> Software > Big Data > CockroachDB > Configuration

Configuring CockroachDB Cluster

When you configure a cluster, an instance, an app, and a default subclient are automatically created.

Before You Begin

The user account must have following privileges:

  • Backup (System-level)
  • Restore (System-level)
  • Create (Database-level): To restore table to existing database (table does not exist)
  • Drop (Database and Table level): To restore database or tables to existing database or tables.

Pre-requisites

  1. If SSL is configured on the cluster, you need to copy the following to the access node:

    • Certificate Authority (CA) certificate. For more information, see cockroach cert.

    • Client Certificate and key for CockroachDB user (Optional)

  2. If multiple access nodes are used, then the path to copy has to be the same on all the access nodes.

  3. Configuration requirement for CockroachDB deployed on AWS EC2

    1. If access node is outside of the CockroachDB or Load balancer (LB) node virtual private cloud (VPC), then complete the following:

      • Create peering connection between the access node VPC and the CockroachDB/LB node VPC.

      • For CockroachDB VPC security group, the cluster port (by default port 26257) needs to be completely opened.

      • From both access node and CockroachDB cluster nodes, it should be able to access the S3 bucket.

  4. To configure CockroachDB instance, you need to make the following entries while adding CockroachDB cluster:

    • Host: Loadbalancer full name or public ip or any CockroachDB host

    • Port Number: The listener port configured on loadbalancer (if LB configured) or the CockroachDB port.

  5. To use IAM role authentication for S3 bucket, the user needs to have following minimal permission for the IAM role:

     
    {
    "Version": "2012-10-17", 
    "Statement": 
     [
        { 
        "Sid": "IAMAssumeRolePrivileges",
        "Effect": "Allow", 
        "Action":[ 
                    "s3:GetObject", 
                    "s3:PutObject", 
                    "s3:ListBucket", 
                    "s3:ListBucketVersions", 
                    "s3:DeleteObjectVersion", 
                    "s3:DeleteObject", 
                    "s3:GetBucketAcl", 
                    "s3:GetObjectAcl", 
                    "s3:PutBucketAcl", 
                    "s3:PutObjectAcl", 
                    "s3:PutObjectVersionAcl"
                ]
        "Resource": "*"
        }
    ]
}

    For more information about the permissions for the IAM role, refer to Amazon S3 assume role.

Procedure

To configure CockroachDB Cluster, complete the following:

  1. From the navigation pane, go to Protect > Big data.

    The Big data page appears.

  2. Click Add cluster.

    The Configure Big Data App appears.

  3. Select CockroachDB and Click NEXT.

    The Configure CockroachDB Cluster page opens.

  4. Select an existing access node from Access node list or add a new access node, and then click NEXT.

  5. Select an existing backup plan or add a new backup plan, and then click NEXT.

    The Add CockroachDB Cluster page appears.

  6. In the Cluster name box, enter a name of the cluster.

  7. In Host box, enter the name of the Load balancer (LB) or any CockroachDB host.

  8. In Port number, enter the port number used for CockroachDB connection.

  9. To back up the CockroachDB clusters, under Database authentication, enter the credential in the User name and Password boxes.

  10. If you select Use saved credentials checkbox, from Credential list, you can select the credentials of an account to be used for authentication. To add a new credential, complete the following:

    1. Click + beside the Credentials list.

      The Add credential dialog box appears.

    2. Enter the following information:

      • In the Account type, the SQL Server Account is selected by default.

      • From the Credential Vault list, select the credential vault that you want to add.

      • In the Credential name box, enter the name of the credential.

      • In the User account box, enter the name of the user account.

      • In the Password box, enter the password.

      • In the Description box, enter the description of the credential.

    3. Click SAVE.

  11. The AWS S3 is selected as staging type by default.

  12. Under the S3 Authentication, from the Authentication list, if you select Access and secret keys, then complete the following:

    1. From the Credential list, select a saved credential or add a new credential. To add a new credential, complete the following:

      1. Click + beside the Credentials list.

        The Add credential dialog box appears.

      2. Enter the following information:

        • In Account type, the cloud account is selected by default.

        • In Vendor Type, Amazon Web Services is selected by default.

        • In the Authentication type, access & secret keys is selected by default.

        • From Credential Vault list, select the credential vault that you want to add.

        • In the Credential name box, enter the name of the credential.

        • In the Access key ID box, enter the access key ID of the cloud account.

        • In the Secret access key box, enter the secret access key of the cloud account.

      3. Click Save.

    2. In the Service host box, enter the Amazon S3 endpoint in the format s3.amazonaws.com.

      For some cloud service providers, the Service host box is populated with the default value for that cloud service provider.

    3. In Staging path box, enter the full path of the staging location to be used for backups.

  13. Under the S3 Authentication, from the Authentication list, if you select IAM role, then complete the following:

    1. In the Service host box, enter the Amazon S3 endpoint in the format s3.amazonaws.com.

      For some cloud service providers, the Service host box is populated with the default value for that cloud service provider.

    2. In Staging path box, enter the full path of the staging location to be used for backups.

  14. Under the SSL, complete the following:

    1. In the SSL CA Certificate path box, enter the path of the Certificate Authority (CA) file that will be used with the CockroachDB commands.

    2. In the Client certificate path box, enter the path of the client certificate file.

    3. In the Client private key path box, enter the path of private key file name.

      Note

      If SSL is enabled on cluster node, the user needs to consider the following scenarios:

      • Defining SSL CA Certificate path is mandatory.

      • The user can define SSL CA Certificate path and skip defining Client certificate path and Client private key path.

      • If the user defines either Client certificate path or Client private key path, then it is mandatory to define both the paths.

    4. In the Password for the encrypted client private key box, enter the password that is associated with the private key.

  15. Click NEXT.

    The Summary page appears, where you can see the CockroachDB cluster configuration details.

  16. Click FINISH.

×

Loading...