Seeding a node
A seed file is an archive file, generated from the Leader, that contains all the files necessary for configuring a node as either a Standby or a Follower. These seed files contain secrets, such as certificate private keys and data keys.
Seeding a node involves copying a seed file from the Leader to the node you want to configure as a Standby or Follower, and then unpacking the seed file.
You can do this in one of the following ways. Choose the method that aligns with your organization's security and operational procedures.
Method |
Description |
|
---|---|---|
Streaming via SSH |
Opens two SSH connections from your local computer: one to the Leader, and one to the node you are configuring. The seed file is streamed from the output from the Leader into the input of the node you are configuring. |
|
Advantages
|
Disadvantages Requires SSH access to both VMs (which may not always be possible) |
|
Manual transport |
Generates a file on the Leader which is copied to your local computer and then to the node you are configuring, or directly from the Leader to the node you are configuring. |
|
Advantages Flexible for a highly restrictive environment |
Disadvantages
|
Streaming via SSH
This section describes how to stream a seed file via SSH to the node you want to configure and unpack the file.
For each Standby, run the following command from your local terminal (or a terminal with access to both nodes):
$
|
For example:
$
|
For each Follower, run the following from your local terminal (or a terminal with access to both nodes):
ssh -i "<path to Leader.pem file>" <user@leader-dns> "sudo docker exec <leader-container-name> evoke seed follower --replication-set <replication-set-name> <follower-dns><load-balancer-dns>" | ssh -i "<path to Follower .pem file>" <user@follower-dns> "sudo docker exec -i <follower-container-name> evoke unpack seed -"
For example
$ ssh -i "dap.pem" core@node1.production.example.com "sudo docker exec mycontainer evoke seed follower node4.production.example.com lb.production.example.com" | ssh -i "follower.pem" core@node4.production.example.com "sudo docker exec -i mycontainer evoke unpack seed -"
evoke seed follower
command, the Follower is added to the default full
replication set and all secrets will be replicated to it.Manual transportation
This section describes how to manually transport the seed file to the node you want to configure and unpack the file.
To seed a node manually:
-
Connect to the Leader via SSH:
$
ssh -i "<path to Leader .pem file>" <user@leader-dns>
-
Generate the seed file:
Standby$
docker exec <leader-container-name> evoke seed standby <standby-dns> > /tmp/<seed-file-name>.tar
where <seed-file-name> is the name you give to the seed file you are generating, for example,
standby
.Follower$
docker exec <leader-container-name> evoke seed follower <follower-dns> > /tmp/<seed-file-name>.tar
where <seed-file-name> is the name you give to the seed file you are generating, for example,
follower
. -
Exit the Leader session:
$
exit
-
Copy the seed file from the Leader to your local machine:
$
scp -i <path to Leader .pem file> <user@leader-dns>:/tmp/<seed-file-name>.tar ./
-
Copy the seed file from your local machine to the node you are configuring:
$
scp -i <path to node .pem file> ./<seed-file-name>.tar <user@node-dns>:/tmp/<seed-file-name>.tar
- Unpack the seed file on the node you are configuring.
Connect to the node via SSH:
$
ssh -i "<path to node .pem file>" <user@node-dns>
Copy the seed file into the container:
$
docker cp /tmp/<seed-file-name>.tar <node-container-name>:/tmp/<seed-file-name>.tar
Unpack the seed file:
$
docker exec <node-container-name> evoke unpack seed /tmp/<seed-file-name>.tar
Remove the seed file from the node:
$
rm /tmp/<seed-file-name>.tar
Exit the node session:
$
exit
-
Remove the seed file from your local machine:
$
rm /<seed-file-name>.tar