This page shows you how to manually deploy an insecure multi-node CockroachDB cluster on Amazon's AWS EC2 platform, using AWS's managed load balancing service to distribute client traffic.

Warning:
If you plan to use CockroachDB in production, we strongly recommend using a secure cluster instead. Select Secure above for instructions.

Requirements

  • You must have SSH access to each machine. This is necessary for distributing and starting CockroachDB binaries.

  • Your network configuration must allow TCP communication on the following ports:

    • 26257 for intra-cluster and client-cluster communication
    • 8080 to expose your Admin UI

Recommendations

  • If you plan to use CockroachDB in production, we recommend using a secure cluster instead. Using an insecure cluster comes with risks:

    • Your cluster is open to any client that can access any node's IP addresses.
    • Any user, even root, can log in without providing a password.
    • Any user, connecting as root, can read or write any data in your cluster.
    • There is no network encryption or authentication, and thus no confidentiality.
  • For guidance on cluster topology, clock synchronization, cache and SQL memory size, and file descriptor limits, see Recommended Production Settings.

  • Decide how you want to access your Admin UI:

    Access Level Description
    Partially open Set a firewall rule to allow only specific IP addresses to communicate on port 8080.
    Completely open Set a firewall rule to allow all IP addresses to communicate on port 8080.
    Completely closed Set a firewall rule to disallow all communication on port 8080. In this case, a machine with SSH access to a node could use an SSH tunnel to access the Admin UI.
  • All instances running CockroachDB should be members of the same Security Group.

Step 1. Configure your network

CockroachDB requires TCP communication on two ports:

  • 26257 for inter-node communication (i.e., working as a cluster), for applications to connect to the load balancer, and for routing from the load balancer to nodes
  • 8080 for exposing your Admin UI

You can create these rules using Security Groups' Inbound Rules.

Inter-node and load balancer-node communication

Field Recommended Value
Type Custom TCP Rule
Protocol TCP
Port Range 26257
Source The name of your security group (e.g., sg-07ab277a)

Admin UI

Field Recommended Value
Type Custom TCP Rule
Protocol TCP
Port Range 8080
Source Your network's IP ranges

Application data

Field Recommended Value
Type Custom TCP Rules
Protocol TCP
Port Range 26257
Source Your application's IP ranges

Step 2. Create instances

Create an instance for each node you plan to have in your cluster. We recommend:

  • Running at least 3 CockroachDB nodes to ensure survivability.
  • Selecting the same continent for all of your instances for best performance.

Step 3. Set up load balancing

Each CockroachDB node is an equally suitable SQL gateway to your cluster, but to ensure client performance and reliability, it's important to use TCP load balancing:

  • Performance: Load balancers spread client traffic across nodes. This prevents any one node from being overwhelmed by requests and improves overall cluster performance (queries per second).

  • Reliability: Load balancers decouple client health from the health of a single CockroachDB node. In cases where a node fails, the load balancer redirects client traffic to available nodes.

AWS offers fully-managed load balancing to distribute traffic between instances.

  1. Add AWS load balancing. Be sure to:
    • Set forwarding rules to route TCP traffic from the load balancer's port 26257 to port 26257 on the node Droplets.
    • Configure health checks to use HTTP port 8080 and path /health.
  2. Note the provisioned IP Address for the load balancer. You'll use this later to test load balancing and to connect your application to the cluster.
Note:
If you would prefer to use HAProxy instead of AWS's managed load balancing, see Manual Deployment for guidance.

Step 4. Start nodes

For each initial node of your cluster, complete the following steps:

Note:
After completing these steps, nodes will not yet be live. They will complete the startup process and join together to form a cluster as soon as the cluster is initialized in the next step.
  1. SSH to the machine where you want the node to run.

  2. Download the CockroachDB archive for Linux, and extract the binary:

    copy
    icon/buttons/copy
    $ wget -qO- https://binaries.cockroachdb.com/cockroach-v1.1.4.linux-amd64.tgz \
    | tar  xvz
    
  3. Copy the binary into the PATH:

    copy
    icon/buttons/copy
    $ cp -i cockroach-v1.1.4.linux-amd64/cockroach /usr/local/bin
    

    If you get a permissions error, prefix the command with sudo.

  4. Run the cockroach start command:

    copy
    icon/buttons/copy
    $ cockroach start --insecure \
    --host=<node1 address> \
    --join=<node1 address>:26257,<node2 address>:26257,<node3 address>:26257 \
    --cache=25% \
    --max-sql-memory=25% \
    --background
    

    This command primes the node to start, using the following flags:

    Flag Description
    --insecure Indicates that the cluster is insecure, with no network encryption or authentication.
    --host Specifies the hostname or IP address to listen on for intra-cluster and client communication. If it is a hostname, it must be resolvable from all nodes, and if it is an IP address, it must be routable from all nodes.

    If you want the node to listen on multiple interfaces, leave --host empty.

    If you want the node to communicate with other nodes on an internal address (e.g., within a private network) while listening on all interfaces, leave --host empty and set the --advertise-host flag to the internal address.
    --join Identifies the address and port of 3-5 of the initial nodes of the cluster.
    --cache
    --max-sql-memory
    Increases the node's cache and temporary SQL memory size to 25% of available system memory to improve read performance and increase capacity for in-memory SQL processing (see Recommended Production Settings for more details).
    background Starts the node in the background so you gain control of the terminal to issue more commands.

    For other flags not explicitly set, the command uses default values. For example, the node stores data in --store=cockroach-data, binds internal and client communication to --port=26257, and binds Admin UI HTTP requests to --http-port=8080. To set these options manually, see Start a Node.

  5. Repeat these steps for each addition node that you want in your cluster.

Step 5. Initialize the cluster

On your local machine, complete the node startup process and have them join together as a cluster:

  1. Install CockroachDB on your local machine, if you haven't already.

  2. Run the cockroach init command, with the --host flag set to the address of any node:

    copy
    icon/buttons/copy
    $ cockroach init --insecure --host=<address of any node>
    

    Each node then prints helpful details to the standard output, such as the CockroachDB version, the URL for the admin UI, and the SQL URL for clients.

Step 6. Test the cluster

CockroachDB replicates and distributes data for you behind-the-scenes and uses a Gossip protocol to enable each node to locate data across the cluster.

To test this, use the built-in SQL client locally as follows:

  1. On your local machine, launch the built-in SQL client, with the --host flag set to the address of any node:

    copy
    icon/buttons/copy
    $ cockroach sql --insecure --host=<address of any node>
    
  2. Create an insecurenodetest database:

    copy
    icon/buttons/copy
    > CREATE DATABASE insecurenodetest;
    
  3. Use \q or ctrl-d to exit the SQL shell.

  4. Launch the built-in SQL client, with the --host flag set to the address of a different node:

    copy
    icon/buttons/copy
    $ cockroach sql --insecure --host=<address of different node>
    
  5. View the cluster's databases, which will include insecurenodetest:

    copy
    icon/buttons/copy
    > SHOW DATABASES;
    
    +--------------------+
    |      Database      |
    +--------------------+
    | crdb_internal      |
    | information_schema |
    | insecurenodetest   |
    | pg_catalog         |
    | system             |
    +--------------------+
    (5 rows)
    
  6. Use \q or ctrl-d to exit the SQL shell.

Step 7. Test load balancing

Now that a load balancer is running, it can serve as the client gateway to the cluster. Instead of connecting directly to a CockroachDB node, clients can connect to the load balancer, which will then redirect the connection to a CockroachDB node.

To test this, use the built-in SQL client locally as follows:

  1. Launch the built-in SQL client, with the --host flag set to the address of the load balancer:

    copy
    icon/buttons/copy
    $ cockroach sql --insecure \
    --host=<load balancer address> \
    --port=26257
    
  2. View the cluster's databases:

    copy
    icon/buttons/copy
    > SHOW DATABASES;
    
    +--------------------+
    |      Database      |
    +--------------------+
    | crdb_internal      |
    | information_schema |
    | insecurenodetest   |
    | pg_catalog         |
    | system             |
    +--------------------+
    (5 rows)
    

    As you can see, the load balancer redirected the query to one of the CockroachDB nodes.

  3. Use the node_id session variable to check which node you were redirected to:

    copy
    icon/buttons/copy
    > SHOW node_id;
    
    +---------+
    | node_id |
    +---------+
    |       3 |
    +---------+
    (1 row)
    
  4. Use \q or ctrl-d to exit the SQL shell.

Step 8. Use the cluster

Now that your deployment is working, you can:

  1. Implement your data model.
  2. Create users and grant them privileges.
  3. Connect your application. Be sure to connect your application to the AWS load balancer, not to a CockroachDB node.

Step 9. Monitor the cluster

View your cluster's Admin UI by going to http://<address of any node>:8080.

In the UI, verify that the cluster is running as expected:

  1. Click View nodes list on the right to ensure that all of your nodes successfully joined the cluster.

  2. Click the Databases tab on the left to verify that insecurenodetest is listed.

Tip:
You can also use Prometheus and other third-party, open source tools to monitor and visualize cluster metrics and send notifications based on specified rules. For more details, see Monitor CockroachDB with Prometheus.

Step 10. Scale the cluster

For each additional node you want to add to the cluster, complete the following steps:

  1. SSH to the machine where you want the node to run.

  2. Download the CockroachDB archive for Linux, and extract the binary:

    copy
    icon/buttons/copy
    $ wget -qO- https://binaries.cockroachdb.com/cockroach-v1.1.4.linux-amd64.tgz \
    | tar  xvz
    
  3. Copy the binary into the PATH:

    copy
    icon/buttons/copy
    $ cp -i cockroach-v1.1.4.linux-amd64/cockroach /usr/local/bin
    

    If you get a permissions error, prefix the command with sudo.

  4. Run the cockroach start command just like you did for the initial nodes:

    copy
    icon/buttons/copy
    $ cockroach start --insecure \
    --host=<node4 address> \
    --join=<node1 address>:26257,<node2 address>:26257,<node3 address>:26257 \
    --cache=25% \
    --max-sql-memory=25% \
    --background
    

See Also



Yes No