Page tree
Skip to end of metadata
Go to start of metadata

In releases prior to ClustrixDB 9, the database could only be run with as the root system user. With ClustrixDB 9, it can now be run as a non-root user on CentOS 7. Installing ClustrixDB requires root or sudo access, but as part of installation you can specify which user(s) should be used to run and manage the database.

Overview of Users

The following Linux OS user accounts used to install and operate ClustrixDB: 

Linux OS User

Description

How it is used

root

root

Runs the initial installation of the ClustrixDB software. The installation can be run indirectly through sudo privileges granted to another Linux user. Subsequent upgrades of ClustrixDB do not need root-level permissions.

clxd

ClustrixDB daemon

The ClustrixDB processes run as the clxd Linux user. This is a daemon account, and therefore administrators should not log into Linux using this account. The one exception is when performing ClustrixDB upgrades, the upgrade is executed as the clxd Linux user.

clxm

ClustrixDB Management

This Linux user is intended to be used by administrators to work with the ClustrixDB software. This user is typically configured to have its environment set for convenient use of the ClustrixDB command-line tools. The ClustrixDBI uses clustrix instead of clxm.

There is no performance difference with running ClustrixDB as a non-root user. The ClustrixDB installer will create both the clxd and clxm users if they do not already exist.

To reduce confusion within your team and when working with Clustrix Support, we recommend leaving the ClustrixDB Daemon user at the default (clxd). This default user name helps identify this Linux user as a daemon-only account that should not be used by administrators during normal operation

You may wish to use a different Linux user for the ClustrixDB Management user. This can be specified as part of installation.

For example, if you normally log into Linux using a user named sysops, and you would like to manage ClustrixDB while logged in as this sysops user, then during the ClustrixDB installation, select sysops as the Management user instead of clxm.

OS users cannot be modified once installation is complete.

Configure clxd and clxm Linux users

When using the recommended options, the ClustrixDB installer will automatically create the daemon ( clxd) and management ( clxm) users and grant the associated privileges. If you prefer to specify existing users, please note the following: 

ClustrixDB Daemon (clxd):

This Linux user should not be granted sudo privileges. Doing so would effectively allow the ClustrixDB installation to run with root privileges.

To facilitate cluster-wide upgrades of the ClustrixDB software, the clxd Linux user should have passwordless SSH access configured between ClustrixDB nodes. See Configure SSH Authentication for instructions on how to set this up.

ClustrixDB Management (default: clxm):

This Linux user does not require sudo privileges.

To facilitate easy use of the ClustrixDB command-line management tools, passwordless SSH access between ClustrixDB nodes should be configured for this user. 

Non-root vs Root installation and upgrade:

 

non-root (recommended)

root

Installation

performed as root

performed as root

Access the UI

http://ip_or_hostname:8080

http://ip_or_hostname

Upgrades

As the database user (clxd)

Root upgrade is not supported

As root

OSCentOS 7 (recommended)CentOS 6 or CentOS 7

There is no performance difference with running ClustrixDB as a non-root user.

Differences between non-root and root:

  • Host-based authentication is not supported (see Configure SSH Authentication for more information on connectivity between nodes in ClustrixDB 9 non-root)

  • If the database is in read only mode, taking a mysqldump requires using the --lock-tables=false option

When expanding the device1 file, non-root installations should be cautious to not fill up all available free space as a non-root user does not have the same permissions to inspect the file system and proactively provide warnings. By default linux filesystems reserve 5% of space to be usable just by root so that other non-root users won't actually fill up the disk to 100% leaving no space for the system components. Inspecting the system does not immediately show this space as unavailable.

Prepare a system for running as non-root

In addition to the normal steps to prepare a system for running ClustrixDB, If you previously installed ClustrixDB using a root-based install, perform the following steps (as root) to prepare a node for a non-root install:

shell> /opt/clustrix/bin/uninstall_clustrix
shell> rm /dev/shm/*

Clustrix now supports RHEL/CentOS 7. If you are migrating from an existing installation to a non-root installation, Clustrix recommends also migrating to RHEL/CentOS 7 at the same time.

  • No labels