The section contains account requirements to access the Bare Metal Orchestrator nodes.
We suggest creating a common user account called installer to align with the example login account name used in this guide. However, you can assign your own. The required step to update the all.yml file Ansible user account name is included in the Bare Metal Orchestrator installation procedure.
Use this common user account for the following tasks:
- Initial Bare Metal Orchestrator installation
- Bare Metal Orchestrator node configuration (including worker nodes)
- Uninstalling and reinstalling the Bare Metal Orchestrator cluster.
For single node deployments, create this common user account on the VMs hosting the Global Controller node and all remote worker nodes. Ensure the common user account complies with the following:
- Passwordless sudo privileges are enabled for the duration of the installation and Bare Metal Orchestrator node configuration, including worker nodes.
- All worker nodes must have the same password.
For high availability (HA) deployments, ensure all nodes in the HA cluster have the same Linux user account configured (for example, installer.) The same user account and privileges must be configured on each server hosting the following Bare Metal Orchestrator nodes:
- Global Controller (CP1) and the two redundant HA nodes (CP2 and CP3)
- The two Load Balancers
- All worker nodes
Common (installer) user requirements for HA deployments:
- Passwordless sudo privileges are enabled for the duration of the installation and Bare Metal Orchestrator node configuration, including worker nodes.
- CP1, CP2, and CP3 nodes must have the same password.
- All Load Balancer nodes must have the same password.
- All worker nodes must have the same password.
Ensure that the same user-defined account is configured on all nodes and have passwordless sudo privileges enabled for the duration of the deployment. You must manually add the common installer username to the Docker group on the Global Controller (CP1), and on CP2 and CP3 nodes. For example:
sudo adduser <username> docker
where <username>
is the name of the common user account.
The sudoers configuration is updated at /etc/sudoers.
Cmnd alias
specification string into the sudoers file, you must ensure that you remove spaces between each character on each line. If spaces are present, the file corrupts. The following is an example of the sudoers file:
installer@bmo-manager-1:~/mw_bundle$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias BIN=/bin/sh,/var/lib/rancher/rke2/bin/crictl,/usr/bin/systemctl,/usr/sbin/lvm,/usr/bin/mkdir,/usr/bin/touch,/usr/bin/tee,/usr/bin/sed,/usr/bin/umount,/usr/bin/mount,/usr/bin/rmdir,/usr/sbin/mkfs.xfs,/usr/sbin/lvs,/usr/sbin/pvcreate,/usr/sbin/pvremove,/usr/sbin/vgcreate,/usr/sbin/vgdisplay,/usr/sbin/vgremove,/usr/sbin/lvcreate,/usr/sbin/lvremove,/usr/bin/awk,/usr/bin/chown,/usr/bin/chmod,/usr/bin/echo,/usr/bin/cat,/usr/bin/cp,/usr/bin/rm,/bin/systemctl,/bin/mkdir,/bin/sed,/bin/umount,/bin/rmdir,/sbin/mkfs.xfs,/bin/chown,/bin/chmod,/bin/echo,/bin/cat,/bin/cp,/bin/rm, /usr/bin/docker,/usr/local/bin/helm
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
installer ALL=NOPASSWD: BIN
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d