Skip to main content

Setting up CTE Components and a SingleStoreDB Cluster

This document describes how to configure CTE components on a SingleStoreDB cluster, via an example. You will need to substitute versions, file path names, IP address, domain names, and so on, as appropriate for your installation. Ubuntu 16.04 and SingleStoreDB (formerly MemSQL) 7.1.11 are used in this example, but similar configurations using other supported Linux distributions and SingleStoreDB versions work. The example here uses AWS; if you’re hosting the software in your own data center or on another cloud platform, you’ll have to adjust the steps appropriately for your environment.

Example SingleStoreDB Cluster Configuration

Here’s an example SingleStoreDB cluster configuration file (cluster_single_host.yaml). This file defines the configuration used in later examples in this document. The values enclosed in angle brackets (<>) and tar_install_dir and memsql_server_file_path may be different in your configuration:

license: <INSERT_LICENSE_HERE>
hosts:
- hostname: <YOUR_HOST_NAME>
  localhost: false
  ssh:
    host: <YOUR_HOST_NAME>
    user: memsql
    private_key: <PATH_TO_SSH_PRIVATE_KEY>
  tar_install_dir: /home/memsql/memsql
  nodes:
  - role: Master
    config:
      port: 3306
      bind_address: 0.0.0.0
  - role: Aggregator
    config:
      port: 3307
      bind_address: 0.0.0.0
  - role: Leaf
    config:
      port: 3308
      bind_address: 0.0.0.0
  - role: Leaf
    config:
      port: 3309
      bind_address: 0.0.0.0
memsql_server_file_path: /shared/builds/memsql-server-7.1.11.tar.gz
root_password: <INSERT_PASSWORD_HERE>

Run sdb-deploy setup-cluster --cluster-file cluster_single_host.yaml

Preparing DSM

Before installing the CTE agent, configure the host in the DSM Admin as follows. This is necessary so you can register it during the CTE installation.

  1. Log in to the DSM Web GUI.

  2. Create a domain called SingleStoreDomain.

  3. Log in to the DSM Web GUI with the user assigned to the SingleStoreDomain.

  4. Once logged in, go to Domains -> Switch Domains.

  5. Select SingleStoreDomain and click Switch to domain. Once you switch domains, you will see the new menu options: Hosts, Keys.

  6. Select the Hosts menu option and click Add to add a new host.

  7. If you are using cloud based hosts, use the local IP address when adding the host since that remains static on reboot. This way you will not lose your CTE host configured guard points (they will be added after the agent installation). Select FS for fingerprint key exchange. When you click Ok, the host should appear in the list of hosts.

You should now be able to install the CTE 6.3.1.74 agent.

Installing CTE Agent Software

  1. Copy the binary provided by Thales to the instance configured at the previous step. It is named something like: vee-fs-6.3.1-74-ubuntu18-x86_64.bin

  2. SSH to the instance and go to the folder where the vee-fs installation binary is saved.

  3. Run the following commands

    sudo su
    
    chmod 775 ./vee-fs-6.3.1-74-ubuntu18-x86_64.bin
    ./vee-fs-6.3.1-74-ubuntu18-x86_64.bin
  4. You will be presented with several prompts. For the following prompts, use these answers (answer other prompts as you want):

    • Please enter the primary Security Server host name: DSM public DNS, e.g. ec2-3-123-39-192.eu-central-1.compute.amazonaws.com. It must be the same as the Server name shown on the DSM dashboard.

    • Please enter the host name of this machine, or select from the following list: Select 2, i.e. local IP

    • Would you like to register to the Security Server using a registration shared secret (S) or using fingerprints (F)? (S/F) [S]: Answer F

    • It is possible to associate this installation with the hardware of this machine: Answer N

    • Do you want this host to have LDT support enabled on the server? Answer N

    • Do the fingerprints match? (You should check the fingerprint at the Dashboard of the primary DSM and then answer Y)

Now you should have your agent installed and ready to use.

Some troubleshooting tips:

If you were not able to successfully register the host, you can run /opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host after you fix the issues, e.g. add the host to the DSM.

If you need to reinstall the CTE agent, you can run dpkg -r vee-fs, and then repeat the procedure from the beginning.

If DSM cannot connect to the host after the registration, you can go the Hosts -> Hosts page, select the current host, disable the Registration Allowed and Communication Enabled checkboxes, and then click Apply. Then re-check these checkboxes and click Apply again.