2.9.1. Enabling Security

By default, security is disabled for the entire installation.

Security can be enabled during initial installation by using the --disable-security-controls=false option to the tpm command:

Important

Installing from a staging host will automatically generate certificates and configuration for a secured installation. No further changes or actions are required.

For INI-based installations, there are additional steps required to copy the needed certificate files to all of the nodes. Please see Section 2.9.1.1, “Enabling Security using the INI Method” for details.

2.9.1.1. Enabling Security using the INI Method

  • First, configure the tungsten.ini file as follows:

    
    disable-security-controls=false
    start-and-report=false
      
  • Next, do the fresh install on each node, which will generate new, different certificates on every node.

    You must then select one of the nodes and copy that node's certificate files to all other nodes.

    For example, to seed a 6-node composite cluster, login to db1 and copy both the main and backup files to the other five nodes:

    shell> for i in `seq 2 6`; do scp /opt/continuent/share/[jpt]* db$i:/opt/continuent/share/; done
    shell> for i in `seq 2 6`; do scp /opt/continuent/share/.[jpt]* db$i:/opt/continuent/share/; done
  • On all nodes:

    shell> startall