Installing with the sudo User Account

If you choose to run the Installer as a sudo user, the root user must first grant the non-root (sudo) user installation permission. The sudo user must have permission to execute scripts under temporary directory /tmp on all master and worker nodes.

There are two distinct file edits that need to be performed: first on the Initial Master Node only, and then on all remaining master and worker nodes. These file edits are detailed below. In addition, before installing CDF, the CDF-updateRE.sh script must be modified to install CDF as a sudo user.

The arcsight-install tool is not supported in sudo mode. Only manual installations are supported in sudo mode.

Editing the sudoers File on the Initial Master Node

Make the following modifications only on the Initial Master Node.

First, log on to the initial master node as the root user. Then, using visudo, edit the /etc/sudoers file and add or modify the following lines.

In the following commands you must ensure there is, at most, a single space character after each comma that delimits parameters. Otherwise, you might receive an error similar to this when you attempt to save the file.
>>> /etc/sudoers: syntax error near line nn <<<

To edit sudoers:

  1. Add the following Cmnd_Alias line to the command aliases group in the sudoers file.

    Cmnd_Alias CDFINSTALL = {unzipped-installer-dir}/installers/cdf/scripts/pre-check.sh, {unzipped-installer-dir}/install, <K8S_HOME>/uninstall.sh, /usr/bin/kubectl, /usr/bin/docker, /usr/bin/mkdir, /bin/rm, /bin/su, /bin/chmod, /bin/tar, <K8S_HOME>/scripts/uploadimages.sh, <K8S_HOME>/scripts/cdf-updateRE.sh, <K8S_HOME>/bin/kube-status.sh, <K8S_HOME>/bin/kube-stop.sh, <K8S_HOME>/bin/kube-start.sh, <K8S_HOME>/bin/kube-restart.sh, <K8S_HOME>/bin/env.sh, <K8S_HOME>/bin/kube-common.sh, <K8S_HOME>/bin/kubelet-umount-action.sh, /bin/chown
    For an AWS installation, the cdf-updateRE.sh script has the path:
    aws-byok-installer/installer/cdf-deployer/scripts/cdf-updateRE.sh
    If you will be specifying an alternate tmp folder using the --tmp-folder parameter, ensure that you specify the correct path to <tmp path>/scripts/pre-check.sh in the Cmnd_Alias line.
    • Replace the {unzipped-installer-dir} with the directory where you unzipped the installation package. For example, /tmp/arcsight-platform-installer-<version>.zip.
    • Replace <K8S_HOME> with the value defined from a command line. By default, <K8S_HOME> is /opt/arcsight/kubernetes.

  2. Add the following lines to the wheel users group, replacing <username> with your sudo username.

    %wheel ALL=(ALL) ALL
    cdfuser ALL=NOPASSWD: CDFINSTALL
    Defaults: <username> !requiretty
    Defaults: root !requiretty

  3. Locate the secure_path line in the sudoers file and ensure the following paths are present.

    Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

    By doing this, the sudo user can execute the showmount, curl, ifconfig and unzip commands when installing the CDF Installer.

  4. Save the file.

Editing the sudoers File on the Remaining Master and Worker Nodes

Make the following modifications only on the remaining master and worker nodes.

Log in to each master and worker node. Then, using visudo, edit the /etc/sudoers file and add or modify the following:

In the following commands you must ensure there is, at most, a single space character after each comma that delimits parameters. Otherwise, you might get an error similar to this when you attempt to save the file. >>> /etc/sudoers: syntax error near line nn <<<

To edit sudoers:

  1. Add the following Cmnd_Alias line to the command aliases group in the sudoers file.

    Cmnd_Alias CDFINSTALL = /tmp/pre-check.sh, /tmp/ITOM_Suite_Foundation_Node/install, <K8S_HOME>/uninstall.sh, /usr/bin/kubectl, /usr/bin/docker, /usr/bin/mkdir, /bin/rm, /bin/su, /bin/chmod, /bin/tar, <K8S_HOME>/scripts/uploadimages.sh, <K8S_HOME>/scripts/cdf-updateRE.sh, <K8S_HOME>/bin/kube-status.sh, <K8S_HOME>/bin/kube-stop.sh, <K8S_HOME>/bin/kube-start.sh, <K8S_HOME>/bin/kube-restart.sh, <K8S_HOME>/bin/env.sh,<K8S_HOME>/bin/kube-common.sh, <K8S_HOME>/bin/kubelet-umount-action.sh, /bin/chown, /usr/bin/cp
    • Replace <K8S_HOME> which will be used from the command line. By default, <K8S_HOME> is /opt/arcsight/kubernetes.

  2. Add the following lines to the wheel users group, replacing <username> with your sudo username.

    %wheel ALL=(ALL) ALL
    cdfuser ALL=NOPASSWD: CDFINSTALL
    Defaults: <username> !requiretty
    Defaults: root !requiretty

  3. Locate the secure_path line in the sudoers file and ensure the following paths are present.

    Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

    By doing this, the sudo user can execute the showmount, curl, ifconfig and unzip commands when installing the CDF Installer.

  4. Save the file.

  5. Repeat the process for each remaining master and worker node.

Modifying the cdf-updateRE.sh Script

In addition to the steps listed above, the following additional step is required for sudo user installation of CDF.

The cdf-updateRE.sh script is used in installation and other utility operations in CDF and CDF-based products (such as Transformation Hub). To install CDF as the sudo user, you must modify the script.

To modify the script:

  1. In the location where you unzip the installer archive, modify the script {​​unzipped-installer-dir}/installers/cdf/scripts/cdf-updateRE.sh file in a text editor as follows.

    • Comment out the line containing the text exit 1.
    • Add the following line inside the if block. 
      • export K8S_HOME=<install directory>

      For Example: 

      if [[ -z "${K8S_HOME}" ]]; then
echo "K8S_HOME not set. If running on fresh installation, please use new shell session"
# exit 1
export K8S_HOME=/opt/arcsight/kubernetes
fi;
  2. Save the file and then proceed to CDF installation as a sudo user.