Details
-
Bug
-
Resolution: Fixed
-
Major
-
6.6.5
-
6.6.5 build 10069
-
Untriaged
-
Windows 64-bit
-
1
-
No
Description
Steps to Repro
1. Create a 4 node cluster on 6.6.4 with all the services enabled.
2. Upgrade 6.6.4 cluster to 6.6.5 using online upgrade with swap rebalance.
3. Enable TLS on 6.6.5 using following commands. This works fine.
1. curl -v -u Administrator:password -X POST http://localhost:8091/internalSettings -d "canEnableStrictEncryption=true"
2. enable n2n encryption
/opt/couchbase/bin/couchbase-cli node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --enable
3. Enforce it to strict
curl -v -u Administrator:password http://localhost:8091/settings/security -d "clusterEncryptionLevel=strict"
4. Disable TLS
1. Bring it back to control from strict
curl -v -u Administrator:password http://localhost:8091/settings/security -d "clusterEncryptionLevel=control"
2. Disable n2n encryption
/opt/couchbase/bin/couchbase-cli node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
The disable n2n command repeatedly fails as shown below.
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable^C
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
pools/default after setting "clusterEncryptionLevel=control" shows its set successfully. See pools_default_after_clusterEncryptionLevel_to_control.txt
Looks similar to MB-44372. Wonder if that needs to be backported.
Attachments
For Gerrit Dashboard: MB-50289 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
168559,2 | MB-50289: Refactor cb_epmd:port_please code in order to ... | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
168560,2 | MB-50289: Modify ns_cluster:verify_otp_connection to support TLS | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
168561,2 | MB-50289: Verify otp connectivity when opening external port | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
168562,2 | MB-50289: Ignore wrong connection type when ... | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
168563,1 | Test patch to repro the bug MB-50289 | mad-hatter | ns_server | Status: ABANDONED | 0 | -1 |
168577,3 | MB-50289: Merge remote-tracking branch 'couchbase/mad-hatter' | cheshire-cat | ns_server | Status: MERGED | +2 | +1 |
168579,2 | Merge remote-tracking branch 'couchbase/cheshire-cat' | master | ns_server | Status: MERGED | +2 | +1 |