XDCR

To create a XDCR remote cluster:

    couchbase-cli xdcr-setup -c 192.168.0.1:8091 \
        --create \
        --xdcr-cluster-name=test \
        --xdcr-hostname=10.1.2.3:8091 \
        --xdcr-username=Administrator \
        --xdcr-password=password

To delete a XDCR remote cluster:

    couchbase-cli xdcr-delete -c 192.168.0.1:8091 \
        --xdcr-cluster-name=test

Managing XDCR replication streams

To start a replication stream:

    couchbase-cli xdcr-replicate -c 192.168.0.1:8091 \
        --create \
        --xdcr-cluster-name=test \
        --xdcr-from-bucket=default \
        --xdcr-to-bucket=default1

To delete a replication stream:

    couchbase-cli xdcr-replicate -c 192.168.0.1:8091 \
        --delete \
        --xdcr-replicator=f4eb540d74c43fd3ac6d4b7910c8c92f/default/default

Managing remote clusters

To create a remote cluster reference:

In the following example the remote cluster is “RemoteCluster”.

couchbase-cli xdcr-setup -c 10.3.121.121:8091 -u Administrator  -p password \
    --create 
    --xdcr-cluster-name=RemoteCluster  
    --xdcr-hostname=10.3.121.123:8091  
    --xdcr-username=Administrator  
    --xdcr-password=password

To set a XDCR protocol:

An XDCR protocol for the mode of replication can be specified for XDCR.

To change a XDCR replication protocol for an existing XDCR replication:

If you change want the replication protocol for an existing XDCR replication:

  1. Delete the replication.
  2. Re-create the replication with your preference.

First we create a destination cluster reference named “RemoteCluster”:

couchbase-cli xdcr-setup -c hostname_:8091 -u Administrator  -p password \
  --create --xdcr-cluster-name=RemoteCluster  --xdcr-hostname=10.3.121.123:8091 \ 
  --xdcr-username=Administrator  --xdcr-password=password

Upon success, we get this response:

    SUCCESS: init RemoteCluster

Now you can start replication to the remote cluster using memcached protocol as the existing default:

couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password 
        --xdcr-cluster-name RemoteCluster 
        --xdcr-from-bucket default 
        --xdcr-to-bucket backup

To explicitly set the protocol to memcached:

couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password \
    --xdcr-cluster-name RemoteCluster 
    --xdcr-from-bucket default 
    --xdcr-to-bucket backup 
    --xdcr-replication-mode xmem

To set the protocol to CAPI:

couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password \ 
    --xdcr-cluster-name RemoteCluster 
    --xdcr-from-bucket default 
    --xdcr-to-bucket backup
    --xdcr-replication-mode capi

If there is already an existing replication for a bucket, you get an error when you try to start the replication again with any new settings:

 couchbase-cli xdcr-replicate -c 10.3.121.121:8091 -u Administrator -p password 
    --xdcr-cluster-name RemoteCluster 
    --xdcr-from-bucket default 
    --xdcr-to-bucket backup
    --xdcr-replication-mode capi

Results in the following error:

ERROR: unable to create replication (400) Bad Request
        {u'errors': {u'_': u'Replication to the same remote cluster and bucket already exists'}}
ERROR: Replication to the same remote cluster and bucket already exists

Managing XDCR data encryption

The Couchbase Server command line interface (CLI) enables XDCR data encryption (Enterprise Edition only) when an XDCR cluster reference is created or modified. The CLI provides the couchbase-cli tool and the xdcr-setup command. The option --xdcr-demand-encryption=1 enables XDCR data encryption -xdcr-certificate=CERTIFICATE provides the SSL certificate for data security.

To setup XDCR with SSL data encryption:

  1. Retrieve the certificate from the destination cluster.
  2. Create or modify the XDCR configuration to allow data encryption and provide the SSL certificate.
  3. Define the replication.

To configure XDCR with SSL data encryption, the xdcr-setup command is used.

Syntax

couchbase-cli xdcr-setup -c localHost:port -u localAdmin -p localPassword
  --create --xdcr-cluster-name=remoteClustername 
  --xdcr-hostname=remoteHost:port 
  --xdcr-username=remoteAdmin --xdcr-password=remotePassword 
  --xdcr-demand-encryption=[0|1]   // 1 to enable, 0 to disable (default)
  --xdcr-certificate=<localPath>/<certFile>.pem

Example

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
  --create --xdcr-cluster-name=Omaha 
  --xdcr-hostname=10.3.4.187:8091 
  --xdcr-username=Peyton --xdcr-password=Manning 
  --xdcr-demand-encryption=1 
  --xdcr-certificate=./new.pem

Results

The following is an example of results for a successful XDCR configuration.

SUCCESS: init/edit test 
<<replication reference created>>

To disable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=0.

Example

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
  --create --xdcr-cluster-name=Omaha 
  --xdcr-hostname=10.3.4.187:8091 
  --xdcr-username=Peyton --xdcr-password=Manning 
  --xdcr-demand-encryption=0

Managing SSL certificates

Retrieving an SSL certificate for XDCR data encryption, should be done in a secure manner, such as with ssh and scp. For example:

  1. Use a secure method to log in to a node on the destination cluster. For example: ssh.
  2. Retrieve the certificate with the couchbase-cli ssl-manage command.
  3. Use a secure method to transfer the certificate from the destination cluster to the source cluster. For example: scp.
  4. Proceed with setting up XDCR with SSL data encryption.

The couchbase-cli ssl-manage command provides the following options for regenerating and retrieving certificates.

--regenerate-cert=CERTIFICATE
Regenerates a self-signed certificate on the destination cluster. Specify the full path for the location of the pem-encoded certificate file. For example, --regenerate-cert=./new.pem.
--retrieve-cert=CERTIFICATE
Retrieves the self-signed certificate from the destination cluster to the source cluster. Specify a local location (full path) and file name for the pem-encoded certificate. For example, --retrieve-cert=./newCert.pem.

To retrieve an existing self-signed certificate, use the ssl-manage command.

Syntax

couchbase-cli ssl-manage -c localHost:port 
  -u Administrator -p password 
  --retrieve-cert=./<newCert>.pem

Example

couchbase-cli ssl-manage -c 10.3.4.187:8091 
  -u Administrator -p password 
  --retrieve-cert=./newCert.pem

Results

The following is an example of results for a successful retrieval of the certificate:

SUCCESS: retrieve certificate to './newCert.pem' 
Certificate matches what seen on GUI

To regenerate a self-signed certificate, use the couchbase-cli ssl-manage command.

Syntax

couchbase-cli ssl-manage 
  -c remoteHost:port 
  -u adminName -p adminPassword 
  --regenerate-cert=CERTIFICATE

Example

The following is an example of the CLI commands and options for regenerating a self-signed certificate with the ssl-manage command:

couchbase-cli ssl-manage 
  -c 10.3.4.187:8091 
  -u Administrator -p password 
  --regenerate-cert=./new.pem

Results

The following is an example of results for a successful regeneration of the certification:

SUCCESS: regenerate certificate to './new.pem'

To retrieve an existing self-signed certificate, the ssl-manage command is used.

Syntax

couchbase-cli ssl-manage -c localHost:port 
  -u Administrator -p password 
  --retrieve-cert=./<newCert>.pem

Example

couchbase-cli ssl-manage -c 10.3.4.187:8091 
  -u Administrator -p password 
  --retrieve-cert=./newCert.pem

Results

The following is an example of results for a successful retrieval of the certificate:

SUCCESS: retrieve certificate to './newCert.pem' 
Certificate matches what seen on GUI