Create a certificate for a new cluster node

After a new cluster with its first node gets created, the next step is to add additional nodes to the cluster. At this point, the cluster is fully functional, but it only has one node. Use the following process to add another node to a new cluster, or to add another node to an existing cluster at some later time.

Creating a new cluster node starts with the first step of creating the new node's certificate. This needs to be done on the machine where the cluster certificates get stored, and is very similar to the process of creating the certificate for the first node in the cluster:

[root@octopus ~]# stashermg --nodekey --generate --name=monster /var/stasher/clusters/objrepo.example.com
Created /var/stasher/newnodes/monster...
Generating new key...
..+++++
.+++++
Warning: server not running, certificates are installed locally.
Certificate installed, connecting to server
Server is not running
[root@octopus ~]# scp -pr /var/stasher/newnodes/monster monster:/var/stasher/nodes/objrepo.example.com
rootcerts.pem                                 100% 4396     4.3KB/s   00:00    
cert.pem                                      100% 6285     6.1KB/s   00:00    
properties                                    100%  348     0.3KB/s   00:00    
[root@octopus ~]# rm -rf /var/stasher/newnodes/monster

In this example, as in previous examples, the cluster certificate and one of the cluster's nodes (the first node in the cluster) was installed on the octopus machine. This example creates a certificate for a new node called monster. All nodes in the cluster must have unique names. See stashermg(1) for more information on other optional parameters to stashermg.

As described previously, the default location for new node directories created by stashermg in the default stasher package is /var/stasher/newnodes, and stasher's startup scripts starts cluster node servers from /var/stasher/nodes. After creating the new cluster's first node, that runs on the same machine, the newly-created node directory gets simply renamed. For other nodes, after the node certificate gets created, and stashermg creates the new node directory, it simply gets copied to another machine, then removed from the machine that stores the cluster certificates that are required to create the node.

When copying the newly-created node certificate and directory to another machine, care must be taken to properly preserve the correct ownership and permissions of its contents. The above example uses scp -p -r, and assumes that the new node in the cluster uses the same file permissions and security model that the existing node.