Details
-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
1
Description
Related to MB-9982, XDCR need a way to security send checkpoints to relevant destination nodes per vbmap. Since XDCR does not expose any external network interfaces and is not certificate aware, NS_SERVER is asked to act as a "transport proxy", assisting with hauling these payloads.
High level:
- NS_SERVER need to pass on certificate location to XDCR on bootstrap and also restart it when certs changes.
- XDCR on node A, can make a call to NS_SERVER on node B, via special proxy endpoint (_xdcr), which will be proxied to B's XDCR service.
- NS_SERVER should enforce high privileged internal service authenticate on the special xdcr endpoint .
More details about the proposal can be found here: https://docs.google.com/document/d/1eTDw3Jx0HPXoQ4_iCEwdGeRttZQzAtEl2pXplldqJDo/edit?ts=60e8b5ad
Attachments
Issue Links
- blocks
-
MB-47919 XDCR - P2P - integrate with ns_server forwarding
- Closed
-
MB-9982 XDCR should be incremental on topology changes
- Closed
-
MB-47923 XDCR - incremental topology change: Rebalance
- Closed
- has to be done before
-
MB-48599 XDCR - P2P - node to node encryption support
- Closed
- relates to
-
MB-47548 XDCR - to receive "-caFile" argument from ns_server
- Resolved
-
MB-47319 XDCR - PeerToPeer messaging framework
- Closed
For Gerrit Dashboard: MB-47316 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
157291,17 | MB-47319 - P2P messaging framework | master | goxdcr | Status: MERGED | +2 | +1 |
158121,5 | MB-47316 Add Xdcr proxy endpoints | master | ns_server | Status: MERGED | +2 | +1 |
158122,1 | MB-47316 Pass cert file to xdcr | master | ns_server | Status: ABANDONED | 0 | -1 |
158225,4 | MB-47316 Pass cert file to xdcr | master | ns_server | Status: MERGED | +2 | +1 |
158963,3 | MB-47316 - parse cert file argument from ns_server | master | goxdcr | Status: MERGED | +2 | +1 |