A newer version of this documentation is available.

View Latest

setting-alternate-address

      +

      Modify alternate addresses

      SYNOPSIS

      couchbase-cli setting-alternate-address [--cluster <url>] [--username <user>] [--password <password>]
          [--client-cert <path>] [--client-cert-password <password>] [--client-key <path>]
          [--client-key-password <password>] [--list] [--set] [--remove] [--hostname <host>]
          [--ports <ports>]

      DESCRIPTION

      This command is used to set the alternate address for a node. This alternate address allows the node to be connected by a different address, this is useful when an external agent tries to connect via a NAT’d environment such as the cloud or kubernetes.

      OPTIONS

      -c
      --cluster

      Specifies the hostname of a node in the cluster. See the HOST FORMATS section for more information on specifying a hostname.

      -u
      --username <username>

      Specifies the username of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error.

      -p
      --password <password>

      Specifies the password of the user executing the command. If you do not have a user account with permission to execute the command then it will fail with an unauthorized error. If this argument is specified, but no password is given then the command will prompt the user for a password through non-echoed stdin. You may also specify your password by using the environment variable CB_REST_PASSWORD.

      --client-cert <path>

      The path to a client certificate used to authenticate when connecting to a cluster. May be supplied with --client-key as an alternative to the --username and --password flags. See the CERTIFICATE AUTHENTICATION section for more information.

      --client-cert-password <password>

      The password for the certificate provided to the --client-cert flag, when using this flag, the certificate/key pair is expected to be in the PKCS#12 format. See the CERTIFICATE AUTHENTICATION section for more information.

      --client-key <path>

      The path to the client private key whose public key is contained in the certificate provided to the --client-cert flag. May be supplied with --client-cert as an alternative to the --username and --password flags. See the CERTIFICATE AUTHENTICATION section for more information.

      --client-key-password <password>

      The password for the key provided to the --client-key flag, when using this flag, the key is expected to be in the PKCS#8 format. See the CERTIFICATE AUTHENTICATION section for more information.

      --list

      Show current alternate addresses. Please note only the first 43 characters hostname and alternate address are displayed. The full hostnames are shown in the json output (-o json).

      --set

      Set alternate address for the node specified in the -c/--cluster option.

      --remove

      Remove alternate address for the node specified in the -c/--cluster option.

      --node <node>

      The node in the cluster to take action on. This is required when using --set or --remove flags.

      --hostname <host>

      Alternate host address

      --ports <port>

      Alternate port mappings. Specified as a comma separated list: e.g. --ports kv=9000,kvSSL=9999.

      HOST FORMATS

      When specifying a host for the couchbase-cli command the following formats are expected:

      • couchbase://<addr> or couchbases://<addr>

      • http://<addr>:<port> or https://<addr>:<port>

      • <addr>:<port>

      It is recommended to use the couchbase://<addr> or couchbases://<addr> format for standard installations. The other formats allow an option to take a port number which is needed for non-default installations where the admin port has been set up on a port other that 8091 (or 18091 for https).

      CERTIFICATE AUTHENTICATION (MTLS AUTHENTICATION)

      This tool supports authenticating against a Couchbase Cluster by using certificate based authentication (mTLS authentication). To use certificate based authentication a certificate/key must be supplied, there a currently multiple ways this may be done.

      PEM ENCODED CERTIFICATE/KEY

      An unencrypted PEM encoded certificate/key may be supplied by using: - --client-cert <path> - --client-key <path>

      The file passed to --client-cert must contain the client certificate, and an optional chain required to authenticate the client certificate.

      The file passed to --client-key must contain at most one private key, the key can be in one of the following formats: - PKCS#1 - PKCS#8

      Currently, only the following key types are supported: - RSA - DSA

      PEM ENCODED CERTIFICATE/PEM OR DER ENCRYPTED PKCS#8 KEY

      An encrypted PKCS#8 formatted key may be provided using: - --client-cert <path> - --client-key <path> - --client-key-password <password>

      The file passed to --client-cert must contain the client certificate, and an optional chain required to authenticate the client certificate.

      Currently, only the following key types are supported: - RSA - DSA

      ENCRYPTED PKCS#12 CERTIFICATE/KEY

      An encrypted PKCS#12 certificate/key may be provided using: - --client-cert <path> - --client-cert-password <password>

      The file passed to --client-cert must contain the client certificate and exactly one private key. It may also contain the chain required to authenticate the client certificate.

      Currently, only the following key types are supported: - RSA - DSA

      EXAMPLES

      To set the alternate address and custom ports for node 192.168.1.5 we would use the following command:

      $ couchbase-cli setting-alternate-address -c 192.168.1.5:8091 --username Administrator \
         --password password --set --node 192.168.1.5 --hostname 10.10.10.10 \
         --ports mgmt=1100,capi=2000,capiSSL=3000

      To see the current alternate address configuration we would use the --list flag as follows:

      $ couchbase-cli setting-alternate-address -c 192.168.1.5:8091 --username Administrator \
         --password password --list

      DISCUSSION

      All of the ports that can be configured:

      Table 1. Alternate Ports
      Port Name Encrypted Port Name Service Description

      mgmt

      mgmtSSL

      Cluster Manager

      The UI and REST API for managing the Cluster

      kv

      kvSSL

      Data

      Used by the SDKs and XDCR to transfer data to and from the Data Service

      capi

      capiSSL

      View Engine

      Used by the SDKs and XDCR

      n1ql

      n1qlSSL

      Query

      Used by the SDKs to query data

      fts

      ftsSSL

      Search

      Used by the SDKs to do full text searches

      cbas

      cbasSSL

      Analytics

      Used by the SDKs to query data managed by the Analytic service

      eventingAdminPort

      eventingSSL

      Eventing

      Used by the SDK to transfer data to and from the Eventing Service

      eventingDebug

      N/A

      Eventing

      The Eventing debugger port, this should only be set in development environments.

      backupAPI

      backupAPIHTTPS

      Backup

      The backup service REST API.

      N/A

      backupGRPC

      Backup

      Used by backup nodes to communicate with each other.

      ENVIRONMENT AND CONFIGURATION VARIABLES

      CB_REST_USERNAME

      Specifies the username to use when executing the command. This environment variable allows you to specify a default argument for the -u/--username argument on the command line.

      CB_REST_PASSWORD

      Specifies the password of the user executing the command. This environment variable allows you to specify a default argument for the -p/--password argument on the command line. It also allows the user to ensure that their password are not cached in their command line history.

      CB_CLIENT_CERT

      The path to a client certificate used to authenticate when connecting to a cluster. May be supplied with CB_CLIENT_KEY as an alternative to the CB_USERNAME and CB_PASSWORD variables. See the CERTIFICATE AUTHENTICATION section for more information.

      CB_CLIENT_CERT_PASSWORD

      The password for the certificate provided to the CB_CLIENT_CERT variable, when using this variable, the certificate/key pair is expected to be in the PKCS#12 format. See the CERTIFICATE AUTHENTICATION section for more information.

      CB_CLIENT_KEY

      The path to the client private key whose public key is contained in the certificate provided to the CB_CLIENT_CERT variable. May be supplied with CB_CLIENT_CERT as an alternative to the CB_USERNAME and CB_PASSWORD variables. See the CERTIFICATE AUTHENTICATION section for more information.

      CB_CLIENT_KEY_PASSWORD

      The password for the key provided to the CB_CLIENT_KEY variable, when using this variable, the key is expected to be in the PKCS#8 format. See the CERTIFICATE AUTHENTICATION section for more information.

      SEE ALSO

      COUCHBASE-CLI

      Part of the couchbase-cli suite