Migrate Monitoring from HTTP to HTTPS
On this page
These instructions have been developed for SingleStoreDB clusters that have been installed and deployed via
. packages as a
If your cluster was deployed via tarball as a non-
sudo user, change to the directory (
cd) in which
singlestoredb-toolbox was untarred and run all
sdb-admin commands as
To migrate an existing cluster monitoring instance from HTTP to HTTPS connections, the following additional requirements must be met.
Each Source and Metrics cluster must be running SingleStoreDB 7.
6. 24 or later, or SingleStoreDB 7. 8. 19 or later.
Clusters are managed with SingleStoreDB Toolbox 1.
14. 2 or later.
A server SSL certificate and a key signed with a CA certificate.
This guide assumes that:
The server SSL certificate file is named
The server key file is named
pem Note that the server key may be protected with a passphrase.
The CA certificate file is named
Refer to Generating SSL Certificates for an example of generating these certificates.
SingleStoreDB Toolbox is recommended for managing the clusters as automation during setup is provided through
Stop the exporter on the Source cluster.sdb-admin configure-monitoring --stop-exporter
Drop the monitoring pipelines for the Metrics cluster on the Master Aggregator.DROP PIPELINE <metrics-database>.<metrics-pipeline-name>;DROP PIPELINE <metrics-database>.<blobs-pipeline-name>;
Copy the server certificate and key to the Master Aggregator host of the Source cluster.
This certificate will be used by the exporter process and must be readable by the user under which the nodes are running on the host (typically the
Copy the CA certificate to the same file path on each host of the Metrics cluster.
Alternatively, a directory containing multiple CA certificates can be provided, and this path must be the same on all hosts.
This directory will be used by the monitoring pipelines and must be readable by the user under which the nodes are running on the host (typically the
On the Source cluster, run the following command to start the exporter.sdb-admin configure-monitoring \--exporter-user root \--exporter-password <secure-password> \--exporter-use-https \--exporter-ssl-cert=/path/to/server-cert.pem \--exporter-ssl-key=/path/to/server-key.pem \--exporter-ssl-passphrase=<passphrase>
--exporter-ssl-passphraseoption should only be included if the server key has a passphrase.
Refer to configure-monitoring for additional options, including
On the Metrics cluster, resume monitoring.sdb-admin start-monitoring \--database-name metrics \--exporter-host=<exporter-hostname-or-IP-address> \--user root \--password=<secure-password> \--retention-period 10 \--ssl-ca=/path/to/ca-cert.pem --or----ssl-capath=/ca-directory/including/path
Refer to start-monitoring for additional options.
Repeat the following steps for each Source cluster.
Last modified: April 3, 2023