The BMC Bladelogic for Servers RSCD Agent has three configuration files which are key to enabling remote users or Application Servers to interact with the agent. There are two locations where such files are placed:
- For Linux/UNIX Systems, these files are under /usr/lib/rsc
- For Windows Systems, these files are under C:\Windows\rsc
The files are:
- exports – defines who can connect to the agent
- users – defines the Roles and Users (ACL-based) that can interact with the agent, and the account those users should impersonate into
- users.local – static definition (supersedes the users file) of Roles and Users (Non-ACL driven) that must always have access to the agent.
The typical configuration is as follows:
- exports – should define at a minimum the BBSA application server that can communicate with this agent. This is how you secure and prevent unauthorized AppServers from talking to the RSCD Agent
10.10.10.10 rw,user=Administrator
Where:
- 10.10.10.10 is the IP address of the BBSA Application Server
- rw is the permission (read-write) that system has.
- Administrator is the impersonated user on the local system. This can also be root on a linux/unix system.
- users – is populated by performing an ACL Push Job from Bladelogic. Applies the RBAC model assigned in BBSA to the target system’s RSCD Agent.
- users.local – must have at a minimum three entries which allow BBSA Application Server (defined in #1) to properly communicate to the target system for mundane fundamental actions:
RBACAdmins:RBACAdmin rw,map=Administrator
BLAdmins:BLAdmin rw,map=Administrator
System:System rw,map=Administrator
Where:
- RBACAdmins:RBACAdmin is the default user in BBSA to manipulate Roles and Permissions.
- BLAdmins:BLAdmin is the default Administrator user in BBSA
- System:System is an undocumented requirement. BBSA App servers historically have used this built in role/user for functional communications to with the RSCD Agent. I believe mostly this is needed for communicating with the RSCD agent on the File Server.
You do not need to restart the RSCD agent for these changes to take effect.
Leave A Reply