Cronicle icon indicating copy to clipboard operation
Cronicle copied to clipboard

Published 20 hours ago verified publisher icon jhuckaby

Can use for tasks different cronicle primary servers with single remote cronicle agents (backups)?

Open asyslinux opened this issue 2 years ago • 2 comments

Sorry for stupid question, can use for tasks different Cronicle primary servers with single remote Cronicle agents (backups)?

This is need in my case for divide access rights. First primary Cronicle with users shell plugins with restricted access to create tasks from root user. Second Cronicle only for root tasks, this Cronicle I want to be installed separately and will connect to all Cronicle backup servers.

Or I need separate install second Cronicle also on all backup servers?

Thanks.

asyslinux avatar Nov 16 '21 11:11 asyslinux

Not a stupid question, but I am having trouble understanding it.

Are you asking how you can have two different Cronicle primary servers, but they share a set of worker servers? If so, then this is technically possible, but it is rather tricky to set up. The only way to do it is to run Cronicle on separate ports, and have two copies of Cronicle running on your backup servers. Unfortunately the Cronicle installer always installs to /opt/cronicle/ so you'd have to somehow hack this, or install it from source, in another directory as the second running instance.

So you'd have:

  • Cronicle Primary Server 1 (port 3012)
  • Worker Server 1 (port 3012)
  • Worker Server 2 (port 3012)

Then separately you'd have:

  • Cronicle Primary Server 2 (port 3013)
  • Worker Server 1 (port 3013)
  • Worker Server 2 (port 3013)

The tricky part in this setup is the worker servers. They need TWO copies of Cronicle running, one on port 3012 (this one you can install normally), and another copy of Cronicle running on another port (3013 in this example). The second copy is going to be difficult, because the software needs to be installed to a separate directory, so you'll have to install it from source.

This is not going to be easy, and I don't recommend doing it, but it is technically possible.

jhuckaby avatar Nov 17 '21 02:11 jhuckaby

Understand, yes I mean to have - two different Cronicle primary servers, but they share a set of worker servers.

Ok, I will make a custom setup of different workers and primary server in different folder and on other tcp ports, because I need to have a separate Cronicle for create tasks from root user for security purposes.

I will too make a modification to worker agents with disabled ability to run tasks from root 0 uid, because normally any Administrator of any Cronicle server can manually create a shell-plugin with root access.

May be better to make a modification in Cronicle with restriction of create tasks with root shell-plugin, but for me is more secure to have fully separated instance of primary Cronicle server.

Thank You for reply.

asyslinux avatar Nov 17 '21 17:11 asyslinux