Details
-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
7.1.0
-
None
-
Centos 7 64 bit; CB EE 7.1.0-1717
-
Untriaged
-
Centos 64-bit
-
-
1
-
Unknown
Description
Problem
Sample bucket fail to load in mixed mode, with an authentication error
Node 44 error.log |
2021-11-16T02:15:41.630-08:00 JSON import failed: failed to execute cluster operations: failed to execute bucket operation for bucket 'beer-sample': failed to transfer index definitions for bucket 'beer-sample': failed to transfer views: failed to set view definitions: failed to put view definitions: failed to put view definition: failed to execute request: failed to execute request: exhausted retry count after 3 retries, last error: authentication error executing 'PUT' request to '/couchBase/beer-sample/_design%2Fbeer' check credentials
|
JSON import failed: authentication error executing 'PUT' request to '/couchBase/beer-sample/_design%2Fbeer' check credentials
|
I was trying out something on these lines.
Steps to Reproduce
1. Create a 2 node 6.6.3-9808 build cluster such that each node has all services except cbas. Nodes are 172.23.105.215 172.23.107.44
2. Load travel-sample and beer-sample buckets.
3. Create and upload x509 certs. Since this is a pre-neo cluster, node pkeys will be un-encrypted and in pkcs#1 format
4. Enable n2n encryption to "all"
5. Now graceful-failover 172.23.107.44 node. Stop the couchbase server on the node and upgrade the node's server to 7.1.0-1717, and start the server back.
Also, since this node is now on Neo, convert the un-encrypted pkcs#1 pkey to encrypted pkcs#8 key. ie;
openssl pkcs8 -in pkey.key -topk8 -v2 des3 -out enckey.key
|
rm -rf pkey.key
|
mv enckey.key pkey.key
|
6. Reload .44 node's certificate (since we changed the pkey), and supply the passphrase of the pkey using a script
#!/bin/bash
|
echo "sumedh"
|
curl -X POST -v -u Administrator:password http://localhost:8091/node/controller/reloadCertificate -d '{"privateKeyPassphrase": {"type": "script", "path": "passphrase.sh", "timeout": 5000, "trim":"true"}}'
|
7. Recover the .44 node. - At this point we have a 2 node mixed mode cluster.
8. Drop both sample buckets.
9.Install sample buckets again - this fails.
Notes
The Neo node was using encrypted pkcs#8 pkey while the pre-neo node was using a regular un-encrypted pkcs#1 key, and probably thats why some authentication error occurred.
Attachments
Issue Links
- duplicates
-
MB-48461 [Mixed Versions] Unable to load travel-sample bucket
- Closed