Continuent Documentation

Manual Home
Tungsten Replicator 7.1 Manual
Page in Other Manuals
Tungsten Clustering (for MySQL) 7.1 Manual
Breadcrumbs
> Tungsten Replicator 7.1 Manual

       > 6. Deployment: Security

       > 6.1. Enabling Security
Chapters
Preface
1. Introduction
2. Deployment Overview
3. Deploying MySQL Extractors
4. Deploying Appliers
5. Deployment: Advanced
6. Deployment: Security
7. Operations Guide
8. Command-line Tools
9. The tpm Deployment Command
10. Tungsten REST API (APIv2)
11. Replication Filters
12. Performance and Tuning
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
6.1. Enabling Security
Parent Sections
6.1.1. Enabling Security using the Staging Method
6.1.2. Enabling Security using the INI Method
6.1.1. Enabling Security using the Staging Method
Prev  ^Up6.1. Enabling Security Next

6.1.1. Enabling Security using the Staging Method

Security will be enabled during initial install by default, should you choose to disable at install, then these steps will guide you in the process to enable as part of a post-install update

Enabled During Install

As mentioned, security is enabled by default. This is controlled by the --disable-security-controls=false. If not supplied, the default is false. You can choose to specify this in your configuration for transparency if you wish. 

shell> tools/tpm configure defaults --disable-security-controls=false \
[...the rest of the configuration options...]
shell> tools/tpm install

The above configuration (and the default) will assume that your database has been configured with SSL enabled. The installation will error and fail if this is not the case. You must manually ensure database SSL has been enabled prior to issuing the install. Steps to enable this can be found in Section 6.10.1, “Enabling Database SSL”

If you DO NOT want to enable database level SSL, then you must also include the following option in the tpm configure command above: 

--enable-connector-ssl=false
--datasource-enable-ssl=false

Important

Installing from a staging host will automatically generate certificates and configuration for a secured installation. No further changes or actions are required.

Enabling Post-Installation

If, at install time, you disabled security (by specifying --disable-security-controls=true) you can enable it by changing the value to false. 

shell> tools/tpm configure defaults --disable-security-controls=false
shell> tools/tpm update --replace-jgroups-certificate --replace-tls-certificate --replace-release

The above configuration will assume that your database has been configured with SSL enabled. The update will error and fail if this is not the case. You must manually ensure database SSL has been enabled prior to issuing the update. Steps to enable this can be found in Section 6.10.1, “Enabling Database SSL”

If you DO NOT want to enable database level SSL, then you must also include the following options in the tpm configure command above: 

--enable-connector-ssl=false
--datasource-enable-ssl=false

Following the update, you will also need to manually re-sync the certificates and keystores to all other nodes within your configuration. The following example uses scp for the copy and uses db1 as the primary source for the files to be copied. Adjust accordingly for your environment.

  1. Sync Certificates and Keystores to all nodes 

    db1> for host in db2 db3 db4 db5 db6; do
scp /opt/continuent/share/[jpt]* ${host}:/opt/continuent/share
scp /opt/continuent/share/.[jpt]* ${host}:/opt/continuent/share
done

  2. Restart all components, on all hosts 

    shell> replicator restart

Warning

This update will force replicator processes to be restarted.

Prev Up Next
6.1. Enabling Security  ^Level 6.1.2. Enabling Security using the INI Method
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits