Index
The process of creating a new object repository cluster consists of the following steps:
Install the node certificate on the machine which will run the first node in the cluster, if it's not the same machine where the certificates got created
In all cases, adjust the permissions and the ownerships of the node's object repository cluster directory.
The process to set up a new cluster starts with a creation of a cluster certificate. This usually gets done on a machine that will be one of the nodes in the cluster, but it doesn't have to be. It's possible to create a cluster certificate on another machine, and securely copy the the entire directory that gets created:
[root@octopus ~]# stashermg --clustkey --generate --name objrepo.example.com
Created /var/stasher/clusters/objrepo.example.com...
Generating new key...
..+++++
+++++
[root@octopus ~]# ls -al /var/stasher/clusters/objrepo.example.com
total 20
drwx------ 2 daemon daemon 4096 Mar 17 16:12 .
drwxr-xr-x 3 root root 4096 Mar 17 16:12 ..
-rw-r--r-- 1 daemon daemon 4396 Mar 17 16:12 1332015126008193.crt
-rw-r--r-- 1 daemon daemon 1968 Mar 17 16:12 1332015126008193.key
The stashermg command uses default values for most
configuration settings, including the directory it creates for the new
cluster's certificate and private key. The default directory location
comes from the default configuration of stasher. --name
gives the cluster's name, and the name of the directory takes the
cluster's name by default. See stashermg(1) for more
information.
The cluster's name should generally follow the naming convention for a
DNS zone name, as means of staking ownership and
preventing name collisions not just with other
stasher object repositories, but with other applications.
stasher uses LIBCXX's httportmap service, which
advertises network-based server applications and uses
a DNS-like naming convention for applications.
Use a DNS zone name that you own or manage.
The examples in this chapter use example.com
.
The certificate and the private
key file implement access security to the cluster, and the directory gets
created without group or world permission, accordingly.
The default stasher configuration
uses “daemon” if stashermg gets invoked by
root
. Adjust the ownership and the permissions of the
cluster certificate directory as needed, according to your policies.