Documentation

Mistake on this page? Email us
DocsDeploymentInstallationInstalling Secure Factory ServiceInstalling additional nodes

Installing additional nodes

Export the common cluster configuration

On the first node (HOST1):

Run the export command to export the common cluster configuration file:

$ ./sfn export
$

This creates an encrypted output file and a key password that can decrypt the file:

==================================================
Secure Factory Service
==================================================
Cluster resources compressed and encrypted under: /service-deployment/prod/cluster_export_2019-12-18.bin
File password: WkgbynIoYn9htw
NOTE: Password is mandatory for setting up secondary nodes.

By default, the output filename is cluster_export_YYYY-MM-DD.bin, and the file is generated in the script folder. You can use the --output argument to specify a different filename and path.

Note: You must run the start command on the first node before running the export command.

Prepare the nodes

On each of the additional nodes:

  1. Copy the cluster_export_YYYY-MM-DD.bin file from the first node to the new node. You need the password to decrypt the output file on the new node.

  2. Extract the contents of the ZIP archive:

    tar -C <extraction path> -xvzf secure_factory_<Secure Factory version>.tar.gz

    Where <extraction path> is an existing directory to which you have administrator permissions.

  3. Set an installation path by defining the FACTORY_HOME_DIR environment variable:

    export FACTORY_HOME_DIR=<installation path>

    Where <installation path> must be different from the <extraction path> to which you extracted the tar.gz file.

    Note: Add export FACTORY_HOME_DIR=<installation path> to your .bashrc file to have the environment variable be available after signing out.

    If you do not set an installation path, the script installs Secure Factory Service in the /usr/local/arm/secure_factory path by default. In most systems, using this path requires root access rights or explicitly granting the user read and write access rights.

Set up and install the nodes

On each of the additional nodes:

  1. Run the setup command and pass the --cluster-import flag with the name of the output file generated on the first node:

    $ ./sfn setup --cluster-import <path to the cluster_export_YYYY-MM-DD.bin file>
$

    The Secure Factory Node (sfn) CLI tool prompts you to enter the file password generated on the first node.

  2. Run the start command and wait until services are ready:

    $ ./sfn start
$

    You can check the services' status with the status command.

    You can check the database cluster status with the db status command. Verify that all nodes are up, and that one node is in PRIMARY state and the others are in SECONDARY state consistent with the cluster configuration.

    The node is installed and ready when the status of all services is healthy.

Adding a third node after installing only two nodes

We recommend installing all three cluster nodes together.

However, if you do not have three nodes available, you can install two nodes and later add the third to the cluster.

To add a third Secure Factory Service node when two nodes are already running:

  1. On one of the two running nodes:

    1. Run the db status command and check that there is a MongoDB cluster member with State: Primary:

      $ ./sfn db status
$

    2. In the <extraction path>/prod/config.properties file, set HOST3= <IP address/name of the new node>.

    3. Run the setup command and pass the --cluster-update flag:

      $ ./sfn setup --cluster-update
$

    4. Run the export command to export the common cluster configuration file:

      $ ./sfn export
$

      This creates an encrypted output file and a key password that can decrypt the file:

      ==================================================
Secure Factory Service
==================================================
Cluster resources compressed and encrypted under: /service-deployment/prod/cluster_export_2019-12-18.bin
File password: WkgbynIoYn9htw
NOTE: Password is mandatory for setting up secondary nodes.

      By default, the output filename is cluster_export_YYYY-MM-DD.bin, and the file is generated in the script folder. You can use the --output argument to specify a different filename and path.

  2. Copy the cluster_export_YYYY-MM-DD.bin file from the first node to the new node. You need the password to decrypt the output file on the new node.

  3. On the new node:

    1. Extract the contents of the ZIP archive:

      tar -C <extraction path> -xvzf secure_factory_<Secure Factory version>.tar.gz

      Where <extraction path> is an existing directory to which you have administrator permissions.

    2. Set an installation path by defining the FACTORY_HOME_DIR environment variable:

      export FACTORY_HOME_DIR=<installation path>

      Where <installation path> must be different from the <extraction path> to which you extracted the tar.gz file.

      Note: Add export FACTORY_HOME_DIR=<installation path> to your .bashrc file to have the environment variable be available after signing out.

      If you do not set an installation path, the script installs Secure Factory Service in the /usr/local/arm/secure_factory path by default. In most systems, using this path requires root access rights or explicitly granting the user read and write access rights.

    3. Run the start command:

      $ ./sfn start
$

      To verify that the node is running properly, run the status and db status commands.

  4. Copy the cluster_export_YYYY-MM-DD.bin file from the first node to the third node (not the new node nor the node from which you extracted the cluster configuration file).

  5. On the third node:

    1. Run the stop command:

      $ ./sfn stop
$

    2. Extract the contents of the ZIP archive:

      tar -C <extraction path> -xvzf secure_factory_<Secure Factory version>.tar.gz

      Where <extraction path> is an existing directory to which you have administrator permissions.

    3. Set an installation path by defining the FACTORY_HOME_DIR environment variable:

      export FACTORY_HOME_DIR=<installation path>

      Where <installation path> must be different from the <extraction path> to which you extracted the tar.gz file.

      Note: Add export FACTORY_HOME_DIR=<installation path> to your .bashrc file to have the environment variable be available after signing out.

      If you do not set an installation path, the script installs Secure Factory Service in the /usr/local/arm/secure_factory path by default. In most systems, using this path requires root access rights or explicitly granting the user read and write access rights.

    4. Run the start command:

      $ ./sfn start
$

      To verify that the node is running properly, run the status and db status commands.

Previous Next