How to sync permissions between HA nodes and Cluster home?

JFrog Support
2016-10-06 13:38

Working in an HA setup, requires the sync of users in order to allow correct write and read permissions between nodes. A common scenario is when you have different users for a filestore, you can adjust that:

 

Change ownership of the files to artifactory:artifactory:

 

Changing ownership of, for an example, 9 million files should not be much of a burden for a good UNIX system, and it should not take too long to finish. The risk could be due to an instability of the NFS mount. A misconfigured NFS mount could have caused the files to have the nobody:nobody userid(UID) and groupid (GID). 

 

When changing the ownership from nobody:nobody to artifactory:artifactory, please ensure that all the files in the CLUSTER_HOME and all the nodes have the same user ID and group ID assigned to artifactory:artifactory by using steps belowFor example, if node 1 has 1100:400 as UID:GID of artifactory:artifactory then the other nodes must have the same UID:GID assigned for artifactory:artifactory as 1100:400 

 

  1. Find a UID and a GID that is available to be used by one of the nodes (e.g. if you would like the first number starting from 2000 which is neither in /etc/passwd nor in /etc/group, then run awk -F: '{uid[$3]=1}END{for(x=2000;x<=10000;x++)if(!uid[x]){print x;exit}}' /etc/passwd /etc/group on one of the nodes. 
  2. Then, see if the UID and the GID found above are available in all the nodes. For example, cat /etc/passwd | grep 1100 (if you would like to use 1100 as UID for artifactory) and cat /etc/group | grep 400 (if you would like to use 400 as GID for artifactory) on each node.
  3. Repeat steps 1~2 until unique UID and GID that can be used by all nodes are found. 
  4. Assign artifactory:artifactory to the UID:GID found above to each node. You can use usermod -u 1100 artifactory command to assign 1100 to artifacotry and use groupmod -g 400 artifactory

 

 

Afterward steps above, you are ready to change ownership of files in Artifactory nodes and cluster_home. 

 

For the RPM install, please change ownership of file/folder in each node according to the table belw.

 

File/Folder

 

 

Location

 

 

Ownership

 

Artifactory home

/var/opt/jfrog/artifactory

artifactory 

Artifactory etc

/etc/opt/jfrog/artifactory

artifactory 

Artifactory logs

/var/opt/jfrog/artifactory/logs

artifactory

Artifactory env variables

/etc/opt/jfrog/artifactory/default

artifactory 

Tomcat home

/opt/jfrog/artifactory/tomcat artifactory  (root for sub dirs)

Artifactory startup script

/etc/init.d/artifactory

root

Artifactory binary

/opt/jfrog/artifactory root