Secured Mode¶
Manta Manager¶
Secured mode enables TLS/SSL for encrypted communication between the Manta Manager, the Mosquitto broker, and the nodes. Follow these steps:
Deploy the Manta Manager in secured mode using the
--securedoption:
$ manta_manager -v --secured
[09/13/24 15:45:25] INFO 2024-09-13 15:45:25,386 - manta_manager.certification_servicer - INFO - Token: 99e48b0cc48af374a5dc03a07e2b34f7 (certification_servicer.py:235) certification_servicer.py:235
INFO 2024-09-13 15:45:25,420 - manta_manager.certification_servicer - INFO - Deploy MQTT broker with: mosquitto -c .manta/certs/mosquitto.conf (certification_servicer.py:258) certification_servicer.py:258
INFO 2024-09-13 15:45:25,422 - manta_manager.manager - INFO - Certificates folder: .manta/certs (manager.py:195) manager.py:195
INFO 2024-09-13 15:45:25,427 - manta_manager.database - INFO - Connected to MongoDB at localhost:27017 (database.py:710) database.py:710
INFO 2024-09-13 15:45:25,429 - manta_manager.mqtt_client - INFO - Loading SSL certificates from .manta/certs (mqtt_client.py:41) mqtt_client.py:41
INFO 2024-09-13 15:45:25,441 - manta_manager.manager - INFO - CertificationServicer server started on localhost:50050 (manager.py:238) manager.py:238
Deploy Mosquitto Broker with TLS/SSL using the generated configuration file
$ mosquitto -c .manta/certs/mosquitto.conf
[22504.033687]~DLT~75210~INFO ~FIFO /tmp/dlt cannot be opened. Retrying later...
1726235128: mosquitto version 1.6.9 starting
1726235128: Config loaded from .manta/certs/mosquitto.conf.
1726235128: Opening ipv4 listen socket on port 1883.
1726235130: New connection from 127.0.0.1 on port 1883.
The Manta Manager should connect to the broker automatically once the broker has started.
[09/13/24 15:45:30] INFO 2024-09-13 15:45:30,447 - manta_manager.mqtt_client - INFO - Connected to MQTT broker: localhost:1883 (mqtt_client.py:149) mqtt_client.py:149
Keep the unique token
$ cat TOKEN
2d8c3fbce5c295eef2d9f98e9f623235
Warning
In secured mode, the Manta Manager generates a unique token. This token must be provided to the Manta Nodes during their initialization to establish a secured TLS/SSL connection. The token is used to exchange certificates and initiate the certification signing process to generate a private key for each node.
Manta Node¶
Once Docker is setup on your nodes, you can use this
TOKENto connect your nodes to the manager :
$ manta_node -v --secured_token=2d8c3fbce5c295eef2d9f98e9f623235
[09/13/24 15:47:02] INFO 2024-09-13 15:47:02,273 - manta_node.task_runner - INFO - Connected to docker daemon ! (task_runner.py:29) task_runner.py:29
INFO 2024-09-13 15:47:02,308 - manta_node.certification_builder - INFO - Private key generated and saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/node.key (certification_builder.py:66) certification_builder.py:66
INFO 2024-09-13 15:47:02,317 - manta_node.certification_builder - INFO - CA certificate saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/ca.crt (certification_builder.py:83) certification_builder.py:83
INFO 2024-09-13 15:47:02,319 - manta_node.certification_builder - INFO - CSR generated (certification_builder.py:107) certification_builder.py:107
INFO 2024-09-13 15:47:02,327 - manta_node.certification_builder - INFO - Signed certificate received and saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/node.crt (certification_builder.py:126) certification_builder.py:126