This page includes an overview and notes on full production deployment of Clyman. A step-by-step walkthrough for setting up a secured, single-node deployment is also available in the Advanced Walkthrough.
A full deployment of Clyman involves several steps:
Each component has it’s own encryption and authentication layers.
Clyman instances can be deployed in clusters, along with Crazy Ivan. Each cluster can utilize the same or different databases.
Clyman can load configuration values from Consul and/or Vault, and uses SSL encryption with HTTP Basic Authentication for transactions. Events (sent via UDP) utilize AES symmetric encryption.
Many configuration values are cluster-specific. This allows us to set, for example, separate encryption keys by cluster.
Deploying a Consul Cluster is covered in detail on the Consul webpage.
Clyman uses the Consul KV Store for unsecured configuration values, as well as using Consul for Service Discovery. It can utilize SSL encryption, as well as the ACL layer.
Deploying a Mongo Cluster is covered in detail here.
Mongo in containers is also supported. Either way, once Mongo servers are active, they need to be registered with Consul in order to be picked up by Service Discovery. This can be done with curl, for example:
curl -X PUT -d ‘{“ID”: “mongo”, “Name”: “mongo”, “Tags”: [“Primary”], “Address”: “localhost”, “Port”: 27017}’ http://127.0.0.1:8500/v1/agent/service/register
Deploying a Vault Cluster is covered in detail on the Vault webpage.
Clyman can utilize the following Secret Stores: