Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-49879

Alter Index failure when nodes have un encrypted ports in encryption mode all

    XMLWordPrintable

Details

    • Triaged
    • 1
    • Unknown

    Description

      ALTER INDEX `travel-sample`.country_idx
      WITH

      {"action": "replica_count", "num_replica": 2, "nodes": ["127.0.0.1:9001", "127.0.0.1:9002", "127.0.0.1:9003"]}

      Will fail when encryption is enabled.

      The issues was introduced where we started supporting the use of encrypted ports from the query. We were only using un encrypted port numbers always.
      The design is to support

      • only un encrypted port numbers when encryption was disabled
      • both un-encrypted and encrypted port numbers when encryption was set to all
      • only encrypted port numbers when encryption was strict

      But after the change only encrypted ports are working in encryption mode all which breaks backwards compatibility.

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            As discussed with Sai, we have covered both Create and Alter index queries where node and ports are used.

            Hence closing the ticket.

            hemant.rajput Hemant Rajput added a comment - As discussed with Sai, we have covered both Create and Alter index queries where node and ports are used. Hence closing the ticket.

            Hemant Rajput
            Reopening to check if further testing is needed
            Might need to check other use cases where user can specify the host:port.

            sai.teja Sai Krishna Teja added a comment - Hemant Rajput Reopening to check if further testing is needed Might need to check other use cases where user can specify the host:port.

             

            Steps to validate - 

            1. Create a 3 node cluster kv:query-index-index
            2. Enable N2N encryption and set level to all

              [root@node1-cb660-centos7 ~]# cd /opt/couchbase/bin/
              [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-autofailover -c localhost:8091 -u Administrator -p password --enable-auto-failover=0
              SUCCESS: Auto-failover settings modified
              [root@node1-cb660-centos7 bin]# ./couchbase-cli node-to-node-encryption -c localhost:8091 -u Administrator -p password --enable
              Turned on encryption for node: http://10.112.205.101:8091
              Turned on encryption for node: http://10.112.205.102:8091
              Turned on encryption for node: http://10.112.205.103:8091
              SUCCESS: Switched node-to-node encryption on
              [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-security -c localhost:8091 -u Administrator -p password --set --cluster-encryption-level all
              SUCCESS: Security settings updated
              [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-autofailover -c localhost:8091 -u Administrator -p password --enable-auto-failover=1 --auto-failover-timeout=120 --max-failovers=1
              SUCCESS: Auto-failover settings modified
              

            1. Create a index with 0 replica

              CREATE INDEX idx2 ON test.test_scope_1.test_collection_1(name, age, join_yr) with {"num_replica":0};

            1. Now use alter index to change replica count to 2 with non-encrypted port

              alter index idx2 on test.test_scope_1.test_collection_1 WITH
              {"action": "replica_count", "num_replica": 1, "nodes": ["10.112.205.102:8091", "10.112.205.103:8091"]};

            1. Use alter index to change replica count to 1 on the node where index was not created initially using encrypted port

              alter index idx2 on test.test_scope_1.test_collection_1 WITH
              {"action": "replica_count", "num_replica": 0, "nodes": ["10.112.205.102:18091"]};

            hemant.rajput Hemant Rajput added a comment -   Steps to validate -  Create a 3 node cluster kv:query-index-index Enable N2N encryption and set level to all [root@node1-cb660-centos7 ~]# cd /opt/couchbase/bin/ [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-autofailover -c localhost:8091 -u Administrator -p password --enable-auto-failover=0 SUCCESS: Auto-failover settings modified [root@node1-cb660-centos7 bin]# ./couchbase-cli node-to-node-encryption -c localhost:8091 -u Administrator -p password --enable Turned on encryption for node: http://10.112.205.101:8091 Turned on encryption for node: http://10.112.205.102:8091 Turned on encryption for node: http://10.112.205.103:8091 SUCCESS: Switched node-to-node encryption on [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-security -c localhost:8091 -u Administrator -p password --set --cluster-encryption-level all SUCCESS: Security settings updated [root@node1-cb660-centos7 bin]# ./couchbase-cli setting-autofailover -c localhost:8091 -u Administrator -p password --enable-auto-failover=1 --auto-failover-timeout=120 --max-failovers=1 SUCCESS: Auto-failover settings modified Create a index with 0 replica CREATE INDEX idx2 ON test.test_scope_1.test_collection_1(name, age, join_yr) with {"num_replica":0}; Now use alter index to change replica count to 2 with non-encrypted port alter index idx2 on test.test_scope_1.test_collection_1 WITH {"action": "replica_count", "num_replica": 1, "nodes": ["10.112.205.102:8091", "10.112.205.103:8091"]}; Use alter index to change replica count to 1 on the node where index was not created initially using encrypted port alter index idx2 on test.test_scope_1.test_collection_1 WITH {"action": "replica_count", "num_replica": 0, "nodes": ["10.112.205.102:18091"]};

            Build couchbase-server-7.1.0-2181 contains indexing commit f2606f0 with commit message:
            MB-49879: Allow non secure ports in Alter Index in Encryption mode all

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-2181 contains indexing commit f2606f0 with commit message: MB-49879 : Allow non secure ports in Alter Index in Encryption mode all

            People

              hemant.rajput Hemant Rajput
              sai.teja Sai Krishna Teja
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty