Details
-
Bug
-
Resolution: Fixed
-
Major
-
6.6.5
-
6.6.5 build 10069
-
Untriaged
-
Windows 64-bit
-
1
-
No
Description
Steps to Repro
1. Create a 4 node cluster on 6.6.4 with all the services enabled.
2. Upgrade 6.6.4 cluster to 6.6.5 using online upgrade with swap rebalance.
3. Enable TLS on 6.6.5 using following commands. This works fine.
1. curl -v -u Administrator:password -X POST http://localhost:8091/internalSettings -d "canEnableStrictEncryption=true"
2. enable n2n encryption
/opt/couchbase/bin/couchbase-cli node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --enable
3. Enforce it to strict
curl -v -u Administrator:password http://localhost:8091/settings/security -d "clusterEncryptionLevel=strict"
4. Disable TLS
1. Bring it back to control from strict
curl -v -u Administrator:password http://localhost:8091/settings/security -d "clusterEncryptionLevel=control"
2. Disable n2n encryption
/opt/couchbase/bin/couchbase-cli node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
The disable n2n command repeatedly fails as shown below.
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable^C
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
|
Administrator@WIN-1T98IIFH727 /cygdrive/c/Program Files/Couchbase/Server/bin
|
$ ./couchbase-cli.exe node-to-node-encryption -c http://localhost:8091 -u Administrator -p password --disable
|
ERROR: _ - Reconnect to 'ns_1@172.23.136.156' retries exceeded
|
pools/default after setting "clusterEncryptionLevel=control" shows its set successfully. See pools_default_after_clusterEncryptionLevel_to_control.txt
Looks similar to MB-44372. Wonder if that needs to be backported.