CockroachDB is a distributed database designed for the cloud. It is built to be resilient, horizontally scalable and it is PostgreSQL wire-protocol compatible to a high degree. CockroachDB provides easy-to-use installation packages for various operating systems, making it simple to get started.
Our blog post, “How to Install a Single Node CockroachDB Secure Database Cluster,” provides step-by-step instructions for setting up CockroachDB on a single node while ensuring security. Discover the essential configurations and best practices for deploying a secure database cluster, including encryption, authentication, and authorization mechanisms. Whether you’re a beginner or an experienced user, our detailed tutorial covers everything you need to know to get started with CockroachDB. Follow along with our easy-to-understand instructions and start harnessing the power of CockroachDB for your applications today.
Setting up a secure CockroachDB cluster is essential for protecting sensitive data and ensuring compliance with privacy regulations. In this comprehensive guide, we’ll walk you through the process of installing a single node CockroachDB cluster securely. With its robust security features and scalability, CockroachDB is an excellent choice for organizations that require a secure and reliable database solution. Implementing proper security measures, such as encryption, authentication, and authorization, will help protect your data and ensure compliance with regulatory requirements. it’s essential to encrypt data at rest to protect against unauthorized access to stored data. CockroachDB provides built-in support for encrypting data at rest using industry-standard encryption algorithms. We’ll demonstrate how to enable data encryption at rest and manage encryption keys to safeguard your data. Start building your secure CockroachDB cluster today and unlock the full potential of distributed database technology. Remember to stay vigilant and proactive in monitoring its health and performance.
Prerequisites for single node CockroachDB secure database cluster
A Linux Machine
SSH client such OpenSSH or Putty installed on your local computer
1. Creating a single node CockroachDB secure database cluster
The minimum requirements for CockroachDB are 2 or more vCPUs and at least 2 GB of RAM. However, for actual production use it is recommended to have:
- 2 or more vCPUs
- RAM of 2 GB per vCPU, which means for 2 vCPUs you should configure 4 GB of RAM
- Storage based on your workload, which will likely be over 200 GB. Cockroach Labs recommends a 300 – 2 TiB storage for best performance results
2. Install CockroachDB and all the dependency for single node CockroachDB secure database cluster
Navigate to cockroachDB website and get the latest tar file. Then download and extract the tar file
curl https://binaries.cockroachdb.com/cockroach-v22.1.0.linux-amd64.tgz | tar -xz && sudo cp -i cockroach-v22.1.0.linux- amd64/cockroach /usr/local/bin/
Next copy the CockroachDB executable file to /usr/local/lib/cockroach, lets start by creating the directory using the command below.
sudo mkdir -p /usr/local/lib/cockroach
After creating the directory, copy the library files.
sudo cp -i cockroach-v22.1.0.linux-amd64/lib/libgeos.so /usr/local/lib/cockroach/
sudo cp -i cockroach-v22.1.0.linux-amd64/lib/libgeos_c.so /usr/local/lib/cockroach/
Confirm the CockroachDB version installed.
cockroach version
3. Start single node CockroachDB cluster in secure mode with SSL
Crete two directory in Linux machine to store the SSL fille
mkdir certs
mkdir my-safe-directoryLets assume that 198.0.0.1 is our server public IP for that Linux machine
First Create the root certificate and store it in the directory
cockroach cert create-node 198.0.0.1 cockroachnode1 localhost 127.0.0.1 –certs-dir=/root/certs –ca-key=my-safe-directory/ca.key
Then create the client certificate and store it in the same directory
cockroach cert create-client root –certs-dir=/root/certs –ca-key=my-safe-directory/ca.key
Start the CockroachDB in secure mode
cockroach start –certs-dir=/root/certs –advertise-addr=198.0.0.1 –join=198.0.0.1 –background
Initialize the certificate with the Cockroach node
cockroach init –certs-dir=/root/certs –host=198.0.0.1
Access the cluster and create a user with password
cockroach sql –certs-dir=/root/certs –host=198.0.0.1
CREATE USER devstackops WITH PASSWORD ‘password’;
4. Access CockroachDB Web Interface
Allow 8080 port in servers firewall and fire up with your favorite web browser enter your server/domain name followed by the port number 8080.