9.5.2.3. tpm cert: Getting Started - Conversion to Custom-Generated Security Files Example

In the following example, we take an existing cluster that was installed using Tungsten-self-generated security files and convert it to use custom-generated security files.

The basic security file conversion steps are:

  • Ensure three tpm config options exist and point to the correct files:

    shell> tpm query config | grep datasource_mysql_ssl
      datasource_mysql_ssl_ca (tpm option: datasource-mysql-ssl-ca)
      datasource_mysql_ssl_cert (tpm option: datasource-mysql-ssl-cert)
      datasource_mysql_ssl_key (tpm option: datasource-mysql-ssl-key)
  • Generate all standard security files and place into {certsdir} on ONE node only

    shell> tpm cert gen all
  • Display new files info as json for standard cert files in {certsdir}

    shell> tpm cert info all
  • Copy new files to all other cluster nodes

    shell> tpm copy --gen
  • Display example tungsten.ini contents

    shell> tpm cert example ini
  • Add those lines to the /etc/tungsten/tungsten.ini on ALL cluster nodes

    shell> tpm cert vi ini
  • Place the cluster into MAINTENANCE mode

    shell> tpm policy -m
  • Display the directory that the software was installed from:

    shell> tpm query staging
  • Update the cluster software to use the new security files in {certsdir} which will restart the Tungsten processes:

    shell> cd {staging_dir_from_above}
    shell> tools/tpm update --replace-release
  • Once all cluster updates are done, return the cluster to AUTOMATIC mode

    shell> tpm policy -a