Install software
Additional software can be installed on a Managed OS VM.
The Temp Admin state allows you to install and configure software with Administrator or root privileges.
Note the restrictions below, otherwise the compliance check will fail and the Temp Admin state cannot be left.
Install software on Managed Windows
- Change to the Temp Admin state, for installing and configuring software
- In the Temp Admin state it is possible to login with RDP and the custadm user
- Install the software
- Change the state for the server back to the Full Managed state
Install software on Managed RHEL
Please note the following restrictions, otherwise the compliance check will fail and the Temp Admin state cannot be left.
- It is allowed to install an RPM from the Red Hat repositories which are attached to each VM.
All software must be installed on a partition which does not belong to the OS filesystem. - All logfiles or variable data must be written on a partition which does not belong to the OS filesystem.
Especially check if you write into a/var/log/*
directory which must be on a separate partition. - It's not allowed to configure sudo rules with root privileges.
- It's not allowed to create cronjobs for the user root.
- It's allowed to configure a YUM repository in
/etc/yum.repos.d/
for 3rd party software installation. - If you need the yum infrastructure for 3rd party software installation, you mustn't set a proxy in
/etc/yum.conf
.
Instead place your proxy in your alternative repository under/etc/yum.repos.d/
. - Check all other restrictions from the compliance checks in the Technical Description.
- Change to the Temp Admin state, for installing and configuring software.
- If not done during the VM provisioning, add an additional disk for the software installation according to this instructions and restrictions.
- In the Temp Admin state it is possible to login with a ssh client and the custadm user. Use the "sudo" framework for executing commands.
- Install the application
- On a Managed RHEL VM a local firewall (iptables) is running. Configure iptables to allow access to the service from other servers according to this instructions.
- Change the state for the VM back to the Full Managed state.
Workaround for output redirections with sudo
Output redirects to a file with sudo will not work if the user custadm has no write permissions for the file
$ sudo echo 'rouser custsnmp priv .1' >> /etc/snmp/snmpd.conf
-bash: /etc/snmp/snmpd.conf: Permission denied
The problem can be avoided with the "tee" command:
$ sudo echo 'rouser custsnmp priv .1' | sudo tee -a /etc/snmp/snmpd.conf