Continuent Ltd

Database Replication and Clustering

Continuent Documentation

Search:
Manual Home
Continuent Tungsten 4.0 Manual
Page in Other Manuals
Tungsten Clustering for MySQL 5.0 Manual
Tungsten Replicator 4.0 Manual
Breadcrumbs
» Continuent Tungsten 4.0 Manual

       » 2. Deployment

       » 2.7. Deploying SSL Secured Replication and Administration
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Operations Guide
6. Tungsten Connector
7. Tungsten Manager
8. Command-line Tools
9. The tpm Deployment Command
10. Replication Filters
11. Performance and Tuning
A. Release Notes
B. Prerequisites
C. Terminology Reference
D. Files, Directories, and Environment
E. Internals
F. Troubleshooting
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
2.7. Deploying SSL Secured Replication and Administration
Parent Sections
2.7.1. Creating the Truststore and Keystore
2.7.2. SSL and Administration Authentication
2.7.3. Configuring the Secure Service through tpm
2.7.4. Configuring Connector SSL
2.7.5. Connector SSL Example Procedure
2.7.2. SSL and Administration Authentication
Prev 2.7. Deploying SSL Secured Replication and Administration Next

2.7.2. SSL and Administration Authentication

Continuent Tungsten uses JMX RMI to perform remote administration and obtain information from remote hosts within the dataservice. This communication can be encrypted and authenticated.

To configure this operation two files are required, one defines the authentication configuration, the other configures the username/password combinations used to authenticate. These files and configuration are used internally by the system to authenticate.

The authentication configuration defines the users and roles. The file should match the following: 

monitorRole   readonly
controlRole   readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister
tungsten      readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister

The contents or description of this file must not be changed. Create a file containing this information in your configuration, for example jmxremote.access

Now a corresponding password configuration must be created using the tpasswd tool. By default, plain-text passwords are generated: 

shell> tpasswd -c tungsten password 
    -t rmi_jmx \
    -p ~/password.store \
    -ts truststore.ts -tsp password

To use encrypted passwords, the truststore and truststore password must be supplied so that the certificate can be loaded and used to encrypt the supplied password. The -e must be specified to encrypt the password: 

shell> tpasswd -c tungsten password \
    -t rmi_jmx \
    -p ~/password.store \
    -e \
    -ts truststore.ts -tsp password

This creates a user, tungsten, with the password password in the file ~/password.store.

The password file, and the JMX security properties file will be needed during configuration. See Section 2.7.3, “Configuring the Secure Service through tpm.

Prev Up Next
2.7.1. Creating the Truststore and Keystore Home 2.7.3. Configuring the Secure Service through tpm