Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.1 Manual
Page in Other Manuals
Tungsten Replicator 7.1 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.1 Manual

       > 5. Deployment: Security
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST API (APIv2)
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
5. Deployment: Security
Parent Sections
5.1. Enabling Security
5.2. Disabling Security
5.3. Creating Suitable Certificates
5.4. Installing from a Staging Host with Custom Certificates
5.5. Installing via INI File with Custom Certificates
5.6. Installing via INI File with CA-Signed Certificates
5.7. Replacing the JGroups Certificate from a Staging Directory
5.8. Replacing the TLS Certificate from a Staging Directory
5.9. Removing JGroups Encryption from a Staging Directory
5.10. Removing JGroups Encryption via INI File
5.11. Removing TLS Encryption from a Staging Directory
5.12. Removing TLS Encryption via INI File
5.13. Enabling Tungsten<>Database Security
5.5. Installing via INI File with Custom Certificates
Prev  ^UpChapter 5. Deployment: Security Next

5.5. Installing via INI File with Custom Certificates

5.5.1. Installing via INI File with Manually-Generated Certificates
5.5.2. Installing via INI File with Certificates Generated by tpm cert

Follow the steps in Section 5.3, “Creating Suitable Certificates” to create JGroups and TLS certificates.

5.5.1. Installing via INI File with Manually-Generated Certificates

  1. Transfer the generated certificates to the same path on all hosts.

  2. Update your configuration to specify these certificates and the keystore password: 

    java-tls-keystore-path=/etc/tungsten/secure/tungsten_tls_keystore.jks
java-jgroups-keystore-path=/etc/tungsten/secure/tungsten_jgroups_keystore.jceks
java-keystore-password=mykeystorepass

5.5.2. Installing via INI File with Certificates Generated by tpm cert

  1. Transfer the generated certificates to the same path on all hosts using your preferred method.

    Available as of Version 7.1.0, the tpm copy command can copy the generated files to all hosts for you if you have password-less SSH configured to all nodes. 

    ## Perform a dry-run pass (-n) to test SSH
## and display the commands that would have been run
## to copy the generated files
shell> tpm copy --gen -n

## Copy the generated files
## and display the command executed (-x)
shell> tpm copy --gen -x

  2. Update your configuration to specify these certificates and the keystore password:

    If you used the tpm cert command (available as of v7.1.0) to generate files for you, they will be located in the $CONTINUENT_ROOT/generated directory by default. 

    java-tls-keystore-path=/opt/continuent/generated/tungsten_tls_keystore.jks
java-jgroups-keystore-path=/opt/continuent/generated/tungsten_jgroups_keystore.jceks
java-keystore-password=mykeystorepass
Prev Up Next
5.4. Installing from a Staging Host with Custom Certificates  ^Level 5.6. Installing via INI File with CA-Signed Certificates
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits