I found some inconsistent behavior of permission in /var/lib/quarkdb/node(i) and password file i.e. redis.password_file, mgmofs.qdbpassword_file and fstofs.qdbpassword_file.
When we try to run xrootd@quarkdb with xrootd:xrootd. permission, it’s ok, but daemon:daemon permission is gives error. However, the permission of /etc/eos.keytab is daemon:daemon and which has use to define in “redis.password_file /etc/eos.keytab”, “mgmofs.qdbpassword_file /etc/eos.keytab” and “fstofs.qdbpassword_file /etc/eos.keytab”. It has make confused and mismatch.
Kindly update. What are the correct permission of password file i.e. eos.keytab or else which are use in redis.password_file, mgmofs.qdbpassword_file and fstofs.qdbpassword_file?
In our case, we copy /etc/eos.keytab to /etc/xrootd/eos.keytab with permission xrootd:xrootd, and specify redis.password_file to /etc/xrootd/eos.keytab. It works well.
There are different ways in which you can run the QuarkDB service. Probably the most simple thing to do is to have the quarkdb service run under user daemon. In this way the /etc/eos.keytab file does not need to change ownership. All the eos related services normally run under user daemon.
As an example you can run quarkdb with the following customization drop-in:
[esindril@esdss000 ~]$ sudo systemctl status xrootd@quarkdb
● xrootd@quarkdb.service - XRootD xrootd daemon instance quarkdb
Loaded: loaded (/usr/lib/systemd/system/xrootd@.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/xrootd@quarkdb.service.d
└─custom.conf
Active: active (running) since Thu 2021-03-25 22:17:56 CET; 6 days ago
Docs: man:xrootd(8)
http://xrootd.org/docs.html
Main PID: 21971 (xrootd)
CGroup: /system.slice/system-xrootd.slice/xrootd@quarkdb.service
└─21971 /usr/bin/xrootd -l /var/log/xrootd/xrootd.log -c /etc/xrootd/xrootd-quarkdb.cfg -k fifo -s /var/run/xrootd/xrootd-quarkdb.pid -n quarkdb
Mar 25 22:17:56 esdss000.cern.ch systemd[1]: Started XRootD xrootd daemon instance quarkdb.