh: #!/bin/ksh set -x wruntask -t nvadmin_etchosts_push -l <tasklibname> -h <nvhostname> -o 15 What other kinds of things do we do via tasks and jobs? Turn netmon tracing off and on, kill things, run /etc/netnmrc, run ovtopofix, etc, ovstop/ovstart, update netmon.lrf, run cleandb.sh, remove the .bak files after running nvTurboDatabase, stuff like that. For updating /etc/hosts, we update a copy in our local config directory and use the task to keep backups and put it into production. They could use whatever they wanted to edit the file. Cordially, Leslie A. Clark IBM Global Services - Systems Mgmt & Networking (248) 552-4968 Voicemail, Fax, Pager
I am trying to appease the powers to be and come up with a way to handle the day to day tasks of managing NetView without being the root user. I am using Framework so I plan on allowing users to start the Native GUI via the Framework. This actually handles everything except editing the /etc/hosts file, no DNS. Has anyone added a menu item that uses dtpad or something like that to edit /etc/hosts? The folks that would be using this are not "vi" literate. I also need to add the fuctionality of editing the netmon.seed (and refreshing netmon) and /etc/hosts file to the Web Console. One last thing, has anyone added the functionality of nvmaputil.sh to the Web Console to allow operators to delete objects? Scary thought for some but I hope to control this through the scopes. NV 7.1.4 fp02 on AIX 4.3.3 I am going through the Programmer's Guide and other docs/samples right now. Just thought I would check out there before I reinvented the wheel. Thanks, Don --- Don Turrentine BH-0302 AmSouth Bank P.O. Box 11007 Birmingham, AL 35288 (205) 261-6351 |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [nv-l] SNMP v2c/v3 Support, James Shanks |
|---|---|
| Next by Date: | Re: [nv-l] : Adding nvmaputil.sh, seed editor, /etc/hosts to web menu and GUI menu, Leslie Clark |
| Previous by Thread: | Re: [nv-l] : Adding nvmaputil.sh, seed editor, /etc/hosts to web menu and GUI menu, Francois Le Hir |
| Next by Thread: | Re: [nv-l] : Adding nvmaputil.sh, seed editor, /etc/hosts to web menu and GUI menu, Leslie Clark |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web