PM2: Share the same daemon process between multiple users
Few days ago, I encountered a situation in which, being logged into my account on a remote server, I saw completely different node processes running than being logged on the deployment account. This situation can be a problem for many developers because it reflects lack of consistency, limited control and unambiguous access to all processes running on the server. In this article, I will aim to show why this is happening and provide a solution to this problem.
How does it actually works?
In short: one PM2 instance belongs only to the user that created it. It is connected strictly to the user, not globally. It uses current user’s .pm2 directory which is stored under /home/<user>/.pm2 where configuration files are stored (e.g. socket file, which is responsible for communication between daemon and client). This behavior may be perceived as helpful for some developers due to the privacy of the instances and the lack of cases in which someone would tamper with our instances. For situations where you have a dedicated deploy user that is only destined to deploy your apps on the remote server this can be problematic. For example, you create a pipeline that builds and tests your application on external server and deploys your app on your remote server after the pipeline process succeed and reloads your PM2 instances. From time to time, something can go wrong with reloading your PM2 instance (port in use or error thrown on startup). In this case, you have to fix it manually — directly on the remote server — and let’s assume you wish to use your main account to reboot the instance. Now here comes the problem — you can’t, because you don’t see the process owned by deploy user. So, how to overcome this situation?
Solution
The solution is to create a PM2 group and a common configuration directory. Next, assign deploy user and your main account to this group. Lastly, change the ownership of the configuration directory for the PM2 group and set environment variable to use the new path for this directory while executing PM2 commands.
First, create a new group on user with sudo privileges:
$ sudo groupadd pm2Add the deploy user and yourself to this newly created group:
$ sudo usermod -a -G pm2 deploy
$ sudo usermod -a -G pm2 meCreate a common configuration PM2 directory anywhere you want (except home directory):
$ cd /etc && mkdir pm2daemonNow, go to any project that has PM2 configured and start it with:
$ PM2_HOME=/etc/pm2daemon pm2 start app.jsRunning this command will create pm2 files in your common configuration directory (it doesn’t matter which user will run this command, you only need these files generated). Now it is time to set the permissions on this directory:
$ sudo chgrp -R pm2 /etc/pm2daemon
$ sudo chmod -R 770 /etc/pm2daemonNow only members of the pm2 group can read, write, or execute anything within the directory.
Important: There might be a situation when a user will kill the daemon process with pm2 kill and create a new one with pm2 start or pm2 status. The result of this chain of operations is deletion of the socket file and creation of a new one with another group assigned — and saying more specifically — group of user that has set up this new daemon process. From this moment, the rest of users cannot access this daemon process due to lack of permissions. All you need to do is make the new files created inside the directory automatically writable by others in the group (so new files will be owned by the directory’s group instead of the creating user’s group). To do so, type:
$ sudo chmod g+s /etc/pm2daemonThe last thing to do is to tell PM2 to use the new common configuration directory instead of current user’s directory by exporting a environment variable. You can do it globally or locally per user. I prefer the second option:
$ nano ~/.bashrcCopy, paste and save:
# PM2 environment
export PM2_HOME=/etc/pm2daemonYou might have to log out and log back in to be able to see the changes.
Thanks to these commands you can view (pm2 status) and operate on common instances.
That’s it. Thanks for reading. If you liked the post, please give me an applause. If you have any questions, feel free to ask them in the comments!
