Propogating Users in Casual Clusters on AWS

operations

(Mike Blum+Neo4j) #1

After reading up on cluster user propogation with the enterprise edition:

https://neo4j.com/docs/operations-manual/current/security/authentication-authorization/native-user-role-management/propagate-users-and-roles/

I was wondering if anyone has used Elastic File System (https://docs.aws.amazon.com/efs/latest/ug/getting-started.html) to create a centralized AWS-managed rsync for propogating users and roles for clustered neo4j deployments?

I'd rather not to have to maintain a separate LDAP infrastructure to orchestrate user and role sync since for our deployments that is only around 5 users and accompanying roles.


(M. David Allen) #2

I have not tried this myself personally, but unfortunately I think there might be some challenges with this approach. It's a good method for setting up a shareable filesystem, but the auth and roles files I think are inside of the data directory, and what those instructions are offering you is the ability to mount a single drive. Mounting the whole drive (and hence the data directory) wouldn't permit nodes to individually manage their data, I think there'd need to be some way to mount just a file.

Separate LDAP infrastructure wouldn't be necessary though. You could set up a shell script via cron on each node to simply take a copy of this data from whatever central location you'd prefer to specify.