Providing you have a license to use Tungsten Clustering, you will be able to download the docker image from the download portal of the Continuent Website.
The image is available as a gzipped tar ball, and the following steps outline how to import and use the image
Download the correct file for your environment architecture, for example
amd64 or
arm64, and then extract the tar
ball, and load into docker, for exmple:
shell>tar xvzf tungsten-connector-docker-${VERSION}-${ARCH}.tar.gzshell>cd tungsten-connector-docker-${VERSION}shell>docker load --input tungsten-connector-${VERSION}-${ARCH}.tarshell>docker images
where:
VERSION = Tungsten Connector version with build number like 8.0.2-87
ARCH = { amd64 | arm64 }
Before launching the connector, you will need to apply a number of configuration changes so that the Connector can communicate with your cluster and act in the desired mode based on your needs.
The
compose.yaml file
The following changes to
compose.yaml are required:
Modify the
container_name:
variable.
This defines the Connector name shown in the docker ps command.
Modify the
hostname:
variable.
This defines the Connector hostname shown in the cctrl ls command.
Modify the
extra_hosts:
variable.
Uncomment this section and add the proper values if the Manager's
database server host names can't be resolved from the Connector
container docker instance. Doing so will cause the values you add as a
mapping to appear correctly as lines in the
/etc/hosts file for the Connector container
instance.
If enabling SSL security, uncomment
the SSL lines in
compose.yaml, edit
conf/tungsten.ini, and follow the instructions
under security/README.md.
If configuring Proxy Mode, uncomment
the user.map line in
compose.yaml.
If a Read-Only port or the Advanced Listeners functionality is needed:
Uncomment the
- ./conf/listeners.json
line in compose.yaml.
Modify conf/listeners.json to meet your
needs.
Provided sample compose.yaml:
services:
connector:
image: "${IMAGE_NAME}:${IMAGE_VERSION}"
container_name: connector-alpha
hostname: connector-host-alpha
ports:
# connector listen port RW
- 3306:3306
# connector listen port RO
- 3307:3307
# Prometheus exporter
- 8093:8093
# connector REST API listen port
- 8096:8096
# The below extra_hosts: section is a colon-separated list of hostnames and IPs
# that will be added to the running container's /etc/hosts file
# extra_hosts:
# - "db1:192.168.30.81"
# - "db2:192.168.30.82"
# - "db3:192.168.30.83"
volumes:
- ./conf/tungsten.ini:/etc/tungsten/tungsten.ini
# If connector-bridge-mode=false in tungsten.ini,
# the INI-defined application-user={user} will be the only available user.
# Additional users can be defined in a "user.map" file (uncomment this line to get it copied over)
# - ./conf/user.map:/opt/continuent/tungsten/tungsten-connector/conf/user.map
# For Read-Only port or advanced port-based settings, adjust listeners.json and uncomment the following line
# - ./conf/listeners.json:/opt/continuent/tungsten/tungsten-connector/conf/listeners.json
# If SSL is configured the following two lines are needed, please uncomment it
# - ./conf/security.properties:/opt/continuent/tungsten/cluster-home/conf/security.properties
# - ./security:/opt/continuent/share
restart: unless-stopped
The conf/tungsten.ini
File
Modify the conf/tungsten.ini file to match your
needs:
Set the correct service name, topology and hosts.
The
application_port
should remain as
3306
because this mapping is handled in the
compose.yaml file.
Set Proxy or Bridge mode
Bridge mode (default) -
connector-bridge-mode=true
Proxy mode -
connector-bridge-mode=false
Configure Security/SSL
Security disabled (default) -
disable-security-controls=true
Security enabled -
disable-security-controls=false
If security is enabled, also enable connector-ssl-capable:
Security disabled (default) -
connector-ssl-capable=false
Security enabled -
connector-ssl-capable=true
If security is enabled, also define connector-driver-options:
Security disabled (default) -
connector-driver-options=?useSSL=false
Security enabled -
connector-driver-options=?useSSL=true
Provided sample conf/tungsten.ini:
[defaults] application-user=app_user application-password=secret # Do not touch! It should be 3306. The mapping is done in compose.yaml application-port=3306 # This should be 2048 or higher, normally should not be touched. conn-java-mem-size=2048 # If security is enabled in compose.yaml change the value to 'false' disable-security-controls=true # If security is enabled in compose.yaml change the value to 'true' connector-ssl-capable=false # If security is enabled in compose.yaml change the value to 'true' connector-driver-options=?useSSL=false # To enable Connector Proxy Mode, change the value to 'false' connector-bridge-mode=true # IMPORTANT: Be sure to add any additional users in the conf/user.map if you enable Proxy mode [alpha] topology=clustered members=db1,db2,db3 master=db1
The .env File
Modify the .env file if you use a docker registry
where the images are kept.
Provided sample .env:
IMAGE_NAME=your-corporate-registry.com/tungsten-connector IMAGE_VERSION=8.0.2-10
Uncomment two lines in compose.yaml :
# If SSL is configured the following two lines are needed, please uncomment it - ./conf/security.properties:/opt/continuent/tungsten/cluster-home/conf/security.properties - ./security:/opt/continuent/share
Ensure that
disable-security-controls=false in
conf/tungsten.ini
Ensure that
connector-ssl-capable=true and
connector-driver-options=?useSSL=true
in conf/tungsten.ini
Copy the the following files to the security/
folder from /opt/continuent/share on an existing,
running, Tungsten Cluster node also configured with
disable-security-controls=false:
passwords.store
tungsten_keystore.jks
tungsten_truststore.ts
tungsten_connector_keystore.jks
tungsten_connector_truststore.ts
OPTIONAL - Copy the below MySQL Server certificates needed for secure SSL client access testing later on
ca.pem
client-cert.pem
client-key.pem
shell>docker compose up -dshell>docker ps
You can test the Connector using and MySQl client. Here are simple examples using the command line tool for both secure and non-secure sessions:
Without SSL Enabled
shell> mysql -h 127.0.0.1 -u app_user -psecret -P 3306With SSL Enabled
shell> mysql -h 127.0.0.1 -u app_user -psecret -P 3306 --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem --ssl-verify-server-cert=false
Stopping the Connector Container:
shell>docker stop {container_name}shell>docker ps
Starting the Connector Container:
shell>docker start {container_name}shell>docker ps
Removing the Connector Container:
Before uninstalling the docker container, you MUST ensure you are in
the original installation directory and the
compose.yaml file must
also exist in that directory.
shell>cd {ORIGINAL_INSTALL_PATH}shell>docker compose down -vshell>docker ps