Integrating CTE with a Couchbase Database
This document describes how to integrate CTE with a Couchbase database.
Test Environment
-
CTE Agent: 7.2.0.128
-
CipherTrust Manager: 2.8.0
-
OS: RHEL/CentOS 8.2
-
Couchbase: 7.1
-
File System: XFS
System Requirement Specifications
-
RAM: 16 GB
-
Storage: 32 GB
-
CPU: 3 GHz
Steps
To integrate CTE with a Couchbase database:
Create a Couchbase Cluster
Create a Couchbase cluster of one or more nodes. You will install Couchbase Server and CTE Agent on these nodes.
Perform the following steps on all the nodes:
-
Log on to the SSH client.
-
Install the Couchbase Server.
dnf install -y https://packages.couchbase.com/releases/couchbase-release/couchbase-release-1.0-x86_64.rpm dnf install -y couchbase-server
Output:
[root@NOIENC1PFL—IR30 ~]# rpm -qa | grep couch couchbase-server-7.1.1-3175.x86_64 couchbase-release-1.0-11.x86_64
-
Ensure that the
couchbase-server
service is running.service couchbase-server status
Output:
[root@NOIENC1PFL—IR3O ~]# service couchbase—server status Redirecting to [bin/systemctl status couchbase-server.service o couchbase—server.service — Couchbase Server Loaded: loaded (/usr/lib/systemd/system/couchbase—server.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2022-07-28 10:28:39 IST; 1 months 15 days ago Docs: httgs:[zdocs.couchbase.com Main PID: 2577 (beam.smp) Tasks: 424 (limit: 23815) Memory: 1.36 CGroup: /system.slice/couchbase—server.service |-2577 /opt/couchbase/lib/erlang/erts—12.1.5/bin/beam.smp -A 16 -sbwt none -- -root /opt/couchbase/lib/erlan |-2600 /opt/couchbase/lib/erlang/erts-12.1.5/bin/epmd -daemon |-2681 erl_chi1d_setup 200000 |-2701 /opt/couchbase/bin/gosecrets |-2705 /opt/couchbase/lib/erlang/erts-12.1.5/bin/beam.smp -A 16 -sbt u -P 327680 -K true -swt low -sbwt none |-2727 er1_chi1d_setup 200000 |-2746 sh -s disksup |-2748 /opt/couchbase/lib/erlang/lib/os_mon—2.7.1/priv/bin/memsup |-2749 /opt/couchbase/lib/erlang/lib/os_mon—2.7.1/priv/bin/cpu_sup |-2750 portsigar for ns_1@cb.local 2577
-
Initialize the node.
/opt/couchbase/bin/couchbase-cli node-init -c <Node_IP> -u <USERNAME> -p <PASSWORD> --node-init-data-path /opt/couchbase/var/lib/couchbase/data --node-init-index-path /opt/couchbase/var/lib/couchbase/data --node-init-eventing-path /opt/couchbase/var/lib/couchbase/data --node-init-analytics-path /opt/couchbase/var/lib/couchbase/data --ipv4
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli node-init -c 10.164.11.191 -u placeholdername -p placeholderpwd --node-init-data-path /opt/couchbase/var/lib/couchbase/data --node-init-index-path /opt/couchbase/var/Iib/couchbase/data --node-init-eventing-path /opt/couchbase/var/lib/couchbase/data --node-init-analytics-path /opt/couchbase/var/lib/couchbase/data --ipv4 SUCCESS: Node initialized [root@NOIENC1PFL-IR30 ~]#
After initializing all the nodes to be part of the cluster:
-
Create the cluster on one of the nodes.
/opt/couchbase/bin/couchbase-cli cluster-init -c 10.164.11.191 --cluster-username <CLUSTER_USERNAME> --cluster-password <CLUSTER_PASSWORD> --services data,index,query --cluster-ramsize 512 --cluster-index-ramsize 256
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli cluster-init -c 10.164.11.191 --cluster-username admin --cluster-password pvlinux --services data,index,query --cluster-ramsize 512 --cluster-index-ramsize 256 SUCCESS: Cluster initialized [root@NOIENC1PFL-IR30 ~]#
The
ramsize
of the data, index, and other files can be changed according to the system availability. -
Add the remaining nodes to the cluster.
/opt/couchbase/bin/couchbase-cli server-add -c 10.164.11.191:8091 --username <CLUSTER_USERNAME> --password <CLUSTER_PASSWORD> --server-add 10.164.14.158 --server-add-username someName --server-add-password somePassword --services data
Disable and stop the firewall on all the nodes.
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli server-add -c 10.164.11.191:8091 --username admin --password pvlinux --server-add 10.164.14.158 --server-add-username someName --server-add-password somePassword --services data SUCCESS: Server added [root@NOIENC1PFL-IR30 ~]#
-
Rebalance all the nodes from any node.
/opt/couchbase/bin/couchbase-cli rebalance -c 10.164.11.191:8091 --username <CLUSTER_USERNAME> --password <CLUSTER_PASSWORD>
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli rebalance -c 10.164.11.191:8091 --username admin --password pvlinux SUCCESS: Rebalance complete [root@NOIENC1PFL-IR30 ~]#
Couchbase recommends to rebalance the nodes when they are added or removed, and on failover.
-
Ensure that all the nodes are in a healthy state.
/opt/couchbase/bin/couchbase-cli server-list -c localhost:8091 --username <CLUSTER_USERNAME> --password <CLUSTER_PASSWORD>
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli server-list -c localhost:8091 --username admin --password pvlinux ns_1@10.164.11.191 10.164.11.191:8091 healthy active ns_1@10.164.11.203 10.164.11.203:8091 healthy active ns_1@10.164.14.158 10.164.14.158:8091 healthy active [root@NOIENC1PFL-IR30 ~]#
The sample output above shows that all the nodes are healthy
.
Install and Register the CTE Agent
-
Install the CTE Agent on all nodes of the Couchbase cluster.
-
Register the CTE Agent with the CipherTrust Manager.
Refer to CTE - Agent Quick Start Guide for details.
Create the GuardPoints
Perform the following steps on all the cluster nodes.
-
On the CTE client, stop the Couchbase service.
service couchbase-server stop
-
On the CipherTrust Manager, create the GuardPoint. While creating the GuardPoint:
-
Enter the Path of the important Couchbase database, for example,
/opt/couchbase/var/lib/couchbase/data/
. -
Select the Policy Type as Standard.
• If the Couchbase buckets are already created, Dataxform needs to be performed.
• You can also create LDT policy. -
Create a User Set with users
root
andcouchbase
, and give them the permission to perform all Actions and Effects.
Refer to Creating GuardPoints for details.
-
-
Ensure that the GuardPoint status is
guarded
on the CTE client.secfsd -status guard
Output:
[root@N01ENC1PFL-IR30 data]# secfsd -status guard GuardPoint Policy Type ConfigState Status Reason ---------- ------ ---- ----------- ------ ------ /opt/couchbase/var/liblcouchbase/data production_policy local guarded guarded N/A [root@N01ENC1PFL-IR30 data]#
Create a Bucket and Run N1QL Query
-
Log on to the Couchbase Web Console.
-
Create a new bucket. Refer to the Couchbase documentation for details.
Alternatively, you can use an existing sample bucket.
-
On any CTE client, check for the newly created bucket in the bucket list.
/opt/couchbase/bin/couchbase-cli bucket-list -c localhost:8091 --username admin --password pvlinux
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/couchbase-cli bucket-list -c localhost:8091 --username admin --password pvlinux travel-sample bucketType: membase numReplicas: 1 ramQuota: 629145600 ramUsed: 55536304 [root@NOIENC1PFL-IR30 ~]#
-
Perform an operation on the bucket by running an N1QL query.
/opt/couchbase/bin/cbq -u=admin select name from `travel-sample` WHERE type="airline" LIMIT 1;
Output:
[root@NOIENC1PFL-IR30 ~]# /opt/couchbase/bin/cbq -u=admin Enter Password: Connected to : http://localhost:8091/. Type Ctrl-D or \QUIT to exit. Path to history file for the shell : /root/.cbq_history cbq> select name from `travel-sample` WHERE type="airline" LIMIT 1; { "requestID": "54f7edb8-4511-49f2-bead-8393e62d60d3", "signature": { "name": llj0.sonll }, "results": [ { "name": "40-Mile Air" } ], "status": "success", "metrics": { "elapsedTime": "27.916695ms", "executionTime": "27.827434ms", "resultCount": 1, "resultSize": 37, "serviceLoad": 12 } } cbq>