{question}
How do I enable SSL upon initial deployment of a cluster?
{question}
{answer}
SSL is enabled with these variables: ssl_cert, ssl_key, ssl_ca
For external connections only you need to enable ssl_cert and ssl_key. For intra cluster SSL it is required that you provide the CA you used with the cert to ssl_ca.
More generally on enabling SSL in the documentation here:
In order to enable SSL upon deployment you simply need to provide the relevant variables when running the associated deployment commands. This can be achieved by using the YAML cluster file to deploy your cluster:
On that page you can see that the node configuration allows a location to set variables, and so using the base deployment file example from that page enabling SSL on deployment would look something like this:
license: <license-from-portal.singlestore.com>
memsql_server_version: <version>
package_type: <type> ← rpm, deb, or tar
hosts:
- hostname: <ip-address>
localhost: true
nodes:
- register: false
role: Master
config:
password: <secure-password>
port: 3306
variables:
ssl_cert: <path to SSL Certificate on this host>
ssl_key: <path to SSL Key on this host>
ssl_ca: <path to SSL CA on this host>
- register: false
role: Leaf
config:
password: <secure-password>
port: 3307
variables:
ssl_cert: <path to SSL Certificate on this host>
ssl_key: <path to SSL Key on this host>
ssl_ca: <path to SSL CA on this host>
Configure the cluster file for your respective topology/hosts (including all nodes) and add the SSL certificate variables to the variables section for each node (aggregators for external SSL, all nodes for intra cluster SSL).
When you run this file with sdb-admin setup-cluster (see the above documentation page for more information) it will configure SSL upon launch.
{answer}