Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
7.2.0
-
Untriaged
-
Linux x86_64
-
0
-
Unknown
Description
While working on CI/CD integration, customer tried cbq command to run the n1ql statements on the Capella cluster by properly whitelisting the inbound IPs. They are able to run the cbq when -skip-verify argument is used:
$ cbq -u <username> -p <password> -skip-verify -f get-indexes.txt -e https://svc-dqi-node-002.xyz.cloud.couchbase.com:18091
However, when cert is used to connect to Capella node, it is not clear from the documentation what else to pass as argument in addition to {}cacert{-} with ca-certificate downloaded from Capella UI. This is what they get when using just the -cacert option:
$cbq -u <username> -p <password> -e https://svc-dqi-node-002.xyz.cloud.couchbase.com:18091 -f get-indexes.txt --cacert /path/to/capella.cert.pem
ERROR 100 : N1QL: Need to pass both certfile and keyfile
Here is the Couchbase binaries installed on the client machine (where cbq is run):
$ sudo rpm -qa | grep couchbas
couchbase-server-7.2.0-5325.x86_64
And Capella cluster is at 7.1.3 version.
PS: Content of get-indexes.txt file is a single SELECT statement (one can have any N1QL doesn't matter to the outcome):
select RAW CONCAT("DROP INDEX `",keyspace_id,"`.`", name,"`;") from system:indexes; |
Issue | Resolution |
cbq required a client authentication key file whenever a certificate authority file was used. | cbq now accepts a certificate authority file without a client key file enabling use with username and password credentials. |