Setting up CTE Components and a SingleStoreDB Cluster
On this page
This document describes how to configure CTE components on a SingleStoreDB cluster, via an example.
Here’s an example SingleStoreDB cluster configuration file (
memsql_ may be different in your configuration:
license: <INSERT_LICENSE_HERE>hosts:- hostname: <YOUR_HOST_NAME>localhost: falsessh:host: <YOUR_HOST_NAME>user: memsqlprivate_key: <PATH_TO_SSH_PRIVATE_KEY>tar_install_dir: /home/memsql/memsqlnodes:- role: Masterconfig:port: 3306bind_address: 0.0.0.0- role: Aggregatorconfig:port: 3307bind_address: 0.0.0.0- role: Leafconfig:port: 3308bind_address: 0.0.0.0- role: Leafconfig:port: 3309bind_address: 0.0.0.0memsql_server_file_path: /shared/builds/memsql-server-7.1.11.tar.gzroot_password: <INSERT_PASSWORD_HERE>
sdb-deploy setup-cluster --cluster-file cluster_
Before installing the CTE agent, configure the host in the DSM Admin as follows.
Log in to the DSM Web GUI.
Create a domain called SingleStoreDomain.
Log in to the DSM Web GUI with the user assigned to the SingleStoreDomain.
Once logged in, go to Domains -> Switch Domains.
Select SingleStoreDomain and click Switch to domain.
Once you switch domains, you will see the new menu options: Hosts, Keys.
Select the Hosts menu option and click Add to add a new host.
If you are using cloud based hosts, use the local IP address when adding the host since that remains static on reboot.
This way you will not lose your CTE host configured guard points (they will be added after the agent installation). Select FS for fingerprint key exchange. When you click Ok, the host should appear in the list of hosts.
You should now be able to install the CTE 6.
Copy the binary provided by Thales to the instance configured at the previous step.
It is named something like:
3. 1-74-ubuntu18-x86_ 64. bin
SSH to the instance and go to the folder where the
vee-fsinstallation binary is saved.
Run the following commandssudo suchmod 775 ./vee-fs-6.3.1-74-ubuntu18-x86_64.bin./vee-fs-6.3.1-74-ubuntu18-x86_64.bin
You will be presented with several prompts.
For the following prompts, use these answers (answer other prompts as you want):
Please enter the primary Security Server host name: DSM public DNS, e.
g. ec2-3-123-39-192. eu-central-1. compute. amazonaws. com. It must be the same as the
Server nameshown on the DSM dashboard.
Please enter the host name of this machine, or select from the following list: Select 2, i.
e. local IP
Would you like to register to the Security Server using a registration shared secret (S) or using fingerprints (F)? (S/F) [S]: Answer F
It is possible to associate this installation with the hardware of this machine: Answer N
Do you want this host to have LDT support enabled on the server? Answer N
Do the fingerprints match? (You should check the fingerprint at the Dashboard of the primary DSM and then answer Y)
Now you should have your agent installed and ready to use.
Some troubleshooting tips:
If you were not able to successfully register the host, you can run
/opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_ after you fix the issues, e.
If you need to reinstall the CTE agent, you can run
dpkg -r vee-fs, and then repeat the procedure from the beginning.
If DSM cannot connect to the host after the registration, you can go the Hosts -> Hosts page, select the current host, disable the Registration Allowed and Communication Enabled checkboxes, and then click Apply.
Last modified: April 26, 2023