Database Replication and Clustering
By default, security is disabled for the entire installation.
Security can be enabled by using the
--disable-security-controls=false
option
to the tpm command:
--disable-security-controls=false
This has the same effect as adding
--file-protection-level=0027
,
--rmi-ssl=true
,
--thl-ssl=true
,
--rmi-authentication=true
,
--jgroups-ssl=true
.
Installing from a staging host will automatically generate certificates and configuration for a secured installation. No further changes or actions are required.
For INI-based installations, there are additional steps required to copy the needed certificate files to all of the nodes. Please see Section 2.8.1.2, “Enabling Security using the INI Method” for details.
Security can be enabled either during initial installation or via an update.
For many reasons, it is much easier to enable SSL at install time. Both procedures follow below.
Enabling During Install
Security can be enabled at install time by using the
--disable-security-controls=false
option to the tpm configure command.
shell>tools/tpm configure defaults --disable-security-controls=false \ [...the rest of the configuration options...]
shell>tools/tpm install
Installing from a staging host will automatically generate certificates and configuration for a secured installation. No further changes or actions are required.
Enabling Post-Installation
Security can be enabled after install time by using the
--disable-security-controls=false
option to the tpm configure command followed by a
special invocation of the tpm update command..
shell>tools/tpm configure defaults --disable-security-controls=false
shell>tools/tpm update --replace-jgroups-certificate --replace-tls-certificate --replace-release
This update will force all running processes to be restarted. Connectors MUST be done at the same time or they will no longer be able to communicate with the managers.
Security can be enabled either during initial installation or via an update.
For many reasons, it is much easier to enable SSL at install time. Both procedures follow below.
Enabling During Install
First, configure the tungsten.ini
file as
follows:
disable-security-controls=false
start-and-report=false
Next, do the fresh install on each node, which will generate new, different certificates on every node.
shell> tools/tpm install
You must then select one of the nodes and copy that node's certificate files to all other nodes.
For example, to seed a 6-node composite cluster, login to db1 and copy both the main and backup files to the other five nodes:
shell>for i in `seq 2 6`; do scp /opt/continuent/share/[jpt]* db$i:/opt/continuent/share/; done
shell>for i in `seq 2 6`; do scp /opt/continuent/share/.[jpt]* db$i:/opt/continuent/share/; done
On all nodes:
shell> startall
Enabling Post-Installation
Security can be enabled after install time by updating the
tungsten.ini
file, followed by a special invocation
of the tpm update command on all nodes.
First, configure the tungsten.ini
file as
follows:
disable-security-controls=false
start-and-report=false
Enable Maintenance mode on the cluster
shell>cctrl -multi
cctrl>use world
cctrl>set policy maintenance
Do the update on each node, which will generate new, different certificates on every node.
This update procedure will force all running Tungsten processes to be stopped. Connectors MUST be done at the same time or they will no longer be able to communicate with the Managers.
shell>stopall
shell>tpm query staging
shell>cd {staging_directory}
shell>tools/tpm update --replace-jgroups-certificate --replace-tls-certificate --replace-release
As with a fresh install, you must then select one of the nodes and copy that node's certificate files to all other nodes:
For example, to seed a 6-node composite cluster, login to db1 and copy both the main and backup files to the other five nodes:
shell>for i in `seq 2 6`; do scp /opt/continuent/share/[jpt]* db$i:/opt/continuent/share/; done
shell>for i in `seq 2 6`; do scp /opt/continuent/share/.[jpt]* db$i:/opt/continuent/share/; done
On all nodes:
shell> startall