Secured Mode ============ Manta Manager ------------- Secured mode enables TLS/SSL for encrypted communication between the Manta Manager, the Mosquitto broker, and the nodes. Follow these steps: 1. Deploy the Manta Manager in secured mode using the :code:`--secured` option: .. code:: console $ manta_manager -v --secured [09/13/24 15:45:25] INFO 2024-09-13 15:45:25,386 - manta_manager.certification_servicer - INFO - Token: 99e48b0cc48af374a5dc03a07e2b34f7 (certification_servicer.py:235) certification_servicer.py:235 INFO 2024-09-13 15:45:25,420 - manta_manager.certification_servicer - INFO - Deploy MQTT broker with: mosquitto -c .manta/certs/mosquitto.conf (certification_servicer.py:258) certification_servicer.py:258 INFO 2024-09-13 15:45:25,422 - manta_manager.manager - INFO - Certificates folder: .manta/certs (manager.py:195) manager.py:195 INFO 2024-09-13 15:45:25,427 - manta_manager.database - INFO - Connected to MongoDB at localhost:27017 (database.py:710) database.py:710 INFO 2024-09-13 15:45:25,429 - manta_manager.mqtt_client - INFO - Loading SSL certificates from .manta/certs (mqtt_client.py:41) mqtt_client.py:41 INFO 2024-09-13 15:45:25,441 - manta_manager.manager - INFO - CertificationServicer server started on localhost:50050 (manager.py:238) manager.py:238 2. Deploy Mosquitto Broker with TLS/SSL using the generated configuration file .. code:: console $ mosquitto -c .manta/certs/mosquitto.conf [22504.033687]~DLT~75210~INFO ~FIFO /tmp/dlt cannot be opened. Retrying later... 1726235128: mosquitto version 1.6.9 starting 1726235128: Config loaded from .manta/certs/mosquitto.conf. 1726235128: Opening ipv4 listen socket on port 1883. 1726235130: New connection from 127.0.0.1 on port 1883. The Manta Manager should connect to the broker automatically once the broker has started. .. code:: console [09/13/24 15:45:30] INFO 2024-09-13 15:45:30,447 - manta_manager.mqtt_client - INFO - Connected to MQTT broker: localhost:1883 (mqtt_client.py:149) mqtt_client.py:149 3. Keep the unique token .. code:: console $ cat TOKEN 2d8c3fbce5c295eef2d9f98e9f623235 .. warning:: In secured mode, the Manta Manager generates a unique token. This token must be provided to the Manta Nodes during their initialization to establish a secured TLS/SSL connection. The token is used to exchange certificates and initiate the certification signing process to generate a private key for each node. Manta Node ---------- 4. Once Docker is setup on your nodes, you can use this :code:`TOKEN` to connect your nodes to the manager : .. code:: console $ manta_node -v --secured_token=2d8c3fbce5c295eef2d9f98e9f623235 [09/13/24 15:47:02] INFO 2024-09-13 15:47:02,273 - manta_node.task_runner - INFO - Connected to docker daemon ! (task_runner.py:29) task_runner.py:29 INFO 2024-09-13 15:47:02,308 - manta_node.certification_builder - INFO - Private key generated and saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/node.key (certification_builder.py:66) certification_builder.py:66 INFO 2024-09-13 15:47:02,317 - manta_node.certification_builder - INFO - CA certificate saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/ca.crt (certification_builder.py:83) certification_builder.py:83 INFO 2024-09-13 15:47:02,319 - manta_node.certification_builder - INFO - CSR generated (certification_builder.py:107) certification_builder.py:107 INFO 2024-09-13 15:47:02,327 - manta_node.certification_builder - INFO - Signed certificate received and saved to .manta/32dcfe19fe164e75bd5068a5d65b74a7/certs/node.crt (certification_builder.py:126) certification_builder.py:126