Bringing up a new named DC after original creation where both Node->Node encryption and SSL-Client-Auth are active in the original DC and no outage is acceptable

Implementing node -> node encryption - can be done with no downtime and no cluster splitting:

1. Create all certs, .truststores and .keystores and deploy them onto nodes in the old DC
2. On all nodes in the old DC set: internode_encryption: dc
3. Perform a rolling restart of all nodes in the old DC
3. Prepare all the nodes on the new DC with their certs, .truststores and .keystores and set: internode_encryption: all
4. Bring up the new DC

Summary: The old DC will talk to the new DC encrypted. 
And the new DC would talk everywhere encrypted.

seeds list points to one of the orig DCs
cassandra.yaml: autobootstrap=false
nodetool rebuild
ip-address of opsc_server for new agents
need to generate new keystores and truststores for ALL nodes ?

Troubleshooting

DSE service does not start up in time. get an OS LSB service exception:

WAIT_FOR_START

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

faq.md

faq.md

Bringing up a new named DC after original creation where both Node->Node encryption and SSL-Client-Auth are active in the original DC and no outage is acceptable

Troubleshooting

DSE service does not start up in time. get an OS LSB service exception:

Files

faq.md

Latest commit

History

faq.md

File metadata and controls

Bringing up a new named DC after original creation where both Node->Node encryption and SSL-Client-Auth are active in the original DC and no outage is acceptable

Troubleshooting

DSE service does not start up in time. get an OS LSB service exception: