Matt Borja

Couchbase Walkthrough

Installation

Manually install and configure Couchbase cluster:

  • Separate data and index paths
  • Configure hostname
  • Enable services: Data, Index, Query
  • Data RAM quota: 2048
  • Index RAM quota: 512
  • Bucket type: Couchbase
  • Per Node RAM Quota: 2048
  • Cache Metadata: Value ejection
  • Enable replicas: 1
  • Set bucket disk I/O priority: Low (default)
  • Enable Flush
  • Enable software update notifications
  • Set administrator account credentials
  • Review Network Ports (Node-to-Node) for enabling communication between nodes.
  • Review Security Considerations for securing Couchbase cluster
  • Add additional nodes using Add Server from the Server Nodes tab (do not join from other nodes)
  • Only add nodes from single node in cluster (vs. joining existing cluster)
  • Setup Couchbase cluster (manual) and bi-directional cross-datacenter replication (XDCR)
    • For each cluster (region):
    • Install Couchbase on each cluster node
    • Build cluster using first node (i.e. Add Server)
    • Add firewall exceptions to allow networking between nodes and clusters ONLY
      • Example: $localPort = ("4369", "8091", "9100-9105", "9998", "9999", "11209-11211", "11214", "11215", "18091-18093", "21100-21299"); $remoteAddresses = ("...")
    • Add remote cluster in XDCR with Encryption Enabled using public key of remote cluster node (Settings -> Cluster).
      • Regenerate certificate if necessary
      • Create replications for each bucket to be replicated
      • Specify additional replication details under Advanced Settings:
      • XDCR Max Replications per Bucket: 32 (> 16)
      • XDCR workers per Replication: 4
      • XDCR Checkpoint Interval: 1800
      • XDCR Batch Count: 1024 (> 500)
      • XDCR Batch Size (kB): 2048
      • XDCR Failure Retry Interval: 20 (< 30)
      • XDCR Optimistic Replication Threshold: 256
  • Gradually add new nodes to cluster (one region at a time) and record differentials

Node-to-node communications over IPsec with data encryption (Windows)

Example PowerShell command:

    New-NetFirewallRule -DisplayName "Couchbase Server 4.5.1" -Direction Inbound -Protocol TCP -LocalPort 4369,8091,9100-9105,9998,9999,11209-11211,11214,11215,18091-18093,21100-21299 -RemoteAddress N.N.N.N-N.N.N.N,N.N.N.N-N.N.N.N -Action Allow
  • Create Inbound Rule to allow communication on node-to-node ports:
    • Action: Allow the connection if it is secure (require the connections to be encrypted)
    • Authorized computers (Remote Computers)
    • Only allow connections from these computers (node1, node2, ... nodeN)
    • Profiles (Advanced): Domain, Private, Public
    • Local Ports: 8091, 8092, 11209-11210, 4369, 21100-21299
    • Remote Port: All
  • Create Connection Security Rule to support IPsec
    • Remote Computers
    • Endpoint 1: node1
    • Endpoint 2: node2, ... nodeN
    • Profile (Advanced): Domain, Private, Public
    • IPsec tunneling (leave disabled to use Transport mode)
    • Authentication
    • Require inbound and outbound
    • Method: Computer (Kerberos V5)
    • Protocols and Ports
    • Protocol type: TCP
    • Endpoint 1 port: All ports
    • Endpoint 2 port: All ports
  • Specify Data Protection Settings (Windows Firewall Properties -> IPsec Settings -> IPsec defaults)
    • Data protection: Advanced
    • Require encryption for all connection security rules that use these settings
    • Remove weak ciphers (i.e. 3DES)
    • Specify data integrity and encryption algorithm (i.e. AES-CBC 128 / SHA-1 for ESP protocol)
    • Require encryption for all connection security rules that use these settings
  • Copy firewall properties, inbound rules, and connection security rules to other nodes and verify connections

Install/Update Couchbase 4.1.0-5005 Community Edition (build-5005) to 4.5.1 Enterprise Edition

  • Download and verify Couchbase 4.5.1 Enterprise installer
  • Stop Couchbase service: net stop CouchbaseServer (must be run as Administrator)
  • Run Couchbase installer (automatic backup/upgrade)
  • Update firewall configuration as recommended
    • Local ports: 4369, 8091-8094, 9100-9105, 9998-9999, 11209-11211, 11214-11215, 18091-18093, 21100-21299
  • Review bucket configuration and configure Settings

Errata

  • memcached.exe (APPCRASH) - Couchbase 4.5.1 is broken under Windows 10.0 (Anniversary Update)
  • Couchbase 3.1.6 appears to be a stable replacement until further testing can be done with Couchbase 4.6.x (currently Developer Preview). Consider installing onto CentOS instead.