Setting up CTE Components and a SingleStore Cluster

Example SingleStore Cluster Configuration

Here’s an example SingleStore cluster configuration file (cluster_single_host.yaml). This file defines the configuration used in later examples in this document. The values enclosed in angle brackets (<>) and tar_install_dir and memsql_server_file_path may be different in your configuration:

license: <INSERT_LICENSE_HERE>
hosts:
- hostname: <YOUR_HOST_NAME>
  localhost: false
  ssh:
    host: <YOUR_HOST_NAME>
    user: memsql
    private_key: <PATH_TO_SSH_PRIVATE_KEY>
  tar_install_dir: /home/memsql/memsql
  nodes:
  - role: Master
    config:
      port: 3306
      bind_address: 0.0.0.0
  - role: Aggregator
    config:
      port: 3307
      bind_address: 0.0.0.0
  - role: Leaf
    config:
      port: 3308
      bind_address: 0.0.0.0
  - role: Leaf
    config:
      port: 3309
      bind_address: 0.0.0.0
memsql_server_file_path: /shared/builds/memsql-server-7.1.11.tar.gz
root_password: <INSERT_PASSWORD_HERE>

Run sdb-deploy setup-cluster --cluster-file cluster_single_host.yaml

Preparing DSM

Before installing the CTE agent, configure the host in the DSM Admin as follows. This is necessary so you can register it during the CTE installation.

1. Log in to the DSM Web GUI.

2. Create a domain called SingleStoreDomain.

3. Log in to the DSM Web GUI with the user assigned to the SingleStoreDomain.

4. Once logged in, go to Domains -> Switch Domains.

5. Select SingleStoreDomain and click Switch to domain. Once you switch domains, you will see the new menu options: Hosts, Keys.

6. Select the Hosts menu option and click Add to add a new host.

7. If you are using cloud based hosts, use the local IP address when adding the host since that remains static on reboot. This way you will not lose your CTE host configured guard points (they will be added after the agent installation). Select FS for fingerprint key exchange. When you click Ok, the host should appear in the list of hosts.

You should now be able to install the CTE 6.3.1.74 agent.

Installing CTE Agent Software

1. Copy the binary provided by Thales to the instance configured at the previous step. It is named something like: vee-fs-6.3.1-74-ubuntu18-x86_64.bin

2. SSH to the instance and go to the folder where the vee-fs installation binary is saved.

3. Run the following commands

   Shell

   Copy

   sudo su

   Shell

   Copy

   chmod 775 ./vee-fs-6.3.1-74-ubuntu18-x86_64.bin

   Shell

   Copy

   ./vee-fs-6.3.1-74-ubuntu18-x86_64.bin

4. You will be presented with several prompts. For the following prompts, use these answers (answer other prompts as you want):

   • Please enter the primary Security Server host name: DSM public DNS, e.g. ec2-3-123-39-192.eu-central-1.compute.amazonaws.com. It must be the same as the Server name shown on the DSM dashboard.

   • Please enter the host name of this machine, or select from the following list: Select 2, i.e. local IP

   • Would you like to register to the Security Server using a registration shared secret (S) or using fingerprints (F)? (S/F) [S]: Answer F

   • It is possible to associate this installation with the hardware of this machine: Answer N

   • Do you want this host to have LDT support enabled on the server? Answer N

   • Do the fingerprints match? (You should check the fingerprint at the Dashboard of the primary DSM and then answer Y)

Now you should have your agent installed and ready to use.

Some troubleshooting tips:

If you were not able to successfully register the host, you can run /opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host after you fix the issues, e.g. add the host to the DSM.

If you need to reinstall the CTE agent, you can run dpkg -r vee-fs, and then repeat the procedure from the beginning.

If DSM cannot connect to the host after the registration, you can go the Hosts -> Hosts page, select the current host, disable the Registration Allowed and Communication Enabled checkboxes, and then click Apply. Then re-check these checkboxes and click Apply again.