One of the scenario that I come across, some of developers wanted to bounce apache / opmn services after their development activity to see their changes got effected or not. It is hard for DBAs every time to do such things. To overcome that, we have granted sudoers access to some of key developers, so that they can bounce on their own on non-prod environments.
As root, on application server:
visudo
Insert this into file:
###############################################
# DEVORACLE users can run the following commands as applmgr
User_Alias DEVORACLE = user1, user2, user3
DEVORACLE ALL = (applmgr) NOPASSWD: /u01/scripts/stopopmn, /u01/scripts/startopmn, /u01/scripts/startapache, /u01/scripts/stopapache
As applmgr, on application server:
cp $ADMIN_SCRIPTS_HOME/adopmnctl.sh /u01/scripts/.
cp $ADMIN_SCRIPTS_HOME/adapcctl.sh /u01/scripts/.
Make easy commands to developers:
$ cd /u01/scripts
$ echo "/u01/scripts/adopmnctl.sh stopall" > stopopmn
$ echo "/u01/scripts/adopmnctl.sh startall" > startopmn
$ echo "/u01/scripts/adapcctl.sh stop" > stopapache
$ echo "/u01/scripts/adapcctl.sh start" > stopapache
Here are the files you see in /u01/scripts after all done:
adapcctl.sh
adopmnctl.sh
startapache
stopapache
startopmn
stopopmn
Change permissions to all files under /u01/scripts:
$ chmod 700 *
These are the commands that only the developers listed by name in the sudoers file (above) can run:
sudo -u applmgr /u01/scripts/stopopmn
sudo -u applmgr /u01/scripts/startopmn
sudo -u applmgr /u01/scripts/stopapache
sudo -u applmgr /u01/scripts/startapache
No comments:
Post a Comment