How to Deploy a Secure CockroachDB Cluster on Ubuntu 22.04
CockroachDB is a distributed SQL database that’s designed for scalability and high availability. Deploying it on Ubuntu 22.04 can be a powerful addition to your infrastructure. In this guide, we’ll walk you through the steps to deploy a secure CockroachDB cluster on Ubuntu 22.04.
Prerequisites:
- Three Ubuntu 20.04 servers. These will be your CockroachDB nodes.
- SSH access to all three servers with sudo privileges.
- Basic understanding of Linux server administration.
Step 1: Update Your System
Before you begin, ensure your system is up to date:
sudo apt update
sudo apt upgrade
Step 2: Install CockroachDB
CockroachDB provides a convenient script for installation. Run the following commands on each of your servers:
wget https://binaries.cockroachdb.com/cockroach-latest.linux-amd64.tgz
tar -xzf cockroach-latest.linux-amd64.tgz
sudo cp cockroach-latest.linux-amd64/cockroach /usr/local/bin/
Step 3: Configure CockroachDB Nodes
On each server, create a directory to store the CockroachDB data and a configuration file:
sudo mkdir -p /var/lib/cockroach
sudo touch /etc/cockroachdb/cockroach.yml
Edit the configuration file using your preferred text editor. Here’s a basic configuration:
# /etc/cockroachdb/cockroach.yml
# Common settings
server:
http_addr: <node-IP>:8080
addr: <node-IP>:26257
# Encryption settings (generate certs before using)
tls:
cert_file: /etc/cockroachdb/certs/cockroach.crt
key_file: /etc/cockroachdb/certs/cockroach.key
ca_file: /etc/cockroachdb/certs/ca.crt
# Secure the node
insecure: false
Make sure to replace <node-IP>
with the actual IP address of each server. The example above includes TLS encryption; you should generate appropriate certificates for your cluster.
Step 4: Initialize the First Node
On one of your servers, initialize the CockroachDB cluster:
cockroach init --insecure --host=<node-IP>:26257
Step 5: Start CockroachDB Nodes
On all three servers, start the CockroachDB service:
sudo cockroach start --background
Step 6: Access the Admin UI
You can access the CockroachDB Admin UI by visiting http://<node-IP>:8080
in your web browser. This interface provides insights into your cluster’s performance and status.
Step 7: Secure the Cluster
For a production environment, you should secure your CockroachDB cluster by setting up proper authentication and encryption. Refer to the official CockroachDB documentation for detailed instructions on securing your cluster.
Conclusion
You’ve successfully deployed a secure CockroachDB cluster on Ubuntu 22.04. CockroachDB’s distributed architecture and scalability make it a powerful choice for high-availability database solutions. Remember to follow best practices for securing your cluster, especially in a production environment.