In order to connect to Couchbase deployments on cloud (AWS, Azure or GCP) or Kubernetes, we support multi-addresses in the form of alternate addresses. External applications use this facility to communicate with the cluster, but not directly to the nodes. These settings allow internal access to a router or other networked entity that provides interfaces on the cluster’s behalf.
When setting up alternate addresses, we can also set up alternate port numbers. The best example for the alternate address setup is AWS public and private IP addresses. Each node has a Private IP and DNS but they can also assign a public IP and DNS record. Those public IPs can be either statically or dynamically assigned.
Access to nodes within an internal network or cloud
The clients then connect to the public host and ports as seen under the external address section in the nodeServices information under the pools/default/nodesServices Rest endpoint.
Port Forwarding Couchbase Instance on AWS
One important step when setting up alternate addresses is port forwarding. When alternate addresses are provisioned, the mapping from external host and port to internal ports must be done by a network administrator. The client can then use the external address and port to connect to the service.
Once within the network (a user connects to an external facing address, internal to the deployment where the port mapping takes place), the external port will be mapped to the internal port to access the service based on authorization. This can be done on AWS using the steps outlined here.
Depending on what is accessible outside the firewall (port-level access), the client can send queries to that service. Once alternate external addresses and ports are provisioned the Couchbase ns_server service updates REST endpoints:
|
1 2 3 4 5 6 7 |
pools/default pools/nodes pools/default/buckets, pools/default/buckets/<bucket-name>, pools/default/buckets/<bucket-name>/nodes pools/default/b/<bucket-name>, pools/default/bs/<bucket-name> poolsStreaming/default pools/default/bucketsStreaming/<bucket-name> pools/default/nodesServices, pools/default/nodesServicesStreaming |
Internally, Couchbase services don’t need to restart on new ports and only the client should allow connections to a particular host/port based on information available in the nodeServices property under the external attribute.
The nodeServices REST endpoint shows the mapping of hosts and ports:
|
1 2 3 4 5 6 7 8 9 |
"alternateAddresses": { "external": { "hostname": "ec2-3-140-253-252.us-east-2.compute.amazonaws.com", "ports": { "mgmt": 8891, "mgmtSSL": 18891, "n1ql": 9000, "n1qlSSL": 19000 … |
Alternate address setup steps
1 – Setup the Couchbase cluster and use REST calls or CLI to set up alternate addresses:
|
1 |
$ curl -v -X PUT -u [admin]:[password] http://[ip-address]:8091/node/controller/setupAlternateAddresses/external [-d hostname=<alternate-address> ] [-d <service-name>=<alternate-port-number> ] |
OR
|
1 |
$ couchbase-cli setting-alternate-address [--cluster <url>] [--username <user>] [--password <password>] [--list] [--set] [--remove] [--hostname <host>] [--ports <ports>] |
In the example below, the external address becomes cluster.com for internal node 172.23.104.92. It also sets the new N1QL external port to 9000.
|
1 |
$ couchbase-cli setting-alternate-address -c 172.23.104.92 -u Administrator -p password --hostname cluster.com --set --node 172.23.104.92 --ports n1ql=9000,n1qlSSL=19000 |
2 – Modify /etc/hosts to contain access to cluster.com.
3 – For port forwarding on a virtual machine, we can use the following command for the Query service running on port 8093.
|
1 |
$ iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 9000 -j REDIRECT --to-port 8093 |
Then list the current forwarding settings to confirm:
|
1 2 3 4 |
$ iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9000 redir ports 8093 |
List the alternate address settings:
|
1 2 3 |
$ /opt/couchbase/bin/couchbase-cli setting-alternate-address -c 172.23.104.92 -u Administrator -p password --list Hostname Alternate Address | Ports (Primary/Alternate) | capi | capiSSL | fts | ftsGRPC | ftsGRPCSSL | ftsSSL | indexAdmin | indexHttp | indexHttps | indexScan | indexStreamCatchup | indexStreamInit | indexStreamMaint | kv | kvSSL | mgmt | mgmtSSL | n1ql | n1qlSSL | projector 172.23.104.92 - cluster.com | 8092/8092 | 18092/180928094/8094 | 9130/9130 | 19130/1913018094/180949100/9100 | 9102/9102 | 19102/191029101/9101 | 9104/9104 | 9103/9103 | 9105/9105 | 11210/1121011207/112078091/8091 | 18091/180918093/8093 | 18093/180939999/9999 |
In order to use the cbq query tool to access alternate addresses, use the networkconfig or nfcg option and set it to external. This allows us to run queries:
|
1 2 3 4 5 6 |
$ ./cbq -u Administrator -p password -e ec2-***.us-east-2.compute.amazonaws.com:9000 -ncfg external Connected to : http://ec2-***.us-east-2.compute.amazonaws.com:9000/. Type Ctrl-D or \QUIT to exit. Path to history file for the shell: /root/.cbq_history cbq> |
Refer to the Couchbase documentation here for more cluster, networking and alternate address usage.
