running a jazz rtc server under a non-root userid (on unix)
We have currently installed our Jazz RTC servers using the root userid and all the files are now owned by root, and RTC's java process is also owned by root. Is there anything we need to take into account if we want to run it under a different userid?
As part of this, we plan to change ownership of all the RTC files from root to the userid that we want to run under? Is this ok/desirable/necessary?
As part of this, we plan to change ownership of all the RTC files from root to the userid that we want to run under? Is this ok/desirable/necessary?
Accepted answer
There is also a new document how to migrate it on WAS: Run ELM products under a non-root user.
In general there is no official procedure for Liberty (there is enhancement for that: 539285: Need documentation in publib confirming support and conversion of ownership of RTC installation from root user to non-root user.),
However you can try the following steps:
1. Install ELM as non-root user. Do not rerun the setup.
2. Move conf directory from root installation to non-root and change the ownership from root to non-root user.
3. Move <ELM-install>/server/liberty/servers/clm/server.xml file and <ELM-install>/server/liberty/servers/clm/conf directory from old installation to new and change the ownership from root to non-root user.
These files contain the information about the authentication to Liberty.
One other answer
Hello Chris,
We had similar issue investigated in internal escalation. Here are the steps how you can switch to running the tool as non root user. Please only test it before on your testing environment.
*********************
CHANGE PLAN
*********************
1. Take a DB backup before starting the migration.
2. Login to RTC server as root
3. Stop RTC service
cd /<server_install_path>/JazzTeamServer/server
./server.shutdown
4. Take a backup of the RTC installation directory
*** Make sure enough space is available and exclude /<server_install_path>/JazzTeamServer/server/tomcat/work/Catalina
*** You could delete the catalina Temp dir which would be occupying a lot of space. This gets populated on the next restart.
rm -r /<server_install_path>/JazzTeamServer/server/tomcat/work/Catalina
cp -r /<server_install_path>/JazzTeamServer /apps/wload/zdgp/app/IBM2/JazzTeamServer.backup
### Making sure that the original installation directory is kept unchanged.
mv /<server_install_path>/JazzTeamServer /<server_install_path>/JazzTeamServer.root
mv /<server_install_path>/JazzTeamServer.backup /<server_install_path>/JazzTeamServer
e20018265@gbrpsr000000687 PROD $ df -kh .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/root_vg-apps
404G 32G 352G 9% /apps
e20018265@gbrpsr000000687 PROD $
5. Take a backup of /tmp directory
mkdir /<server_install_path>/JazzTeamServer.root/tmp
cp -r /tmp /<server_install_path>/JazzTeamServer.root/tmp
6. Remove the temp files (Make sure tmp directory is having access to everyone)
rm -rf /tmp/_JazzRepo*
rm -rf /tmp/versionedcontentservice
rm -rf /tmp/contentservice
7. Change the ownership of the installation directory
chown -r jazzadmin:jazzadmin /<server_install_path>/JazzTeamServer
8. Change the content of teamserver.properties file as follows
*** This step is carried out to make sure indices are written to a faster disk rather than the current disk where slow disk IO is reported in the logs.
mkdir /<server_install_path>/JazzTeamServer/server/indices
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex -> com.ibm.team.fulltext.indexLocation=/<server_install_path>/JazzTeamServer/server/indices
com.ibm.team.jfs.index.root.directory=indices -> com.ibm.team.jfs.index.root.directory=/<server_install_path>/JazzTeamServer/server/indices
9. Change the ownership of the path mentioned in teamserver.properties given in step 6
chown -r jazzadm:jazzadm /<server_install_path>/JazzTeamServer/server/indices
10. Re-Index RTC by running the following commands
cd /<server_install_path>/JazzTeamServer/server
./repotools-jts.sh -reindex all
./repotools-qm.sh -reindex all
./repotools-ccm.sh -reindex all
11. Logout as root
12. Login as jazzadm
13. Start the service as application account.
cd /<server_install_path>/JazzTeamServer/server
./server.startup
14. Double confirm RTC web is up and running - High Level Sanity test
Run diagonistics -> https://<jazz_server_domain_name>:9443/jts/admin
Search workitems
Search dashboards -> https://<jazz_server_domain_name>:9443/jts/dashboards/all
Create workitems
********************
ROLL-BACK PLAN
********************
1. Login as jazzadm and stop RTC
cd /<server_install_path>/JazzTeamServer/server
./server.shutdown
2. Login as root
3. Move the installation folder owned by jazzadm
mv /<server_install_path>/JazzTeamServer /<server_install_path>/JazzTeamServer.jazzadmin
4. Roll back the installation folder owned by root
mv /<server_install_path>/JazzTeamServer.root /<server_install_path>/JazzTeamServer
5. Restore the DB
6. Start the RTC
cd /<server_install_path>/JazzTeamServer/server
./server.startup
7. Conduct Sanity test
Run diagonistics -> https://<jazz_server_domain_name>:9443/jts/admin
Search workitems
Search dashboards -> https://<jazz_server_domain_name>:9443/jts/dashboards/all
Create workitems
We had similar issue investigated in internal escalation. Here are the steps how you can switch to running the tool as non root user. Please only test it before on your testing environment.
*********************
CHANGE PLAN
*********************
1. Take a DB backup before starting the migration.
2. Login to RTC server as root
3. Stop RTC service
cd /<server_install_path>/JazzTeamServer/server
./server.shutdown
4. Take a backup of the RTC installation directory
*** Make sure enough space is available and exclude /<server_install_path>/JazzTeamServer/server/tomcat/work/Catalina
*** You could delete the catalina Temp dir which would be occupying a lot of space. This gets populated on the next restart.
rm -r /<server_install_path>/JazzTeamServer/server/tomcat/work/Catalina
cp -r /<server_install_path>/JazzTeamServer /apps/wload/zdgp/app/IBM2/JazzTeamServer.backup
### Making sure that the original installation directory is kept unchanged.
mv /<server_install_path>/JazzTeamServer /<server_install_path>/JazzTeamServer.root
mv /<server_install_path>/JazzTeamServer.backup /<server_install_path>/JazzTeamServer
e20018265@gbrpsr000000687 PROD $ df -kh .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/root_vg-apps
404G 32G 352G 9% /apps
e20018265@gbrpsr000000687 PROD $
5. Take a backup of /tmp directory
mkdir /<server_install_path>/JazzTeamServer.root/tmp
cp -r /tmp /<server_install_path>/JazzTeamServer.root/tmp
6. Remove the temp files (Make sure tmp directory is having access to everyone)
rm -rf /tmp/_JazzRepo*
rm -rf /tmp/versionedcontentservice
rm -rf /tmp/contentservice
7. Change the ownership of the installation directory
chown -r jazzadmin:jazzadmin /<server_install_path>/JazzTeamServer
8. Change the content of teamserver.properties file as follows
*** This step is carried out to make sure indices are written to a faster disk rather than the current disk where slow disk IO is reported in the logs.
mkdir /<server_install_path>/JazzTeamServer/server/indices
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex -> com.ibm.team.fulltext.indexLocation=/<server_install_path>/JazzTeamServer/server/indices
com.ibm.team.jfs.index.root.directory=indices -> com.ibm.team.jfs.index.root.directory=/<server_install_path>/JazzTeamServer/server/indices
9. Change the ownership of the path mentioned in teamserver.properties given in step 6
chown -r jazzadm:jazzadm /<server_install_path>/JazzTeamServer/server/indices
10. Re-Index RTC by running the following commands
cd /<server_install_path>/JazzTeamServer/server
./repotools-jts.sh -reindex all
./repotools-qm.sh -reindex all
./repotools-ccm.sh -reindex all
11. Logout as root
12. Login as jazzadm
13. Start the service as application account.
cd /<server_install_path>/JazzTeamServer/server
./server.startup
14. Double confirm RTC web is up and running - High Level Sanity test
Run diagonistics -> https://<jazz_server_domain_name>:9443/jts/admin
Search workitems
Search dashboards -> https://<jazz_server_domain_name>:9443/jts/dashboards/all
Create workitems
********************
ROLL-BACK PLAN
********************
1. Login as jazzadm and stop RTC
cd /<server_install_path>/JazzTeamServer/server
./server.shutdown
2. Login as root
3. Move the installation folder owned by jazzadm
mv /<server_install_path>/JazzTeamServer /<server_install_path>/JazzTeamServer.jazzadmin
4. Roll back the installation folder owned by root
mv /<server_install_path>/JazzTeamServer.root /<server_install_path>/JazzTeamServer
5. Restore the DB
6. Start the RTC
cd /<server_install_path>/JazzTeamServer/server
./server.startup
7. Conduct Sanity test
Run diagonistics -> https://<jazz_server_domain_name>:9443/jts/admin
Search workitems
Search dashboards -> https://<jazz_server_domain_name>:9443/jts/dashboards/all
Create workitems
Comments
I wanted to know if anyone tried steps listed here and got it working ? I had installed Rational CLM 6.0 as root on AIX 7.1 TL3 Service Pack 5. I am required to change the ownership & permissions so that application is started and run by service account RATADM.
If anyone can share their insight into this it'll be greatly appreciated.
1 vote
