If this is Solaris, just copy the files from the jumpstart server to /a/usr/lib/rsc, or echo the values you want into them, in the Finish script
If it is Windows, just write a WMI script that will connect from the provisioning server to the target and writeline to the files to put in the entries you want. Or just have it map a network drive on the target to the provisioning server directory where the files are located. Then just do a file copy to put the users and users.local file on the target server. The script would take three arguments, . Just store those in your datacenter property instance. You would just have this be your first job in your post provisioning batch job.
btw - you almost never need to restart the agent. ACLs will get pickedup w/o restart.
you should echo something like:
into exports in the post-install script - remember that w/ provisioning you might not be prov as the BLAdmins:BLAdmin user.
remeber if you push ACLs you'll get the 'nouser' entry in users which will lock out anyone not in users or users.local.
what i've done in the past was to assume that the provision user/role would have permissions on the box in the CM, so if ACLs were pushed they'd still have access.
if that's true, i'd push ACLs, then push your exports and users.local files. and it should all be good.
AH, thats probably what i did, this is a windows box, and I pushed ACLs first, and then tried to do the file deploy job for exports and users.local. I got the contents of the file all correct so thats no problem.
I will try doing the file deploy job first, then push ACLs
yeah - just make sure you don't lock yourself out when you push acls...
I tried to deploy the exports and users file prior to pushing ACLs and still i get this error
cp: Unable to create file /C/WINDOWS/rsc/exports: Permission denied
- Currently the users file on the target host is: -
there is no "nouser" in users file
this should have worked right?
no, because there is nothing in your original exports file that gives you access.
in your system package, in the post-install script you need to put the line:
echo * rw,user=<whatever> >> c:\windows\rsc\exports
(you can replace * w/ the appserver, and probably parameterize the path)
Ah yes ur right.
I was trying other ways like putting the exports and users.local in the datastore and then doing a copy to the /rsc directory in the last step of the system package.
what causes the nouser line to be put in the users file when you push ACLs to the agents?
the PUSH_ACL_NO_USERS_FLAG property on the server.
Thanks so much.
Next Question, is it advisable to turn this off?
no, you should always push the nousers line. if your exports file is not locked down it may allow non-authenticated users to connect.
Problem is, if I have the nouser line in place, and the exports file set up as
I can't run agentinfo -u -c agent_host command from the bladelogic app server command line, or from the GUI without receiving the "Can't access host : No authorization to access host
you need to have bladelogic credentials established. you can do this by using the 'nsh here' custom command, or you can use NSH w/ the NSH Proxy.