Seeding a node

A seed file is an archive file, generated from the Leader, that contains all the files necessary for configuring a node as either a Standby or a Follower. These seed files contain secrets, such as certificate private keys and data keys.

Seeding a node involves copying a seed file from the Leader to the node you want to configure as a Standby or Follower, and then unpacking the seed file.

You can do this in one of the following ways. Choose the method that aligns with your organization's security and operational procedures.

Method

Description

Streaming via SSH

Opens two SSH connections from your local computer: one to the Leader, and one to the node you are configuring. The seed file is streamed from the output from the Leader into the input of the node you are configuring.

Advantages

  • The seed file never touches disk (most secure)
  • Simpler

Disadvantages

Requires SSH access to both VMs (which may not always be possible)

Manual transport

Generates a file on the Leader which is copied to your local computer and then to the node you are configuring, or directly from the Leader to the node you are configuring.

Advantages

Flexible for a highly restrictive environment

Disadvantages

  • Requires a number of steps
  • The seed is present on local disk
  • The seed needs to be manually removed after transfer

Streaming via SSH

This section describes how to stream a seed file via SSH to the node you want to configure and unpack the file.

Manual transportation

This section describes how to manually transport the seed file to the node you want to configure and unpack the file.

To seed a node manually:

  1. Connect to the Leader via SSH:

     
    $ ssh -i "<path to Leader .pem file>" <user@leader-dns>
  2. Generate the seed file:

  3. Exit the Leader session:

     
    $ exit
  4. Copy the seed file from the Leader to your local machine:

     
    $ scp -i <path to Leader .pem file> <user@leader-dns>:/tmp/<seed-file-name>.tar ./
  5. Copy the seed file from your local machine to the node you are configuring:

     
    $ scp -i <path to node .pem file> ./<seed-file-name>.tar <user@node-dns>:/tmp/<seed-file-name>.tar
  6. Unpack the seed file on the node you are configuring.
    1. Connect to the node via SSH:

       
      $ ssh -i "<path to node .pem file>" <user@node-dns>
    2. Copy the seed file into the container:

       
      $ docker cp /tmp/<seed-file-name>.tar <node-container-name>:/tmp/<seed-file-name>.tar
    3. Unpack the seed file:

       
      $ docker exec <node-container-name> evoke unpack seed /tmp/<seed-file-name>.tar
    4. Remove the seed file from the node:

       
      $ rm /tmp/<seed-file-name>.tar
    5. Exit the node session:

       
      $ exit
  7. Remove the seed file from your local machine:

     
    $ rm /<seed-file-name>.tar