Skip to main content
Skip table of contents

Sudo privileges for the CockroachDB environment OS user

Continuous Data Engine connects to the target host (via SSH) to perform the following operations: 

  1. Continuous Data Engine dynamically mounts and unmounts directories for linking and provisioning operations. This privilege is required because mount and unmount are typically reserved for users with superuser (root) permissions.

  2. Continuous Data Engine dynamically creates and removes directories for linking and provisioning operations.

Operations (1) and (2) above will require sudo privileges for the OS user. 

Configuring sudo access on target environments [as root user]:

  1. The sudo configuration exists in /etc/sudoers file. We can edit this file directly or use a utility called visudo to add the privilege.

    CODE
    vi /etc/sudoers
    # Or
    visudo
  2. Adding the privileges

    CODE
    Defaults:delphix_os !requiretty
    delphix_os ALL=NOPASSWD: /bin/mount,/bin/umount,/bin/mkdir,/bin/rmdir, /bin/ps
    delphix_os ALL=(couchbase) NOPASSWD: ALL

The examples used above are for illustrative purposes and the sudo file configuration options are subject to change.

  1. To secure communication within your CockroachDB staging/target cluster, it is imperative to ensure that the certificate directory contains valid certificates encompassing the IP address and hostname of the CockroachDB staging/target server.

    1. List Certificates and Keys

      CODE
      cockroach cert list --certs-dir=[path-to-certs-directory]
      
      $ cockroach cert list --certs-dir=/home/cockroach/certs
      Certificate directory: /home/cockroach/certs
        Usage  | Certificate File |    Key File     |  Expires   |                             Notes                              | Error
      ---------+------------------+-----------------+------------+----------------------------------------------------------------+--------
        CA     | ca.crt           |                 | 2032/03/29 | num certs: 1                                                   |
        Node   | node.crt         | node.key        | 2027/03/26 | addresses: crdb-node.example.com, 10.1.1.1                     |
        Client | client.root.crt  | client.root.key | 2027/03/26 | user: root                                                     |
      (3 rows)
    2. Verification of SSL/TLS Connection

      CODE
      cockroach sql --certs-dir=[certs-locations] --host=[ip-address]:[port]

Make sure to replace [certs-locations], [ip-address], and [port] with the actual locations and details.

Requiretty settings for CockroachDB

The Continuous Data Engine requires that the requiretty setting be disabled for all Continuous Data users with sudo privileges.

It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown here: Sudo File Configuration Examples for CockroachDB Environments. This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.

  • Additionally, requirements for the Delphix OS user are as follows:

    • Should be a regular o/s user with primary group as cockroach software installer O/S user.

    • Must have access to backup files of the source database stored on the staging host.

    • Must have read and execute access on all files within CockroachDB installation Path: locations where software binaries are installed and located on the staging host. Minimum permission level 775 recommended.

  • Ensure to disable any login banners that resemble the one depicted in the image below on the staging host.

    cockroach8.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.