The process to set up a new cluster starts with a creation of a cluster certificate. This usually gets done on a machine that will be one of the nodes in the cluster, but it doesn't have to be. It's possible to create a cluster certificate on another machine, and securely copy the the entire directory that gets created:

The stashermg command uses default values for most configuration settings, including the directory it creates for the new cluster's certificate and private key. The default directory location comes from the default configuration of stasher. --name gives the cluster's name, and the name of the directory takes the cluster's name by default. See stashermg(1) for more information.

The cluster's name should generally follow the naming convention for a DNS zone name, as means of staking ownership and preventing name collisions not just with other stasher object repositories, but with other applications. stasher uses LIBCXX's httportmap service, which advertises network-based server applications and uses a DNS-like naming convention for applications. Use a DNS zone name that you own or manage. The examples in this chapter use example.com.

The certificate and the private key file implement access security to the cluster, and the directory gets created without group or world permission, accordingly. The default stasher configuration uses “daemon” if stashermg gets invoked by root. Adjust the ownership and the permissions of the cluster certificate directory as needed, according to your policies.