Integrity check
Enterprise Edition
Tarantool Cluster Manager is a part of the Enterprise Edition.
TCM supports the integrity check mechanism. The integrity check mechanism in TCM verifies the digital signature of centralized configuration files. It ensures that TCM only applies configurations that are signed with a trusted private key.
This mechanism allows TCM to:
- Update the configuration with integrity check support
- Detect unauthorized changes in centralized configuration
| Parameter | Description | Type | Default |
|---|---|---|---|
| security.integrity-check | Enables signature validation | bool | false |
| security.signature-private-key-file | Path to the private key for signing configuration | string | "" |
Integrity check can be enabled directly in the TCM configuration file:
# tcm.yaml security: integrity-check: true signature-private-key-file: /etc/tcm/private_key.pem Note
The integrity-check-period option works only in the tt + Tarantool setup, where tt periodically verifies the integrity of the running instance. In TCM, this option is not used, as the component only uploads and verifies configuration signatures and does not interact directly with the database. Moreover, TCM cannot stop Tarantool execution in case of an integrity check failure — this behavior is specific to tt when Tarantool is started with the --integrity-check and --integrity-check-period options. Read details about tt integrity check in its documentation.