This feature is in and subject to change. To share feedback and/or issues, contact Support.
- The system virtual cluster for administration tasks in both clusters, and starting the replication stream from the standby cluster.
- The application virtual cluster on the primary cluster to work with databases, tables, workloads, and so on.
Overview
The high-level steps in this tutorial are:- Create and start the primary cluster.
- Configure and create a user on the primary cluster.
- Create and start the standby cluster.
- Configure and create a user on the standby cluster.
- Securely copy certificates.
- Start the replication stream from the standby cluster.
Before you begin
- Two separate CockroachDB clusters (primary and standby) with a minimum of three nodes each, and each using the same CockroachDB v23.2 version. The standby cluster should be the same version or one version ahead of the primary cluster. The primary and standby clusters must be configured with similar hardware profiles, number of nodes, and overall size. Significant discrepancies in the cluster configurations may result in degraded performance.
- To set up each cluster, you can follow . When you start each node in your cluster with the
cockroach startcommand, you must pass the--config-profileflag with areplicationvalue. Refer to cluster creation steps for the primary cluster and for the standby cluster for details. - The tutorial creates a self-signed certificate for each self-hosted cluster. To create certificates signed by an external certificate authority, refer to .
- To set up each cluster, you can follow . When you start each node in your cluster with the
- All nodes in each cluster will need access to the Certificate Authority for the other cluster. Refer to Copy certificates.
- The primary and standby clusters must have the same . For example, replicating a multi-region primary cluster to a single-region standby cluster is not supported. Mismatching regions between a multi-region primary and standby cluster is also not supported.
Step 1. Create the primary cluster
Start the primary cluster
To enable PCR, it is necessary to start each node with the appropriate configuration profile set with the--config-profile flag. A configuration profile applies a custom configuration to the server at initialization time. When using PCR, the replication-source and replication-target configuration profiles are used to create a virtualized cluster with a system virtual cluster and an application virtual cluster.
The primary cluster requires the following value:
cockroach start command according to the :
Connect to the primary cluster system virtual cluster
Connect to your primary cluster’s system virtual cluster using .-
To connect to the system virtual cluster, pass the
options=-ccluster=systemparameter in the URL:The prompt will includesystemwhen you are connected to the system virtual cluster.
You should only connect to the system virtual cluster for cluster administration. To work with databases, tables, or workloads, connect to the application virtual cluster.
-
Confirm the status of your virtual cluster:
The output will include the
systeminterface and theapplicationvirtual cluster:Because this is the primary cluster rather than the standby cluster,data_stateof all rows isready, rather thanreplicatingor another status.
Create a replication user and password
The standby cluster connects to the primary cluster’s system virtual cluster using an identity with theREPLICATION privilege. Connect to the primary cluster’s system virtual cluster and create a user with a password:
-
From the primary’s system virtual cluster SQL shell, create a user and password:
-
Grant the to your user:
If you need to change the password later, refer to .
Connect to the primary virtual cluster (optional)
-
If you would like to run a sample workload on the primary’s application virtual cluster, open a new terminal window and use to run the workload.
For example, to initiate the workload:
Replace and with a node’s IP address or hostname and port. The
cockroach workloadcommand does not support connection or security flags like other . Instead, you must use a at the end of the command. As a result, for the example in this tutorial, you will need:-
options=-ccluster=application -
sslmode=verify-full -
sslrootcert={path}/certs/ca.crt: the path to the CA certificate. -
sslcert={path}/certs/client.root.crt: the path to the client certificate. -
sslkey={path}/certs/client.root.key: the path to the client private key. For additional detail on the standard CockroachDB connection parameters, refer to .
-
-
Run the
movrworkload for a set duration using the same connection string: -
To connect to the primary cluster’s application virtual cluster, use the
ccluster=applicationparameter:The prompt will includeapplicationwhen you are connected to the application virtual cluster. -
Create a user for your primary cluster’s application virtual cluster:
-
You can connect to the with this user to observe activity on the primary cluster. Open a web browser at
https://{node IP or hostname}:8080/and enter your credentials.
Step 2. Create the standby cluster
Start the standby cluster
Similarly to the primary cluster, each node on the standby cluster must be started with the--config-profile flag set to replication-target. This creates a virtualized cluster with a system virtual cluster and an application virtual cluster, and sets up all the required configuration for starting a replication stream.
For example, a cockroach start command according to the :
Connect to the standby cluster system virtual cluster
Connect to your standby cluster’s system virtual cluster using .-
To connect to the system virtual cluster, pass the
options=-ccluster=systemparameter in the URL:The prompt will includesystemwhen you are connected to the system virtual cluster. -
Add your cluster organization and to the cluster:
-
Confirm the status of your virtual cluster:
The output will show the
systeminterface, but noapplicationvirtual cluster:The configuration profile included at startup creates thetemplatevirtual cluster with the same set of capabilities per CockroachDB version. When you start a replication stream, you can specify thetemplateVC withLIKEto ensure other virtual clusters on the standby cluster will work in the same way. Refer to Step 4: Start replication for syntax details.
Create a user for the standby cluster
If you would like to access the to observe your replication, you will need to create a user:-
Create a user:
-
To observe the replication activity, your user will need privileges:
Open the DB Console in your web browser:
https://{node IP or hostname}:8080/, where you will be prompted for these credentials. Refer to for more detail on tracking relevant metrics for your replication stream.
Step 3. Copy certificates
At this point, the primary and standby clusters are both running. The next step allows the standby cluster to connect to the primary cluster and begin ingesting its data. Depending on how you manage certificates, you must ensure that all nodes on the primary and the standby cluster have access to the certificate of the other cluster.It is important to carefully manage the exchange of CA certificates between clusters if you have generated self-signed certificates with
cockroach cert as part of the .To create certificates signed by an external certificate authority, refer to .
For example, if you followed the prerequisite, you need to add the ca.crt from the primary cluster to the certs directory on all the nodes in the standby cluster.- Name the
ca.crtfrom the primary cluster to a new name on the standby cluster. For example,ca_primary.crt. - Securely copy
ca_primary.crtto thecertsdirectory of the standby cluster nodes.
ca.crt from the standby cluster to the certs directory on all the nodes in the primary cluster.
- Name the
ca.crtfrom the standby cluster to a new name on the primary cluster. For example,ca_standby.crt. - Securely copy
ca_standby.crtto thecertsdirectory of the primary cluster nodes.
Step 4. Start replication
The system virtual cluster in the standby cluster initiates and controls the replication stream by pulling from the primary cluster. In this section, you will connect to the primary from the standby to initiate the replication stream.-
From the standby cluster, use your connection string to the primary.
The connection string contains:
- The replication user and password that you created for the primary cluster.
- The node IP address or hostname of one node from the primary cluster.
-
The path to the primary node’s certificate on the standby cluster.
Including the
LIKE templateparameter ensures that the virtual cluster on the standby is created with the correct capabilities, which manage what the virtual cluster can do.LIKEwill refer to a virtual cluster on the CockroachDB cluster you’re running the statement from. Once the standby cluster has made a connection to the primary cluster, the standby will pull the topology of the primary cluster and will distribute the replication work across all nodes in the primary and standby.
-
To view all virtual clusters on the standby, run:
The standby cluster will show the
applicationvirtual cluster is in areplicatingstate.The standby cluster’s virtual cluster is offline while the replication stream is running. To bring it online, you must explicitly . -
To manage the replication stream, you can the replication stream as well as the current details for the job:
With the replication stream running, you can monitor the job via the DB Console, SQL shell, or Prometheus. You can also verify data is correct on the standby cluster at a specific point in time. For more detail, refer to .
You cannot pause a PCR job for longer than 24 hours. PCR jobs paused for longer than 24 hours fail and cannot be recovered.

