xdcr-setup

xdcr-setup

XDCR data encryption with Secure Socket Layer (SSL) is enabled with the xdcr-setup command (Enterprise Edition only).

Syntax

To configure XDCR with SSL data encryption, the xdcr-setup command is used. The option --xdcr-demand-encryption enables and disables data encryption. To enable, specify 1. To disable, specify 0 (default).

couchbase-cli xdcr-setup -c localhost:port -u [localadmin] -p [localpassword] [options]

Description

The Couchbase Server command line interface (CLI) enables XDCR data encryption (Enterprise Edition only) when an XDCR cluster reference is created or modified.

To setup XDCR with SSL data encryption:

  1. Retrieve the certificate from the destination cluster.
  2. Create or modify the XDCR configuration to allow data encryption and provide the SSL certificate.
  3. Define the replication.

Options

The --xdcr-demand-encryption option enables and disables XDCR data encryption. The -xdcr-certificate=CERTIFICATE option provides the SSL certificate for data security.

The following are the command options:

Table 1. xdcr-setup options
Option Description
--create Create a new XDCR configuration.
--edit Modify an existing XDCR configuration
--delete Delete an existing XDCR configuration.
--list List all XDCR configurations.
--xdcr-cluster-name=CLUSTERNAME The remote cluster to replicate to.
--xdcr-hostname=HOSTNAME The remote host name to connect to.
--xdcr-username=USERNAME The administrator's username for the remote cluster.
--xdcr-password=PASSWORD The administrator's password for the remote cluster.
--xdcr-demand-encryption=[0|1] Allow data encrypted using SSL (yes=1, no=0).
--xdcr-certificate=CERTIFICATE A PEM-encoded certificate that needs to be present if the xdcr-demand-encryption parameter is set to be true.

Examples

To require XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=1.

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u Administrator -p password \
--create --xdcr-cluster-name=Omaha --xdcr-hostname=10.3.4.187:8091 \ 
--xdcr-username=Peyton --xdcr-password=Manning --xdcr-demand-encryption=1 \
--xdcr-certificate=./new.pem

To disable XDCR data encryption, execute couchbase-cli xdcr-setup with --xdcr-demand-encryption=0.

Request:

couchbase-cli xdcr-setup -c 10.3.4.186:8091 -u Administrator -p password \
--create --xdcr-cluster-name=Omaha --xdcr-hostname=10.3.4.187:8091 \ 
--xdcr-username=Peyton --xdcr-password=Manning \ 
--xdcr-demand-encryption=0 

Response:

The following is an example of results for a successful XDCR configuration.

SUCCESS: init/edit test 
<<replication reference created>>