Prerequisites for Adding the Linux Host to CHAI™ for Discovery¶
Recommended Resource Requirements¶
| Resource | CPU | RAM | /home/ |
/opt |
|---|---|---|---|---|
| Requirement | 4 cores | 8 GB | > 500 MB | > 2 GB |
Discovery uses /opt partition for its operation. Please allow the executable permissions to the folder. Verify it as follows on the Host:
[ssh-user@host ~]$ ls -ltr /opt
drwxr-xr-x 9 root testdir 288 Sep 27 2016 X11
"x" is required which ensures the execute permission.
Privilege Access¶
User account used for connection between CHAI™ and host must have privilege access.
Below line can be added to the END of the file - /etc/sudoers for allowing connecting user to communicate without password certain commands. Please update the path for system commands like mkdir, echo etc:
<ssh-user-for-CHAI-host> ALL=(ALL) NOPASSWD:/opt/.ch-tools/*/*/*, /opt/.ch-tools/*/*, /bin/mkdir, /bin/echo, /bin/chmod 755 /opt/.ch-tools/*, /bin/chmod 755 /home/<ssh-user-for-CHAI-host>/chcmd, /bin/chmod -R 755 /opt/.ch-tools, /bin/chmod -R 755 /home/<ssh-user-for-CHAI-host>/.ch-tools, /bin/chown <ssh-user-for-CHAI-host>\: /opt/.ch-tools/*, /bin/chown -R <ssh-user-for-CHAI-host>\: /home/<ssh-user-for-CHAI™-host>/chcmd, /bin/chown -R <ssh-user-for-CHAI-host>\: /opt/.ch-tools, /bin/chown -R <ssh-user-for-CHAI-host>\: /home/<ssh-user-for-CHAI-host>/.ch-tools
RequireTTY¶
Disable requiretty for connecting user from remote machine to Host. If set, sudo will only run when user is logged in to a real terminal and not via other means such as cron, cgi-bin or ssh scripts. Since CHAI™ connects to the Host remotely without a real terminal, this flag must be disabled. This flag is off by default. Below line can be added to /etc/sudoers file:
SSHD Server¶
The ssh server (sshd) must be running on the host. Verify it as follows on the Host:
Connection between Host and CHAI™¶
CHAI™ authenticates with the Linux Host using the following 2 methods over ssh:
- Username and ssh key
- Username and password
Host communicates back to CHAI™ over port 443 (https). Please ensure that port 443 is enabled on the Host for external communication and unblocked on the firewall in between Host and CHAI™.