In this cluster all three nodes have been configured with TLS enabled, and the names are changed to reflect the three certificates:
axoniq.axonserver.nameandaxoniq.axonserver.hostnamehave been set to "axonserver-1" to "axonserver-3"axoniq.axonserver.domainis set to a test domain, "megacorp.com".- Because we now have a domain set, the "
...autocluster.first" setting needs a FQDN so it will match correctly. - The first group of SSL settings are for the HTTP port, and configure it with the PKCS12 keystore.
- The second group of SSL settings are for the gRPC-ports, and configure the PEM key and certificate, as well as the (self-signed) CA certificate to validate the other nodes' certificates.
As with "First Up EE", start node-1 with:
$ ./startup.sh node-1
$You can stop a node with shutdown.sh and clean up with cleanup.sh.
NOTES
-
When you want to add the first user, change to node-1's directory to let the CLI pick up the system token, and make sure to run it with
java -jarso the current working directory isn't changed to the location of the JAR file. Als you'll need to adjust the URL so it mentions HTTPS:java -jar ../../../axonserver-cli.jar users -S https://axonserver-1.megacorp.com:8024 -
The
gen-ca-cert.shscript can be used (just like in the SE example) to generate a self-signed certificate, which will be used as Certificate Authority:./gen-ca.sh -c NL --state Provincie --city Stad --org MegaCorp axonserver.megacorp.com -
The
gen-cert.shscript can be used to generate the certificates for the nodes, for example:./gen-cert.sh -c NL --state Provincie --city Stad --org MegaCorp axonserver-1.megacorp.com -
As before, you'll need to add the FQDNs into your hosts file.