openSUSE

How To Install CockroachDB on openSUSE

r00t

Install CockroachDB on openSUSE

CockroachDB represents a revolutionary approach to distributed database management, offering horizontal scalability and strong consistency across multiple nodes. This comprehensive guide will walk you through every step of installing CockroachDB on openSUSE, from initial system preparation to production-ready cluster deployment.

openSUSE provides an excellent foundation for CockroachDB deployment with its robust package management, enterprise-grade security features, and excellent performance characteristics. Whether you’re setting up a development environment or deploying a production cluster, this guide covers all scenarios with detailed instructions and troubleshooting tips.

Understanding CockroachDB Architecture

CockroachDB operates as a distributed SQL database that automatically handles data replication and distribution across multiple nodes. Unlike traditional databases that rely on single points of failure, CockroachDB’s architecture ensures high availability through its distributed consensus protocol.

The database uses a multi-active architecture where each node can serve both read and write requests. This design eliminates the complexity of master-slave configurations while providing automatic failover capabilities. Data is automatically replicated across nodes using the Raft consensus algorithm, ensuring consistency even during network partitions.

openSUSE’s stability and performance characteristics make it an ideal platform for CockroachDB deployment. The operating system’s advanced memory management and network stack optimization complement CockroachDB’s resource-intensive operations, particularly in multi-node cluster configurations.

Performance considerations include CPU usage for consensus operations, memory requirements for caching and query processing, and network bandwidth for inter-node communication. CockroachDB typically requires substantial system resources, with recommended minimum specifications including 4 CPU cores, 16GB RAM, and fast SSD storage for optimal performance.

System Prerequisites and Preparation

Before installing CockroachDB on openSUSE, ensure your system meets the minimum hardware requirements. CockroachDB demands significant computational resources, particularly for production deployments. The minimum specifications include 2 CPU cores and 4GB RAM, but production environments should provision at least 4 cores and 16GB RAM for optimal performance.

openSUSE Leap 15.3 or later versions provide full compatibility with CockroachDB. Both openSUSE Leap and Tumbleweed distributions support the database software, though Leap offers greater stability for production environments. Verify your openSUSE version using the command cat /etc/os-release to ensure compatibility.

Network configuration requires opening specific ports for CockroachDB operation. Port 26257 serves as the primary communication port for SQL clients and inter-node communication, while port 8080 provides access to the administrative web interface. Configure your firewall using YaST or iptables to allow traffic on these ports.

Time synchronization plays a critical role in CockroachDB cluster operation. Install and configure NTP using sudo zypper install ntp followed by sudo systemctl enable ntpd. Accurate time synchronization prevents transaction ordering issues and ensures proper cluster coordination across all nodes.

Create a dedicated user account for CockroachDB operations to enhance security. Execute sudo useradd -r -d /var/lib/cockroach -s /bin/bash cockroach to create the user with appropriate home directory settings. This separation of privileges follows security best practices and simplifies permission management.

Configure the openSUSE firewall to allow CockroachDB traffic through the following commands:

sudo firewall-cmd --permanent --add-port=26257/tcp
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Installing CockroachDB Binary

The most reliable method for installing CockroachDB on openSUSE involves downloading the official binary from Cockroach Labs. This approach ensures you receive the latest stable version with all security patches and performance improvements.

Begin by downloading the latest CockroachDB release using wget. Navigate to a temporary directory and execute the download command:

cd /tmp
wget https://binaries.cockroachdb.com/cockroach-latest.linux-amd64.tgz

Extract the downloaded archive using tar with verbose output to monitor the extraction process:

tar -xvzf cockroach-latest.linux-amd64.tgz

Copy the CockroachDB binary to the system binary directory for global access:

sudo cp cockroach-*/cockroach /usr/local/bin/

Set appropriate permissions on the binary to ensure proper execution:

sudo chmod +x /usr/local/bin/cockroach

Verify the installation by checking the CockroachDB version:

cockroach version

This command should display version information, confirming successful installation. The output includes build details, Go version, and platform information that validates proper binary compatibility with your openSUSE system.

Alternative installation methods include building from source code, though this approach requires additional development tools and significantly more time. The binary installation method provides the most straightforward and reliable deployment path for most users.

Configure the system PATH to include the CockroachDB binary location. Add the following line to /etc/profile for system-wide access:

export PATH=$PATH:/usr/local/bin

Certificate Generation for Secure Clusters

Production CockroachDB deployments require proper certificate-based security to protect data transmission and authenticate cluster nodes. The certificate generation process involves creating a certificate authority (CA) and individual certificates for each node and client connection.

Create a dedicated directory structure for certificate storage:

sudo mkdir -p /var/lib/cockroach/certs
sudo mkdir -p /var/lib/cockroach/ca-key
sudo chown -R cockroach:cockroach /var/lib/cockroach

Generate the certificate authority using CockroachDB’s built-in certificate management tools:

cockroach cert create-ca --certs-dir=/var/lib/cockroach/certs --ca-key=/var/lib/cockroach/ca-key/ca.key

Create node certificates for each server in your cluster. Replace <node-hostname> with the actual hostname or IP address:

cockroach cert create-node localhost <node-hostname> <node-ip> --certs-dir=/var/lib/cockroach/certs --ca-key=/var/lib/cockroach/ca-key/ca.key

Generate client certificates for administrative access:

cockroach cert create-client root --certs-dir=/var/lib/cockroach/certs --ca-key=/var/lib/cockroach/ca-key/ca.key

Set restrictive permissions on certificate files to prevent unauthorized access:

sudo chmod 600 /var/lib/cockroach/certs/*
sudo chmod 700 /var/lib/cockroach/ca-key

For multi-node clusters, securely distribute node certificates to their respective servers using scp or rsync with appropriate authentication. Ensure each node receives only its specific certificate files along with the CA certificate.

Verify certificate validity using the following command:

cockroach cert list --certs-dir=/var/lib/cockroach/certs

Configuring Single-Node Setup

Single-node CockroachDB installations serve development environments and testing scenarios effectively. This configuration provides full database functionality while simplifying deployment complexity for non-production use cases.

Create the data directory structure with appropriate ownership:

sudo mkdir -p /var/lib/cockroach/data
sudo chown -R cockroach:cockroach /var/lib/cockroach

Start a single-node cluster in insecure mode for development purposes:

cockroach start-single-node --insecure --listen-addr=localhost:26257 --http-addr=localhost:8080 --background

The --insecure flag disables SSL encryption and certificate authentication, simplifying initial setup for development environments. Production deployments should never use insecure mode due to security vulnerabilities.

Test connectivity using the built-in SQL client:

cockroach sql --insecure -e "show databases"

This command should display the default databases: defaultdb, postgres, and system. If you encounter connection errors, verify that the CockroachDB process is running using ps aux | grep cockroach.

Access the web-based administration interface by opening a browser and navigating to http://localhost:8080. The interface provides cluster monitoring, query execution capabilities, and performance metrics visualization.

Install CockroachDB on openSUSE

For secure single-node deployment, start the node with certificate authentication:

cockroach start-single-node --certs-dir=/var/lib/cockroach/certs --listen-addr=localhost:26257 --http-addr=localhost:8080 --background

Multi-Node Cluster Installation

Multi-node CockroachDB clusters provide high availability, horizontal scalability, and fault tolerance for production workloads. Proper cluster configuration ensures optimal performance and reliability across distributed environments.

Plan your cluster topology considering network latency, geographic distribution, and fault domains. CockroachDB recommends odd-numbered node counts (3, 5, 7) to maintain consensus algorithm effectiveness and prevent split-brain scenarios.

Start the first node with cluster join parameters:

cockroach start --certs-dir=/var/lib/cockroach/certs --advertise-addr=<node1-ip>:26257 --join=<node1-ip>:26257,<node2-ip>:26257,<node3-ip>:26257 --cache=.25 --max-sql-memory=.25 --background

The --advertise-addr flag specifies the IP address other nodes use for communication. The --join parameter lists all initial cluster nodes, enabling automatic discovery and cluster formation.

Configure memory allocation using --cache and --max-sql-memory flags to optimize performance based on available system resources. These settings prevent memory exhaustion while maximizing query processing capabilities.

Start additional nodes using identical join parameters:

cockroach start --certs-dir=/var/lib/cockroach/certs --advertise-addr=<node2-ip>:26257 --join=<node1-ip>:26257,<node2-ip>:26257,<node3-ip>:26257 --cache=.25 --max-sql-memory=.25 --background

Initialize the cluster after starting all nodes:

cockroach init --certs-dir=/var/lib/cockroach/certs --host=<any-node-ip>:26257

Verify cluster status and node health:

cockroach node status --certs-dir=/var/lib/cockroach/certs --host=<any-node-ip>:26257

Monitor cluster formation progress through log files located in the data directory. Successful cluster initialization displays node joining messages and replication status updates.

Setting Up SystemD Service

SystemD integration enables automatic CockroachDB startup, proper process management, and integration with openSUSE’s service management infrastructure. This configuration ensures database availability across system reboots and provides centralized service control.

Create a SystemD service file for CockroachDB:

sudo tee /etc/systemd/system/cockroachdb.service > /dev/null <<EOF
[Unit]
Description=CockroachDB
Requires=network.target
After=network.target

[Service]
Type=notify
User=cockroach
Group=cockroach
ExecStart=/usr/local/bin/cockroach start --certs-dir=/var/lib/cockroach/certs --advertise-addr=<node-ip>:26257 --join=<node-list> --cache=.25 --max-sql-memory=.25
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF

Replace <node-ip> and <node-list> with appropriate values for your cluster configuration. The service file configures automatic restart behavior and proper signal handling for graceful shutdowns.

Reload SystemD configuration and enable the service:

sudo systemctl daemon-reload
sudo systemctl enable cockroachdb.service

Start the CockroachDB service:

sudo systemctl start cockroachdb.service

Monitor service status and logs:

sudo systemctl status cockroachdb.service
sudo journalctl -u cockroachdb.service -f

Configure log rotation to prevent disk space exhaustion:

sudo tee /etc/logrotate.d/cockroachdb > /dev/null <<EOF
/var/lib/cockroach/logs/*.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    create 644 cockroach cockroach
}
EOF

Database Testing and Verification

Comprehensive testing validates proper CockroachDB installation and configuration. These verification steps ensure database functionality, cluster health, and performance characteristics meet requirements.

Connect to the database using the SQL client with appropriate authentication:

cockroach sql --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257

Create a test database and verify basic operations:

CREATE DATABASE testdb;
USE testdb;
CREATE TABLE users (id SERIAL PRIMARY KEY, name STRING, email STRING UNIQUE);
INSERT INTO users (name, email) VALUES ('John Doe', 'john@example.com');
SELECT * FROM users;

Execute cluster health checks to verify node status and replication:

cockroach node status --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257
cockroach node ls --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257

Test cluster resilience by temporarily stopping one node and verifying continued operation. This validation confirms proper replication and automatic failover functionality.

Perform basic load testing using CockroachDB’s built-in workload generator:

cockroach workload init movr --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257
cockroach workload run movr --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257 --duration=1m

Monitor performance metrics through the web interface at https://<node-ip>:8080. The dashboard displays query performance, cluster health, and resource utilization statistics.

Load Balancer Configuration

Load balancing distributes client connections across cluster nodes, improving performance and providing connection resilience during node failures. HAProxy offers excellent integration with CockroachDB through built-in configuration generation.

Install HAProxy on openSUSE:

sudo zypper install haproxy

Generate HAProxy configuration using CockroachDB’s built-in tool:

cockroach gen haproxy --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257

This command creates a complete HAProxy configuration file optimized for CockroachDB cluster communication. The generated configuration includes health check endpoints and appropriate load balancing algorithms.

Configure HAProxy with the generated settings:

sudo cp haproxy.cfg /etc/haproxy/haproxy.cfg
sudo systemctl enable haproxy
sudo systemctl start haproxy

Verify load balancer operation by connecting through the HAProxy endpoint:

cockroach sql --certs-dir=/var/lib/cockroach/certs --host=<haproxy-ip>:26257

Configure SSL termination at the load balancer level for simplified certificate management. This approach centralizes certificate handling while maintaining end-to-end encryption.

Security Hardening

Production CockroachDB deployments require comprehensive security measures protecting against unauthorized access, data breaches, and network attacks. Implement multiple security layers for defense in depth.

Configure firewall rules restricting access to essential ports only:

sudo firewall-cmd --permanent --remove-service=ssh
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='<admin-network>' service name='ssh' accept"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='<app-network>' port protocol='tcp' port='26257' accept"
sudo firewall-cmd --reload

Implement certificate rotation procedures for maintaining security over time. Create automated scripts updating certificates before expiration:

#!/bin/bash
# Certificate rotation script
CERTS_DIR="/var/lib/cockroach/certs"
CA_KEY="/var/lib/cockroach/ca-key/ca.key"

# Backup existing certificates
cp -r $CERTS_DIR $CERTS_DIR.backup.$(date +%Y%m%d)

# Generate new certificates
cockroach cert create-node <node-hostname> --certs-dir=$CERTS_DIR --ca-key=$CA_KEY --overwrite
systemctl restart cockroachdb

Configure database user authentication and authorization:

CREATE USER app_user WITH PASSWORD 'strong_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON DATABASE app_db TO app_user;

Enable audit logging for security compliance:

cockroach sql --execute="SET CLUSTER SETTING sql.log.slow_query.threshold = '1s';"

Implement network segmentation isolating database traffic from public networks. Use VPNs or private networks for administrative access and application connectivity.

Monitoring and Maintenance

Effective monitoring ensures optimal CockroachDB performance and early problem detection. Implement comprehensive monitoring covering cluster health, performance metrics, and resource utilization.

CockroachDB provides built-in monitoring through its web interface, displaying real-time metrics including query performance, node health, and replication status. Access the interface at https://<node-ip>:8080 for comprehensive cluster visibility.

Configure Prometheus integration for external monitoring:

# Add to prometheus.yml
- job_name: 'cockroachdb'
  static_configs:
    - targets: ['<node1-ip>:8080', '<node2-ip>:8080', '<node3-ip>:8080']

Set up Grafana dashboards for visualization and alerting. Import CockroachDB-specific dashboard templates providing pre-configured monitoring views for common metrics.

Implement automated backup procedures:

#!/bin/bash
# Backup script
BACKUP_DIR="/backup/cockroachdb/$(date +%Y%m%d)"
mkdir -p $BACKUP_DIR

cockroach sql --execute="BACKUP TO 'nodelocal://1$BACKUP_DIR' AS OF SYSTEM TIME '-1m';" --certs-dir=/var/lib/cockroach/certs

Schedule regular maintenance tasks including log rotation, backup verification, and performance optimization. Use cron jobs for automated execution:

# Add to crontab
0 2 * * * /scripts/cockroachdb-backup.sh
0 3 * * 0 /scripts/cockroachdb-maintenance.sh

Troubleshooting Common Issues

CockroachDB troubleshooting requires systematic problem identification and resolution approaches. Common issues include connection failures, certificate problems, and cluster synchronization errors.

Connection Refused Errors

When encountering “connection refused” errors, verify the CockroachDB process is running:

ps aux | grep cockroach

If the process isn’t running, check systemd service status and logs:

sudo systemctl status cockroachdb.service
sudo journalctl -u cockroachdb.service -n 50

Store Directory Conflicts

Store directory conflicts occur when attempting to join nodes with existing data directories. Resolve by removing existing directories or specifying different storage locations:

rm -r /var/lib/cockroach/data

Certificate Problems

Certificate validation failures prevent secure connections. Verify certificate permissions and validity:

cockroach cert list --certs-dir=/var/lib/cockroach/certs
ls -la /var/lib/cockroach/certs/

Node Startup Failures

Node startup problems often relate to configuration errors or resource constraints. Check system resources and configuration parameters:

free -h
 df -h /var/lib/cockroach

Cluster Split-Brain Prevention

Prevent split-brain scenarios by maintaining odd node counts and ensuring proper network connectivity between nodes. Monitor cluster status regularly:

cockroach node status --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257

Best Practices and Optimization

Production CockroachDB deployments benefit from following established best practices ensuring optimal performance, reliability, and maintainability.

Resource Allocation

Configure memory and CPU resources based on workload requirements. Production clusters typically require 16GB RAM minimum with 4+ CPU cores per node. SSD storage provides significant performance improvements over traditional hard drives.

Backup Strategies

Implement comprehensive backup strategies including full and incremental backups. Schedule regular backup verification ensuring recovery procedures work correctly:

cockroach sql --execute="SHOW BACKUP '<backup-location>' ;" --certs-dir=/var/lib/cockroach/certs

Performance Optimization

Optimize query performance through proper indexing, query analysis, and schema design. Use the SQL optimizer hints and EXPLAIN ANALYZE for query tuning:

EXPLAIN ANALYZE SELECT * FROM users WHERE email = 'john@example.com';

Security Maintenance

Maintain security through regular certificate updates, access review, and security patch application. Monitor security advisories and apply updates promptly.

Scaling Considerations

Plan cluster scaling considering network topology, data distribution, and performance requirements. Add nodes during low-traffic periods to minimize disruption:

cockroach node decommission <node-id> --certs-dir=/var/lib/cockroach/certs --host=<node-ip>:26257

Congratulations! You have successfully installed CockroachDB. Thanks for using this tutorial for installing the CockroachDB on your openSUSE Linux system. For additional help or useful information, we recommend you check the official CockroachDB website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button