Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-49572

[Upgrade] Sample buckets loading failed in mixed mode

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 7.1.0
    • tools
    • None
    • Centos 7 64 bit; CB EE 7.1.0-1717

    Description

      Problem
      Sample bucket fail to load in mixed mode, with an authentication error

      Node 44 error.log

      		 
      2021-11-16T02:15:41.630-08:00 JSON import failed: failed to execute cluster operations: failed to execute bucket operation for bucket 'beer-sample': failed to transfer index definitions for bucket 'beer-sample': failed to transfer views: failed to set view definitions: failed to put view definitions: failed to put view definition: failed to execute request: failed to execute request: exhausted retry count after 3 retries, last error: authentication error executing 'PUT' request to '/couchBase/beer-sample/_design%2Fbeer' check credentials
      		 
      JSON import failed: authentication error executing 'PUT' request to '/couchBase/beer-sample/_design%2Fbeer' check credentials

      I was trying out something on these lines.
      Steps to Reproduce
      1. Create a 2 node 6.6.3-9808 build cluster such that each node has all services except cbas. Nodes are 172.23.105.215 172.23.107.44
      2. Load travel-sample and beer-sample buckets.
      3. Create and upload x509 certs. Since this is a pre-neo cluster, node pkeys will be un-encrypted and in pkcs#1 format
      4. Enable n2n encryption to "all"
      5. Now graceful-failover 172.23.107.44 node. Stop the couchbase server on the node and upgrade the node's server to 7.1.0-1717, and start the server back.
      Also, since this node is now on Neo, convert the un-encrypted pkcs#1 pkey to encrypted pkcs#8 key. ie;

      openssl pkcs8 -in pkey.key -topk8 -v2 des3 -out enckey.key
      		 

      rm -rf pkey.key
      		 

      mv enckey.key pkey.key

      6. Reload .44 node's certificate (since we changed the pkey), and supply the passphrase of the pkey using a script

      #!/bin/bash
      		 
      echo "sumedh"
      		 

      curl -X POST -v -u Administrator:password http://localhost:8091/node/controller/reloadCertificate -d '{"privateKeyPassphrase": {"type": "script", "path": "passphrase.sh", "timeout": 5000, "trim":"true"}}'

      7. Recover the .44 node. - At this point we have a 2 node mixed mode cluster.
      8. Drop both sample buckets.
      9.Install sample buckets again - this fails. 

      Notes
      The Neo node was using encrypted pkcs#8 pkey while the pre-neo node was using a regular un-encrypted pkcs#1 key, and probably thats why some authentication error occurred.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MB-48461 [Mixed Versions] Unable to load travel-sample bucket

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              sumedh.basarkod Sumedh Basarkod (Inactive)
              sumedh.basarkod Sumedh Basarkod (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty