Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-48442

cbindex tool error out with Enforce TLS

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 7.0.2
    • 7.1.0
    • secondary-index
    • Windows EE 7.0.2 build 6660

    Description

      Travel-sample bucket is loaded on TLS Node 172.23.97.164 and non-TLS node 172.23.97.87

      Executed command on non tls secure node as:

      >cbindex -auth Administrator:password -type list -server 172.23.97.87:8091

      output observed as:
      List of indexes:
      Index:travel-sample/inventory/route/def_inventory_route_primary, Id:1667201654179651132, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/route/def_inventory_route_route_src_dst_day, Id:18271820907677053075, Using:plasma, Exprs:[`sourceairport` `destinationairport` (distinct (array (`v`.`day`) for `v` in `schedule` end))], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/route/def_inventory_route_sourceairport, Id:2386486678153069064, Using:plasma, Exprs:[`sourceairport`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_airportname, Id:12625133344317792425, Using:plasma, Exprs:[`airportname`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/landmark/def_inventory_landmark_city, Id:159275999615544163, Using:plasma, Exprs:[`city`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_icao, Id:422617046396907007, Using:plasma, Exprs:[`icao`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_faa, Id:2428007221441456188, Using:plasma, Exprs:[`faa`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_type, Id:815201306377249645, Using:plasma, Exprs:[`type`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_name_type, Id:16742536040119875109, Using:plasma, Exprs:[`name`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/airport/def_inventory_airport_city, Id:17203118707115376375, Using:plasma, Exprs:[`city`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_schedule_utc, Id:15500229156900552400, Using:plasma, Exprs:[array (`s`.`utc`) for `s` in `schedule` end], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/route/def_inventory_route_schedule_utc, Id:265094997597885098, Using:plasma, Exprs:[array (`s`.`utc`) for `s` in `schedule` end], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/airline/def_inventory_airline_primary, Id:18230467674916370242, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/airport/def_inventory_airport_primary, Id:4539660667870222702, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/airport/def_inventory_airport_faa, Id:4637677140338315702, Using:plasma, Exprs:[`faa`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_primary, Id:5674513941158190087, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/airport/def_inventory_airport_airportname, Id:11818623545909728512, Using:plasma, Exprs:[`airportname`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_city, Id:16651704564650183640, Using:plasma, Exprs:[`city`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_route_src_dst_day, Id:18345465127568518268, Using:plasma, Exprs:[`sourceairport` `destinationairport` (distinct (array (`v`.`day`) for `v` in `schedule` end))], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/_default/_default/def_sourceairport, Id:11295654157094092328, Using:plasma, Exprs:[`sourceairport`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/hotel/def_inventory_hotel_city, Id:1141966385752400431, Using:plasma, Exprs:[`city`], isPrimary:false
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/landmark/def_inventory_landmark_primary, Id:33021985937360376, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:
      Index:travel-sample/inventory/hotel/def_inventory_hotel_primary, Id:5537717976547084782, Using:plasma, Exprs:[], isPrimary:true
      State:INDEX_STATE_ACTIVE, Error:

       

      When executed on TLS port :

      >cbindex -auth Administrator:password -type list -server 172.23.97.164:18091
      2021/09/13 22:21:36 revrpc: Got error (unexpected EOF) and will retry in 1s
      2021/09/13 22:21:37 revrpc: Got error (unexpected EOF) and will retry in 1s
      2021/09/13 22:21:38 revrpc: Got error (unexpected EOF) and will retry in 1s
      2021/09/13 22:21:38 revrpc: Got error (unexpected EOF) and will retry in 1s
      2021/09/13 22:21:39 revrpc: Got error (unexpected EOF) and will retry in 1s
      2021/09/13 22:21:39 revrpc: Got error (unexpected EOF) and will retry in 1s

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Build couchbase-server-7.1.0-1410 contains indexing commit 515ac54 with commit message:
            MB-48442: cbindexperf allow TLS connections.

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-1410 contains indexing commit 515ac54 with commit message: MB-48442 : cbindexperf allow TLS connections.
            sai.teja Sai Krishna Teja added a comment - - edited

            Added support for TLS in cbindexperf - One change is still in unstable branch

            Steps to use it in Strict TLS Mode:

            1. Start a server with one node > the number of nodes needed for the perf test
            2. Add any service but kv n1ql or indexing on that node, say eventing, so that we don't impact the test
            3. Run the below commands from the extra node
            4. export CBAUTH_REVRPC_URL="http://Administrator:asdasd@127.0.0.1:8091/query"
            5. ./cbindexperf -cluster 127.0.0.1:8091 -auth="Administrator:asdasd" -configfile /<path/to>/scan.json -resultfile result.json -use_tls -cacert ./cacert

            Note: Above work around is needed due to the NOTE in earlier comment.

            sai.teja Sai Krishna Teja added a comment - - edited Added support for TLS in cbindexperf - One change is still in unstable branch Steps to use it in Strict TLS Mode: Start a server with one node > the number of nodes needed for the perf test Add any service but kv n1ql or indexing on that node, say eventing, so that we don't impact the test Run the below commands from the extra node export CBAUTH_REVRPC_URL="http://Administrator:asdasd@127.0.0.1:8091/query" ./cbindexperf -cluster 127.0.0.1:8091 -auth="Administrator:asdasd" -configfile /<path/to>/scan.json -resultfile result.json -use_tls -cacert ./cacert Note: Above work around is needed due to the NOTE in earlier comment.

            In tls=all mode we will be able to run cbindex and cbindexperf in tls mode.

            ➜ ✗ export CBAUTH_REVRPC_URL="http://Administrator:asdasd@172.16.12.49:8091/query"
            ➜ ✗ cbindexperf -cluster 172.16.12.49:8091  -auth="Administrator:asdasd" -configfile ~/Config/scan_ts.json -resultfile result.json -use_tls -cacert ./cacert
            Log Level = error
            GsiClients warmed up ...
            Throughput = 60037 rows/sec
            2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100.  Error = read tcp 172.16.30.91:58681->172.16.12.33:9100: use of closed network connection. Kill Pipe.
            2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100.  Error = read tcp 172.16.30.91:58672->172.16.12.33:9100: use of closed network connection. Kill Pipe.
            2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100.  Error = read tcp 172.16.30.91:58679->172.16.12.33:9100: use of closed network connection. Kill Pipe.
            

            sai.teja Sai Krishna Teja added a comment - In tls=all mode we will be able to run cbindex and cbindexperf in tls mode. ➜ ✗ export CBAUTH_REVRPC_URL="http://Administrator:asdasd@172.16.12.49:8091/query" ➜ ✗ cbindexperf -cluster 172.16.12.49:8091 -auth="Administrator:asdasd" -configfile ~/Config/scan_ts.json -resultfile result.json -use_tls -cacert ./cacert Log Level = error GsiClients warmed up ... Throughput = 60037 rows/sec 2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100. Error = read tcp 172.16.30.91:58681->172.16.12.33:9100: use of closed network connection. Kill Pipe. 2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100. Error = read tcp 172.16.30.91:58672->172.16.12.33:9100: use of closed network connection. Kill Pipe. 2021-10-05T13:56:30.283+05:30 [Error] PeerPipe.doRecieve() : ecounter error when received mesasage from Peer 172.16.12.33:9100. Error = read tcp 172.16.30.91:58679->172.16.12.33:9100: use of closed network connection. Kill Pipe.

            Build couchbase-server-7.1.0-1426 contains indexing commit ef31c12 with commit message:
            MB-48442: Fix SetTLSConfigAndCACert to load caFile

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-1426 contains indexing commit ef31c12 with commit message: MB-48442 : Fix SetTLSConfigAndCACert to load caFile

            Verified with perf test on 7.1.0-1745

            vikas.chaudhary Vikas Chaudhary added a comment - Verified with perf test on 7.1.0-1745

            People

              vikas.chaudhary Vikas Chaudhary
              deepika.verma Deepika Verma (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty