For Linux, perform the following procedure on both Active and Standby machines for non root users:

  1. Select or create a non-root group to be used by Failover Manager for passwordless communication (for example, smartsgrp). Type:

    #groupadd smartsgrp
    
  2. Select or create a non-root account to be used by Failover Manager for passwordless communication (for example, smartsusr ). Type:

    #adduser smartsusr -g smartsgrp
    
  3. Verify that passwordless SSH access is set up for the Failover Manager. To do so, initiate an SSH connection from:

  4. Failover manager to all of the hosts used in failover.conf file

  5. To the failover manager host itself

  6. Between all of the Active and Standby Hosts used in the failover.conf file

    Using the command:

    # ssh smartsusr@<host_name>
    

    Where <host_name> is the DNS name of the machine on which the component is running.

    Note:

    On initial connection you will be prompted to add a known host and asked o continue, type 'yes'. The authenticity of host 'apollo (10.241.215.34)' can't be established. RSA key fingerprint is e5:a9:32:3f:0e:bf:53:87:97:ce:8e:c6:4c:29:34:93. Are you sure you want to continue connecting (yes/no)?

  7. Later when you are configuring the Failover Manager, edit the failover.conf file as follows. This ensures that the root process executes commands for non-root user. Also, it specifies the location of the security key.

    TransferCmd="/usr/bin/scp -i /home/smartsusr/.ssh/id_rsa"; 
    RemoteLogin="/usr/bin/ssh -i /home/smartsusr/.ssh/id_rsa";
    
  8. Change the ownership of the directory <BASEDIR>/smarts/local to smartsusr and smartsgrp on both machines Active and Standby, so that users in the group can alter local smarts folder. Type:

    #usermod -G smartsgrp smartsusr
    #chown -R smartsusr:smartsgrp <install_path>/smarts/local
    #chmod -R g+w <install_path>/smarts/local
    #chmod 444 <install_path>/smarts/local/conf/*Connect.conf
    #chmod 444 <install_path>/smarts/local/conf/imk.dat
    #chmod 644 <install_path>/smarts/local/conf/runcmd_env.sh
    
  9. Log in as smartsusr and set the permission for .ssh folder to 700 on both machines Active and Standby. Type:

     #chmod 700 /home/smartsusr/.ssh
    
  10. Log in as smartsusr and set the permission for .ssh/authorized_keys to 600 on both machines Active and Standby. Type:

     #chmod 600 /home/smartsusr/.ssh/authorized_keys
    
  11. Execute the ssh command manually from root to check that the ssh command works correctly:

     #ssh -i /home/smartsusr/.ssh/id_rsa -n -l smartsusr itops-qa-108 ls –lrt
  12. Once the above step is successful, edit the BASEDIR/smarts/conf/failover/failover.conf file with the following content:

  13. Comment the root user TransferCmd and RemoteLogin and enable it for non-root user as below:

    TransferCmd = "/usr/bin/scp -p -i /home/smartsusr/.ssh/id_rsa"; 
    RemoteLogin = "/usr/bin/ssh -i /home/smartsusr/.ssh/id_rsa";
    
  14. Change the user as smartsusr.

  15. Change the ownership to the smartsgp. Type:

    #chown -R root:smartsgrp /var/smarts/
    
  16. Change the permissions for sm_service. Type:

    #chmod 770 /var/smarts/pipes/sm_service
    
  17. To ensure that passwordless communication is working after a host reboot, modify the /etc/init.d/ic_serviced file on all hosts.

  18. Edit /etc/init.d/ic-serviced.

  19. Find the following line:

    check_startup(){
    
  20. Add the following code (in bold):

    check_startup(){
        COUNT=1
        while true
        do
            sleep 1
            isRunning
            if [ $? -eq 1 ]; then
                [ "$OS" = "Linux" ] && touch $LOCKFILE
                break
            fi
            COUNT=`expr ${COUNT} + 1`
            if [ ${COUNT} -gt 60 ];
            then
                echo "$SERVICED failed to start."
                exit 1
            fi
      done
    sleep 5
      chown -R root:smartsgrp /var/smarts
     sleep 5
    chown -R smartsusr:smartsgrp <BASEDIR>/smarts/local
      sleep 5
      chmod 770 /var/smarts/pipes/sm_service
      }
    
  21. Save the file and exit.

  22. Verify that the non-root setup is working properly. Log in as a non-root user and run the following remote command:

    sm_service show
    [smartsusr@wpl-019-072 bin]$ /usr/bin/ssh -i /home/smartsusr/.ssh/id_rsa -n -l smartsusr wpl-019-071.lss.emc.com 2>&1 /opt/InCharge/SAM/smarts/bin/sm_service show
     RUNNING ic-trapd-exploder
     RUNNING smarts-rabbitmq
     NOT RUNNING ic-broker
     NOT RUNNING ic-broker-test
     RUNNING smarts-elasticsearch
     RUNNING ic-sam-server-pres
     RUNNING smarts-tomcat
     RUNNING ic-broker-93
     NOT RUNNING ic-sam-server
     [smartsusr@wpl-019-071 ~]$ /usr/bin/ssh -i /home/smartsusr/.ssh/id_rsa -n -l smartsusr wpl-019-072.lss.emc.com 2>&1 /opt/InCharge/SAM/smarts/bin/sm_service show
     RUNNING smarts-rabbitmq
     RUNNING ic-trapd-exploder
     RUNNING ic-broker
     RUNNING smarts-elasticsearch
     RUNNING ic-sam-server-pres
     RUNNING smarts-tomcat
     RUNNING ic-broker-93