0

I'm trying to deploy a CockroachDB cluster on Digital Ocean. I followed the steps listed in the tutorial here https://www.digitalocean.com/community/tutorials/how-to-deploy-cockroachdb-on-a-three-node-cluster-on-ubuntu-16-04

I can see cockroachdb running on the host but I'm unable to access the Web Admin UI.

I'm having the same issue when accessing it through an application.

This is the start command and response. Note: I enable Private Networking when creating the droplets, could this be because of that?

roach@cockroach-01:~$ cockroach start --insecure --background --advertise-host=10.132.10.114 * * WARNING: RUNNING IN INSECURE MODE! * * - Your cluster is open for any client that can access <all your IP addresses>. * - Any user, even root, can log in without providing a password. * - Any user, connecting as root, can read or write any data in your cluster. * - There is no network encryption nor authentication, and thus no confidentiality. * * Check out how to secure your cluster: https://www.cockroachlabs.com/docs/stable/secure-a-cluster.html * CockroachDB node starting at 2017-11-10 22:59:07.153981296 +0000 UTC (took 0.4s) build: CCL v1.1.2 @ 2017/11/02 19:32:03 (go1.8.3) admin: http://cockroach-01:8080 sql: postgresql://root@10.132.10.114:26257?application_name=cockroach&sslmode=disable logs: /home/roach/cockroach-data/logs store[0]: path=/home/roach/cockroach-data status: initialized new cluster clusterID: 77dea0f4-d2c1-49c3-bfe9-8686a6084603 nodeID: 1

arelangi
  • 225
  • 1
  • 5
  • 9

2 Answers2

1

This is most likely a firewall issue. Can you make sure to have ports 26257 (sql port) and 8080 (admin UI) port allowed from your IP address. Checking the actual node may be a good first step. To make sure the admin UI is running, could you try to ssh into your droplet and run: $ curl -k https://localhost:8080/health

This may be http if you're running with --insecure, and it may be your internal IP if you are not listening on all interfaces (you can find your IP with ifconfig)

It is also possible that things have changed a bit, the docs you point to were written back when cockroach was still in beta. You can find up-to-date deployment instructions on our website: https://www.cockroachlabs.com/docs/stable/deploy-cockroachdb-on-digital-ocean.html

Marc
  • 19,394
  • 6
  • 47
  • 51
  • 1
    I check the firewall, it allows connections from everywhere to the ports 26257 and 8080. I ran the curl command and I get an error `roach@cockroach-03:~$ curl -k https://localhost:8080/healthcurl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.` – arelangi Nov 10 '17 at 23:35
  • 1
    Are you running with `--insecure`? If so, the url would be `http://localhost:8080`. But it looks like the admin UI port is at least listening, or you would have seen `Connection Refused`. Could you paste your command line arguments for cockroach and its startup message (shows version info and others). It could also be related to the interface it's running on. – Marc Nov 10 '17 at 23:40
  • 1
    Yeah, running as `--insecure` and changed it to `http` and I get a response back. The ip address is the droplet's private ip address `{ "nodeId": 3, "address": { "networkField": "tcp", "addressField": "10.132.78.232:26257" }, "buildInfo": { "goVersion": "go1.8.3", "tag": "v1.1.2", "time": "2017/11/02 19:32:03", "revision": "c726df22152a771cdd1882679c772d4e7799440d", "cgoCompiler": "gcc 6.3.0", "platform": "linux amd64", "distribution": "CCL", "type": "release-gnu" }` – arelangi Nov 10 '17 at 23:43
  • 1
    Weird. I was trying out of curiosity, and DO is happy letting me hit your internal address from another DO droplet. I was expecting some type of private networking. If I ssh to my instance and setup a port-forward to your internal IP (`ssh -L 8080:10.132.78.232:8080`, I can then navigate to `http://localhost:8080` in my local browser and see the admin UI, it seems in good health. I have no way of knowing your public IP addresses, but at least the admin UI is up and running and reachable through the internal IP addresses. This is still sounding like a firewall issue. – Marc Nov 10 '17 at 23:51
  • 1
    Could you check the networking section of the droplet and verify the firewall settings through the DO UI? – Marc Nov 11 '17 at 00:19
  • And I just realized I forgot to ask, how were you trying to access the admin UI? The url listed in the cockroach output is only a best guess, but in this case it clearly won't work as `http://cockroach-01:8080` can only be resolved from the local machine, it's not even a dns entry for other droplets. To access the admin UI from outside, be sure to use `http://:8080/` – Marc Nov 11 '17 at 00:53
0

I had this same thing happen to me on DigitalOcean. Try setting the -http-host flag when you start up the node to the public IP address for your DigitalOcean instance.

Diana Hsieh
  • 86
  • 2