XDCR
To create a XDCR remote cluster:
couchbase-cli xdcr-setup -c 192.168.0.1:8091 \
--create \
--xdcr-cluster-name=test \
--xdcr-hostname=10.1.2.3:8091 \
--xdcr-username=Administrator \
--xdcr-password=password
To delete a XDCR remote cluster:
couchbase-cli xdcr-delete -c 192.168.0.1:8091 \
--xdcr-cluster-name=test
Managing XDCR replication streams
To start a replication stream:
couchbase-cli xdcr-replicate -c 192.168.0.1:8091 \
--create \
--xdcr-cluster-name=test \
--xdcr-from-bucket=default \
--xdcr-to-bucket=default1
To delete a replication stream:
couchbase-cli xdcr-replicate -c 192.168.0.1:8091 \
--delete \
--xdcr-replicator=f4eb540d74c43fd3ac6d4b7910c8c92f/default/default
Managing remote clusters
To create a remote cluster reference:
In the following example the remote cluster is “RemoteCluster”.
couchbase-cli xdcr-setup -c 10.3.121.121:8091 -u Administrator -p password \
--create
--xdcr-cluster-name=RemoteCluster
--xdcr-hostname=10.3.121.123:8091
--xdcr-username=Administrator
--xdcr-password=password
To set a XDCR protocol:
An XDCR protocol for the mode of replication can be specified for XDCR.
To change a XDCR replication protocol for an existing XDCR replication:
If you change want the replication protocol for an existing XDCR replication:
- Delete the replication.
- Re-create the replication with your preference.
First we create a destination cluster reference named “RemoteCluster”:
couchbase-cli xdcr-setup -c hostname_:8091 -u Administrator -p password \
--create --xdcr-cluster-name=RemoteCluster --xdcr-hostname=10.3.121.123:8091 \
--xdcr-username=Administrator --xdcr-password=password
Upon success, we get this response:
SUCCESS: init RemoteCluster
Now you can start replication to the remote cluster using memcached protocol as the existing default:
couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password
--xdcr-cluster-name RemoteCluster
--xdcr-from-bucket default
--xdcr-to-bucket backup
To explicitly set the protocol to memcached:
couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password \
--xdcr-cluster-name RemoteCluster
--xdcr-from-bucket default
--xdcr-to-bucket backup
--xdcr-replication-mode xmem
To set the protocol to CAPI:
couchbase-cli xdcr-replicate -c host_name:8091 -u Administrator -p password \
--xdcr-cluster-name RemoteCluster
--xdcr-from-bucket default
--xdcr-to-bucket backup
--xdcr-replication-mode capi
If there is already an existing replication for a bucket, you get an error when you try to start the replication again with any new settings:
couchbase-cli xdcr-replicate -c 10.3.121.121:8091 -u Administrator -p password
--xdcr-cluster-name RemoteCluster
--xdcr-from-bucket default
--xdcr-to-bucket backup
--xdcr-replication-mode capi
Results in the following error:
ERROR: unable to create replication (400) Bad Request
{u'errors': {u'_': u'Replication to the same remote cluster and bucket already exists'}}
ERROR: Replication to the same remote cluster and bucket already exists
Managing XDCR data encryption
The Couchbase Server command line interface (CLI) enables XDCR data encryption (Enterprise Edition only) when an XDCR cluster reference is created or modified. The CLI provides the couchbase-cli tool and the xdcr-setup command. The option --xdcr-demand-encryption=1 enables XDCR data encryption -xdcr-certificate=CERTIFICATE provides the SSL certificate for data security.
To setup XDCR with SSL data encryption:
- Retrieve the certificate from the destination cluster.
- Create or modify the XDCR configuration to allow data encryption and provide the SSL certificate.
- Define the replication.
To configure XDCR with SSL data encryption, the xdcr-setup command is used.
Syntax
couchbase-cli xdcr-setup -c localHost:port -u localAdmin -p localPassword
--create --xdcr-cluster-name=remoteClustername
--xdcr-hostname=remoteHost:port
--xdcr-username=remoteAdmin --xdcr-password=remotePassword
--xdcr-demand-encryption=[0|1] // 1 to enable, 0 to disable (default)
--xdcr-certificate=<localPath>/<certFile>.pem
Example
couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
--create --xdcr-cluster-name=Omaha
--xdcr-hostname=10.3.4.187:8091
--xdcr-username=Peyton --xdcr-password=Manning
--xdcr-demand-encryption=1
--xdcr-certificate=./new.pem
Results
The following is an example of results for a successful XDCR configuration.
SUCCESS: init/edit test
<<replication reference created>>
To disable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=0.
Example
couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u localAdmin -p localPassword
--create --xdcr-cluster-name=Omaha
--xdcr-hostname=10.3.4.187:8091
--xdcr-username=Peyton --xdcr-password=Manning
--xdcr-demand-encryption=0
Managing SSL certificates
Retrieving an SSL certificate for XDCR data encryption, should be done in a secure manner, such as with ssh and scp. For example:
- Use a secure method to log in to a node on the destination cluster. For example: ssh.
- Retrieve the certificate with the couchbase-cli ssl-manage command.
- Use a secure method to transfer the certificate from the destination cluster to the source cluster. For example: scp.
- Proceed with setting up XDCR with SSL data encryption.
The couchbase-cli ssl-manage command provides the following options for regenerating and retrieving certificates.
- --regenerate-cert=CERTIFICATE
- Regenerates a self-signed certificate on the destination cluster. Specify the full path for the location of the pem-encoded certificate file. For example, --regenerate-cert=./new.pem.
- --retrieve-cert=CERTIFICATE
- Retrieves the self-signed certificate from the destination cluster to the source cluster. Specify a local location (full path) and file name for the pem-encoded certificate. For example, --retrieve-cert=./newCert.pem.
To retrieve an existing self-signed certificate, use the ssl-manage command.
Syntax
couchbase-cli ssl-manage -c localHost:port
-u Administrator -p password
--retrieve-cert=./<newCert>.pem
Example
couchbase-cli ssl-manage -c 10.3.4.187:8091
-u Administrator -p password
--retrieve-cert=./newCert.pem
Results
The following is an example of results for a successful retrieval of the certificate:
SUCCESS: retrieve certificate to './newCert.pem'
Certificate matches what seen on GUI
To regenerate a self-signed certificate, use the couchbase-cli ssl-manage command.
Syntax
couchbase-cli ssl-manage
-c remoteHost:port
-u adminName -p adminPassword
--regenerate-cert=CERTIFICATE
Example
The following is an example of the CLI commands and options for regenerating a self-signed certificate with the ssl-manage command:
couchbase-cli ssl-manage
-c 10.3.4.187:8091
-u Administrator -p password
--regenerate-cert=./new.pem
Results
The following is an example of results for a successful regeneration of the certification:
SUCCESS: regenerate certificate to './new.pem'
To retrieve an existing self-signed certificate, the ssl-manage command is used.
Syntax
couchbase-cli ssl-manage -c localHost:port
-u Administrator -p password
--retrieve-cert=./<newCert>.pem
Example
couchbase-cli ssl-manage -c 10.3.4.187:8091
-u Administrator -p password
--retrieve-cert=./newCert.pem
Results
The following is an example of results for a successful retrieval of the certificate:
SUCCESS: retrieve certificate to './newCert.pem'
Certificate matches what seen on GUI