Chapter 1. Setting up a new cluster (with one, initial, node)


Create a cluster certificate
Create a node certificate
Contents of the cluster node directory
Install the node certificate directory
Start the first node's server process
Define the first node's configuration
Specify who should get the logs mailed to them

The process of creating a new object repository cluster consists of the following steps:

Create a cluster certificate

The process to set up a new cluster starts with a creation of a cluster certificate. This usually gets done on a machine that will be one of the nodes in the cluster, but it doesn't have to be. It's possible to create a cluster certificate on another machine, and securely copy the the entire directory that gets created:

[root@octopus ~]# stashermg --clustkey --generate --name
Created /var/stasher/clusters/
Generating new key...
[root@octopus ~]# ls -al /var/stasher/clusters/
total 20
drwx------ 2 daemon daemon 4096 Mar 17 16:12 .
drwxr-xr-x 3 root   root   4096 Mar 17 16:12 ..
-rw-r--r-- 1 daemon daemon 4396 Mar 17 16:12 1332015126008193.crt
-rw-r--r-- 1 daemon daemon 1968 Mar 17 16:12 1332015126008193.key

The stashermg command uses default values for most configuration settings, including the directory it creates for the new cluster's certificate and private key. The default directory location comes from the default configuration of stasher. --name gives the cluster's name, and the name of the directory takes the cluster's name by default. See stashermg(1) for more information.

The cluster's name should generally follow the naming convention for a DNS zone name, as means of staking ownership and preventing name collisions not just with other stasher object repositories, but with other applications. stasher uses LIBCXX's httportmap service, which advertises network-based server applications and uses a DNS-like naming convention for applications. Use a DNS zone name that you own or manage. The examples in this chapter use

The certificate and the private key file implement access security to the cluster, and the directory gets created without group or world permission, accordingly. The default stasher configuration uses daemon if stashermg gets invoked by root. Adjust the ownership and the permissions of the cluster certificate directory as needed, according to your policies.