Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

A newer version of this documentation is available.

View Latest

server-eshell

    Opens a shell to talk to the cluster manager process

    SYNOPSIS

    couchbase-cli server-eshell [--cluster <url>] [--username <user>] [--password <password>]
    [--client-cert <path>] [--client-cert-password <password>] [--client-key <path>]
    [--client-key-password <password>] [--vm <vm_name>] [--erl <path>]

    DESCRIPTION

    This is a hidden command and is not intended for typical production use. This command allows the user to connect to the cluster manager process in order to make unsupported changes in the cluster manager. This command is typically used as last resort in order to address uncommon production issues. Check with the Couchbase Support team before running this command because improper use can lead to the cluster being placed in an unusable state.

    When this command is executed it connects to the local cluster manager process specified and starts a shell so that the user can interact with the cluster manager. This command only works for localhost and can’t connect to any other host.

    OPTIONS

    -c
    --cluster

    Specifies the hostname of a node in the cluster. See the HOST FORMATS section for more information on specifying a hostname.

    -u
    --username <username>

    Specifies the username of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error.

    -p
    --password <password>

    Specifies the password of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error. If this argument is specified, but no password is given then the command will prompt the user for a password through non-echoed stdin. You may also specify your password by using the environment variable CB_REST_PASSWORD.

    --client-cert <path>

    The path to a client certificate used to authenticate when connecting to a cluster. May be supplied with --client-key as an alternative to the --username and --password flags. See the CERTIFICATE AUTHENTICATION section for more information.

    --client-cert-password <password>

    The password for the certificate provided to the --client-cert flag, when using this flag, the certificate/key pair is expected to be in the PKCS#12 format. See the CERTIFICATE AUTHENTICATION section for more information.

    --client-key <path>

    The path to the client private key whose public key is contained in the certificate provided to the --client-cert flag. May be supplied with --client-cert as an alternative to the --username and --password flags. See the CERTIFICATE AUTHENTICATION section for more information.

    --client-key-password <password>

    The password for the key provided to the --client-key flag, when using this flag, the key is expected to be in the PKCS#8 format. See the CERTIFICATE AUTHENTICATION section for more information.

    --vm

    The part of the cluster manager to connect to. This option can either be set to babysitter, couchdb, or ns_server. The babysitter vm is a monitor that ensures the cluster manager is always running and is restarted in the event of a crash or error. The couchdb vm runs the views service on each data node and the ns_server vm corresponds to the cluster manager. By default the vm option is set to ns_server.

    --erl

    Specified the location of the erlang process. This parameter should be set if the default erlang process that is shipped with Couchbase is not the correct executable to connect to the cluster manager with.

    HOST FORMATS

    When specifying a host for the couchbase-cli command the following formats are expected:

    • couchbase://<addr> or couchbases://<addr>

    • http://<addr>:<port> or https://<addr>:<port>

    • <addr>:<port>

    It is recommended to use the couchbase://<addr> or couchbases://<addr> format for standard installations. The other formats allow an option to take a port number which is needed for non-default installations where the admin port has been set up on a port other that 8091 (or 18091 for https).

    CERTIFICATE AUTHENTICATION (MTLS AUTHENTICATION)

    This tool supports authenticating against a Couchbase Cluster by using certificate based authentication (mTLS authentication). To use certificate based authentication a certificate/key must be supplied, there a currently multiple ways this may be done.

    PEM ENCODED CERTIFICATE/KEY

    An unencrypted PEM encoded certificate/key may be supplied by using: - --client-cert <path> - --client-key <path>

    The file passed to --client-cert must contain the client certificate, and an optional chain required to authenticate the client certificate.

    The file passed to --client-key must contain at most one private key, the key can be in one of the following formats: - PKCS#1 - PKCS#8

    Currently, only the following key types are supported: - RSA - DSA

    PEM ENCODED CERTIFICATE/PEM OR DER ENCRYPTED PKCS#8 KEY

    An encrypted PKCS#8 formatted key may be provided using: - --client-cert <path> - --client-key <path> - --client-key-password <password>

    The file passed to --client-cert must contain the client certificate, and an optional chain required to authenticate the client certificate.

    Currently, only the following key types are supported: - RSA - DSA

    ENCRYPTED PKCS#12 CERTIFICATE/KEY

    An encrypted PKCS#12 certificate/key may be provided using: - --client-cert <path> - --client-cert-password <password>

    The file passed to --client-cert must contain the client certificate and exactly one private key. It may also contain the chain required to authenticate the client certificate.

    Currently, only the following key types are supported: - RSA - DSA

    EXAMPLES

    To connect to the cluster manager process you can run the following command below.

    $ couchbase-cli server-eshell -c 192.168.1.5:8091 --username Administrator \
 --password password
    Erlang R16B03-1 (erts-5.10.4.0.0.1)
    Eshell V5.10.4.0.0.1  (abort with ^G)
(n_0@192.168.1.5)1>

    When the command is executed it will bring up a shell that is connected to the vm specified in the command. Since the --vm parameter is not specified we connect to the default ns_server vm.

    To connect to the babysitter vm the following command would be run.

    $ couchbase-cli server-eshell -c 192.168.1.5:8091 --username Administrator \
 --password password --vm babysitter
    Erlang R16B03-1 (erts-5.10.4.0.0.1)
    Eshell V5.10.4.0.0.1  (abort with ^G)
(n_0@192.168.1.5)1>

    To exit the shell send the SIGINT signal. This can be done by typing Ctrl-C.

    ENVIRONMENT AND CONFIGURATION VARIABLES

    CB_REST_USERNAME

    Specifies the username to use when executing the command. This environment variable allows you to specify a default argument for the -u/--username argument on the command line.

    CB_REST_PASSWORD

    Specifies the password of the user executing the command. This environment variable allows you to specify a default argument for the -p/--password argument on the command line. It also allows the user to ensure that their password are not cached in their command line history.

    CB_CLIENT_CERT

    The path to a client certificate used to authenticate when connecting to a cluster. May be supplied with CB_CLIENT_KEY as an alternative to the CB_USERNAME and CB_PASSWORD variables. See the CERTIFICATE AUTHENTICATION section for more information.

    CB_CLIENT_CERT_PASSWORD

    The password for the certificate provided to the CB_CLIENT_CERT variable, when using this variable, the certificate/key pair is expected to be in the PKCS#12 format. See the CERTIFICATE AUTHENTICATION section for more information.

    CB_CLIENT_KEY

    The path to the client private key whose public key is contained in the certificate provided to the CB_CLIENT_CERT variable. May be supplied with CB_CLIENT_CERT as an alternative to the CB_USERNAME and CB_PASSWORD variables. See the CERTIFICATE AUTHENTICATION section for more information.

    CB_CLIENT_KEY_PASSWORD

    The password for the key provided to the CB_CLIENT_KEY variable, when using this variable, the key is expected to be in the PKCS#8 format. See the CERTIFICATE AUTHENTICATION section for more information.

    COUCHBASE-CLI

    Part of the couchbase-cli suite