Change to a directory outside of the currently installed Tungsten
Do this to ensure that the OpenSSL key and encrypted file are available after upgrades and other operations.
Create an OpenSSL key
In this example we will use a 1024-bit RSA private key to do the encryption and decryption. There are many options for encrypting and decrypting files but this documentation will not explore those. The same process will work with other encryption techniques. You must ensure that the decryption command runs without user input.
openssl genrsa -out usermap.pem 1024
Create the encrypted file of
tungsten secret nyc_sjc sjc tungsten_sjc secret sjc tungsten_nyc secret nyc
Create an encrypted version of the file:
openssl rsautl -encrypt -inkey usermap.pem -in user.map.entries -out user.map.entries.ssl
Test decryption of the encrypted file:
openssl rsautl -decrypt -inkey usermap.pem -in user.map.entries.ssl
This should return the unencrypted
tungsten secret nyc_sjc tungsten_sjc secret sjc tungsten_nyc secret nyc
Update the installed and configured
... # Examples: # user tungstenuser has password secret and uses 'sjc_nyc' composite # data service, but prefers nyc site for reading: # tungstenuser secret sjc_nyc nyc
Now add a
to point to the encrypted file and certificate:
@script openssl rsautl -decrypt -inkey /opt/continuent/share/usermap.pem -in /opt/continuent/share/user.map.entries.ssl ...
Repeat the process on each host. The
file will be copied to the new version when you upgrade Tungsten so
this process must only be completed once per host.