8

Alternate Address and Port Support for Couchbase/N1QL Clusters

 2 years ago
source link: https://dzone.com/articles/alternate-address-amp-port-support-for-couchbasen1
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Alternate Address and Port Support for Couchbase/N1QL Clusters

In order to connect to Couchbase deployments on cloud (AWS, Azure, or GCP) or Kubernetes, we support multi-addresses in the form of alternate addresses.

Join the DZone community and get the full member experience.

Join For Free

External applications use this facility to communicate with the cluster, but not directly to the nodes. These settings allow internal access to a router or other networked entity that provides interfaces on the cluster’s behalf.

When setting up alternate addresses, we can also set up alternate port numbers. The best example for the alternate address setup is AWS public and private IP addresses. Each node has a Private IP and DNS but they can also assign a public IP and DNS record. Those public IPs can be either statically or dynamically assigned.

The clients then connect to the public host and ports as seen under the external address section in the nodeServices information under the pools/default/nodesServices Rest endpoint.

Nodes access in the cloud or internal network

Port Forwarding Couchbase Instance on AWS

One important step when setting up alternate addresses is port forwarding. When alternate addresses are provisioned, the mapping from external host and port to internal ports must be done by a network administrator. The client can then use the external address and port to connect to the service. 

Once within the network (a user connects to an external facing address, internal to the deployment where the port mapping takes place), the external port will be mapped to the internal port to access the service based on authorization. This can be done on AWS using the steps outlined here.

Depending on what is accessible outside the firewall (port-level access), the client can send queries to that service. Once alternate external addresses and ports are provisioned the Couchbase ns_server service updates REST endpoints: 

  1. pools/default
  2. pools/nodes
  3. pools/default/buckets, pools/default/buckets/<bucket-name>, pools/default/buckets/<bucket-name>/nodes
  4. pools/default/b/<bucket-name>, pools/default/bs/<bucket-name>
  5. poolsStreaming/default
  6. pools/default/bucketsStreaming/<bucket-name>
  7. pools/default/nodesServices, pools/default/nodesServicesStreaming

Internally, Couchbase services don’t need to restart on new ports and only the client should allow connections to a particular host/port based on information available in the nodeServices property under the external attribute.

The nodeServices REST endpoint shows the mapping of hosts and ports:

"alternateAddresses": {
       "external": {
         "hostname": "ec2-3-140-253-252.us-east-2.compute.amazonaws.com",
         "ports": {
           "mgmt": 8891,
           "mgmtSSL": 18891,
           "n1ql": 9000,
           "n1qlSSL": 19000

Alternate Address Setup Steps 

1 – Setup the Couchbase cluster and use REST calls or CLI to set up alternate addresses:

$ curl -v -X PUT -u [admin]:[password]  http://[ip-address]:8091/node/controller/setupAlternateAddresses/external  [-d hostname=<alternate-address> ] [-d <service-name>=<alternate-port-number> ]

$ couchbase-cli setting-alternate-address [--cluster <url>] [--username <user>] [--password <password>] [--list] [--set] [--remove] [--hostname <host>] [--ports <ports>]

In the example below, the external address becomes cluster.com for internal node 172.23.104.92. It also sets the new N1QL external port to 9000.

$ couchbase-cli setting-alternate-address -c 172.23.104.92 -u Administrator -p password  --hostname cluster.com --set --node 172.23.104.92 --ports n1ql=9000,n1qlSSL=19000

2 – Modify /etc/hosts to contain access to cluster.com.  

3 – For port forwarding on a virtual machine,  we can use the following command for the Query service running on port 8093.

$ iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 9000 -j REDIRECT --to-port 8093

Then list the current forwarding settings to confirm:

$ iptables -L -n -t nat

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination        

REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9000 redir ports 8093

List the alternate address settings:

$ /opt/couchbase/bin/couchbase-cli setting-alternate-address -c 172.23.104.92 -u Administrator -p password --list Hostname

Alternate Address | Ports (Primary/Alternate) | capi | capiSSL | fts | ftsGRPC | ftsGRPCSSL | ftsSSL | indexAdmin | indexHttp | indexHttps | indexScan | indexStreamCatchup | indexStreamInit | indexStreamMaint | kv | kvSSL | mgmt | mgmtSSL | n1ql | n1qlSSL | projector

172.23.104.92  - cluster.com                  | 8092/8092 | 18092/180928094/8094 | 9130/9130 | 19130/1913018094/180949100/9100 | 9102/9102 | 19102/191029101/9101 | 9104/9104 | 9103/9103 | 9105/9105 | 11210/1121011207/112078091/8091 | 18091/180918093/8093 | 18093/180939999/9999

In order to use the cbq query tool to access alternate addresses, use the network config or nfcg option and set it to external. This allows us to run queries:

$ ./cbq -u Administrator -p password -e ec2-***.us-east-2.compute.amazonaws.com:9000 -ncfg external 

Connected to : http://ec2-***.us-east-2.compute.amazonaws.com:9000/. 

Type Ctrl-D or \QUIT to exit. 

Path to history file for the shell: /root/.cbq_history  

cbq>


Refer to the Couchbase documentation here for more cluster, networking, and alternate address usage. 


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK