Critical Description
1) Enable n2n encryption:
$ ./install/bin/couchbase-cli node-to-node-encryption -c localhost:9002 -u Administrator -p --enable
|
Turned on encryption for node: http://node1.us-west-2.compute.amazonaws.com:9000
|
Turned on encryption for node: http://node2.us-west-2.compute.amazonaws.com:9001
|
Turned on encryption for node: http://node3.us-west-2.compute.amazonaws.com:9002
|
SUCCESS: Switched node-to-node encryption on
|
2) Try to change address family:
$ ./install/bin/couchbase-cli ip-family -c localhost:9002 -u Administrator -p --set --ipv6
|
ERROR: _ - Failed to update distribution configuration file. Failed to start the following required listeners: "TLS-ipv6"
|
The error itself is ok because we don't support changing of address family while n2n encryption is enabled.
The real problem is the following:
1) any attempt to change address family or n2n encryption now leads to one of the nodes (the first one in the list) loses connectivity to all other nodes (it keeps trying to restart erlang netconfig_updater, not sure if memcached and other services also restart);
2) any of the nodes can't be restarted, it simple won't start;
Attachments
| For Gerrit Dashboard: MB-37476 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 120343,3 | MB-37476: Prevent using ipv4 and ipv6 tls dist modules simultaneounsly | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
| 120586,1 | Merge remote-tracking branch 'couchbase/mad-hatter' | master | ns_server | Status: MERGED | +2 | +1 |