This procedure is for Continuent Tungsten Version 4.x and below ONLY!
For the correct procedures for Continuent Tungsten Version 5.0 and above, please see Deployment Security (in [Tungsten Clustering for MySQL 5.0 Manual]).
Continuent Tungsten uses JMX RMI to perform remote administration and obtain information from remote hosts within the dataservice. This communication can be encrypted and authenticated.
To configure this operation two files are required, one defines the authentication configuration, the other configures the username/password combinations used to authenticate. These files and configuration are used internally by the system to authenticate.
The authentication configuration defines the users and roles. The file should match the following:
monitorRole readonly controlRole readwrite \ create javax.management.monitor.*,javax.management.timer.* \ unregister tungsten readwrite \ create javax.management.monitor.*,javax.management.timer.* \ unregister
The contents or description of this file must not be changed. Create a
file containing this information in your configuration, for example
Now a corresponding password configuration must be created using the tpasswd tool. By default, plain-text passwords are generated:
tpasswd -c tungsten password -t rmi_jmx \ -p ~/passwords.store \ -ts truststore.ts -tsp password
To use encrypted passwords, the truststore and truststore password must be
supplied so that the certificate can be loaded and used to encrypt the
supplied password. The
-e must be
specified to encrypt the password:
tpasswd -c tungsten password \ -t rmi_jmx \ -p ~/passwords.store \ -e \ -ts truststore.ts -tsp password
This creates a user,
password in the file
The password file, and the JMX security properties file will be needed during configuration. See Section 2.7.3, “Configuring the Secure Service through tpm”.