Matt Borja

Couchbase on CentOS Walkthrough

Building a Couchbase cluster on CentOS.

Setup

  • Create user: useradd <user>
  • Set user password: passwd <user>
  • Enable passworded sudoer group: visudo
  • Add user to sudoer group: usermod -a -G <group> <user>
  • Add user public SSH key: ~/.ssh/authorized_keys
  • Set appropriate permissions on user SSH directory:
    • find ~/.ssh -type d | xargs chmod 0700
    • find ~/.ssh -type f | xargs chmod 0400
  • Review firewall settings: iptables -vL
  • Inspect OS version: lsb_release -d

Couchbase

  • Review installation guide
  • Download RPM and verify its signature:
    • md5sum couchbase-server-enterprise-4.5.1-centos6.x86_64.rpm
    • cat couchbase-server-enterprise-4.5.1-centos6.x86_64.rpm.md5
  • Install RPM: sudo rpm --install couchbase-server-enterprise-4.5.1-centos6.x86_64.rpm
  • Review any warning messages
  • Verify service is running: netstat -apn | grep 8091
  • Review Security Best Practices
  • Add firewall exceptions
  • Manually configure cluster, adding server nodes (TODO: couchbase-cli)

Base Cluster Configuration

  • Services: Data, Index, Query
  • Data RAM Quota: 2048
  • Index RAM quota: 512
  • Index Storage Setting: Standard Global Secondary Indexes (GSI)
  • Databases Path: /opt/couchbase/var/lib/couchbase/data
  • Indexes Path: /opt/couchbase/var/lib/couchbase/indexes
  • Hostname: $(hostname)

Appendix

Couchbase installation output

    Warning: Transparent hugepages looks to be active and should not be.
    Please look at http://bit.ly/1ZAcLjD as for how to PERMANENTLY alter this setting.
    Warning: Transparent hugepages looks to be active and should not be.
    Please look at http://bit.ly/1ZAcLjD as for how to PERMANENTLY alter this setting.
    Warning: Swappiness is not set to 0.
    Please look at http://bit.ly/1k2CtNn as for how to PERMANENTLY alter this setting.
    Minimum RAM required  : 4 GB
    System RAM configured : 3.73 GB

    Minimum number of processors required : 4 cores
    Number of processors on the system    : 2 cores

    Starting couchbase-server
    [  OK  ]

    You have successfully installed Couchbase Server.
    Please browse to http://localhost:8091/ to configure your server.
    Please refer to http://couchbase.com for additional resources.

    Please note that you have to update your firewall configuration to
    allow connections to the following ports:
    4369, 8091 to 8094, 9100 to 9105, 9998, 9999, 11209 to 11211,
    11214, 11215, 18091 to 18093, and from 21100 to 21299.

    By using this software you agree to the End User License Agreement.
    See /opt/couchbase/LICENSE.txt.

Couchbase firewall exceptions

    # Open Couchbase (4.5.1) ports to authorized client ranges
    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 8091:8094 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT
    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 9100:9105 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT
    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 11209:11211 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT
    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 18091:18093 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT
    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 21100:21299 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT
    sudo iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 4369,9998,9999,11214,11215 -m iprange --src-range "$clientStart-$clientEnd" -j ACCEPT

    # Move icmp-host-prohibited to end of chain
    sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
    sudo iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

To test a network connection from a Windows client (Powershell): Test-NetConnection -ComputerName $host -Port $port

References