How to sync permissions between HA nodes and Cluster home?

Working in an HA setup requires the sync of users in order to allow correct write and read permissions between nodes. A common scenario is when you have different users for a filestore, you can adjust that:

Change ownership of the files to artifactory:artifactory:


Changing ownership of, for an example, 9 million files should not be much of a burden for a good UNIX system, and it should not take too long to finish. The risk could be due to an instability of the NFS mount. A misconfigured NFS mount could have caused the files to have the nobody:nobody userid(UID) and groupid (GID). 

When changing the ownership from nobody:nobody to artifactory:artifactory, please ensure that all the files in the CLUSTER_HOME and all the nodes have the same user ID and group ID assigned to artifactory:artifactory by using steps belowFor example, if node 1 has 1100:400 as UID:GID of artifactory:artifactory then the other nodes must have the same UID:GID assigned for artifactory:artifactory as 1100:400 

  1. Find a UID and a GID that is available to be used by one of the nodes (e.g. if you would like the first number starting from 2000 which is neither in /etc/passwd nor in /etc/group, then run awk -F: ‘{uid[$3]=1}END{for(x=2000;x<=10000;x++)if(!uid[x]){print x;exit}}’ /etc/passwd /etc/group on one of the nodes. 
  2. Then, see if the UID and the GID found above are available in all the nodes. For example, cat /etc/passwd | grep 1100 (if you would like to use 1100 as UID for artifactory) and cat /etc/group | grep 400 (if you would like to use 400 as GID for artifactory) on each node.
  3. Repeat steps 1~2 until unique UID and GID that can be used by all nodes are found. 
  4. Assign artifactory:artifactory to the UID:GID found above to each node. You can use usermod -u 1100 artifactory command to assign 1100 to Artifacotry and use groupmod -g 400 artifactory

After following the steps above, you are ready to change ownership of files in Artifactory nodes and cluster_home. 

For the RPM install, please change ownership of file/folder in each node according to the table below:

File/Folder

Location

Ownership

Artifactory home

/var/opt/jfrog/artifactory

artifactory 

Artifactory etc

/etc/opt/jfrog/artifactory

artifactory 

Artifactory logs

/var/opt/jfrog/artifactory/logs

artifactory

Artifactory env variables

/etc/opt/jfrog/artifactory/default

artifactory 

Tomcat home

/opt/jfrog/artifactory/tomcat artifactory  (root for sub dirs)

Artifactory startup script

/etc/init.d/artifactory

root

Artifactory binary

/opt/jfrog/artifactory root