Overview
CockroachDB is a distributed SQL database built for cloud-native applications that demand resilience, consistency, and global scale. Designed from the ground up to survive datacenter failures, CockroachDB provides the familiar power of SQL with the horizontal scalability of NoSQL systems, all while guaranteeing ACID transactions across distributed deployments.
The database's architecture is inspired by Google's Spanner, using a distributed, replicated storage layer with automatic data replication across multiple nodes and geographic regions. CockroachDB automatically handles node failures, network partitions, and datacenter outages without human intervention, ensuring your application remains available even during catastrophic events. Data is replicated synchronously across multiple nodes, guaranteeing strong consistency while maintaining high availability.
CockroachDB speaks PostgreSQL wire protocol, making it compatible with most PostgreSQL drivers, ORMs, and tools. This means you can leverage the mature PostgreSQL ecosystem while gaining the benefits of distributed databases - horizontal scalability, fault tolerance, and geo-distribution. Your development team can use familiar SQL syntax, tools, and workflows without learning a new query language or database paradigm.
The database excels at multi-region deployments, allowing you to place data close to users for lower latency while maintaining strong consistency guarantees. You can configure table-level geo-partitioning to comply with data sovereignty regulations, keeping European customer data in EU datacenters and US data in US datacenters. CockroachDB automatically routes queries to the nearest replica, minimizing latency while ensuring transactional correctness.
Horizontal scalability is seamless - simply add nodes to the cluster and CockroachDB automatically redistributes data across them. The system uses a sophisticated rebalancing algorithm that minimizes data movement while maintaining optimal distribution. You can scale from three nodes on a single cloud region to hundreds of nodes spanning continents, all with zero downtime and no application changes.
CockroachDB provides enterprise-grade features including role-based access control, encryption at rest and in transit, audit logging, and change data capture (CDC) for streaming database changes to external systems. The built-in web UI offers comprehensive visibility into cluster health, query performance, and data distribution, making operations and troubleshooting straightforward.
Whether you're building a global SaaS application, e-commerce platform, financial system, or any application that cannot tolerate downtime, CockroachDB delivers the resilience, consistency, and scale required for mission-critical workloads without the operational complexity of traditional distributed databases.
Key Features
Distributed SQL with ACID
Full SQL support with serializable isolation, multi-statement transactions, and secondary indexes across distributed nodes
Automatic Fault Tolerance
Survives node, datacenter, and region failures automatically with synchronous replication and self-healing
PostgreSQL Compatibility
Wire protocol compatible with PostgreSQL drivers and tools - use familiar ORMs, CLI tools, and applications
Horizontal Scalability
Add nodes on-demand for transparent scaling from 3 nodes to hundreds across multiple cloud regions
Geo-Distributed Architecture
Multi-region deployments with geo-partitioning, survivability zones, and follow-the-workload data placement
Zero-Downtime Operations
Rolling upgrades, online schema changes, and automatic rebalancing without application impact
Esetek használata
• **Global SaaS Applications**: Serve users worldwide with low latency and strong consistency across regions
• **E-Commerce Platforms**: Handle high transaction volumes with guaranteed consistency for inventory, orders, and payments
• **Financial Services**: Banking, payment processing, and trading platforms requiring ACID guarantees and audit trails
• **Gaming Backends**: Real-time leaderboards, player state, and in-game economies with distributed consistency
• **IoT and Edge Computing**: Time-series data collection with geo-distributed writes and centralized analytics
• **Multi-Tenant Applications**: Isolate tenant data with geo-partitioning for compliance and data sovereignty
• **Microservices Architectures**: Shared database layer for distributed services with strong consistency guarantees
Installation Guide
**Installation on Ubuntu 22.04 LTS (3-Node Cluster):**
**1. Download and Install CockroachDB (All Nodes):**
```bash
# Download latest binary
wget -qO- https://binaries.cockroachdb.com/cockroach-latest.linux-amd64.tgz | tar xvz
# Move to /usr/local/bin
sudo cp -i cockroach-*.linux-amd64/cockroach /usr/local/bin/
# Verify installation
cockroach version
```
**2. Create System User and Directories (All Nodes):**
```bash
# Create cockroach user
sudo useradd -r -s /bin/false cockroach
# Create data directory
sudo mkdir -p /var/lib/cockroach
sudo chown cockroach:cockroach /var/lib/cockroach
# Create certificates directory
sudo mkdir -p /etc/cockroach/certs
sudo chown cockroach:cockroach /etc/cockroach/certs
```
**3. Generate Certificates (On First Node Only):**
```bash
# Create CA certificate
cockroach cert create-ca --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/certs/ca.key
# Create node certificates for each node
cockroach cert create-node node1.example.com localhost 127.0.0.1 10.0.0.1 --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/certs/ca.key
cockroach cert create-node node2.example.com localhost 127.0.0.1 10.0.0.2 --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/certs/ca.key
cockroach cert create-node node3.example.com localhost 127.0.0.1 10.0.0.3 --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/certs/ca.key
# Create client certificate for root user
cockroach cert create-client root --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/certs/ca.key
# Copy certificates to other nodes
scp /etc/cockroach/certs/* node2:/etc/cockroach/certs/
scp /etc/cockroach/certs/* node3:/etc/cockroach/certs/
# Set permissions
sudo chown -R cockroach:cockroach /etc/cockroach/certs
sudo chmod 600 /etc/cockroach/certs/*.key
```
**4. Create Systemd Service (All Nodes):**
```bash
sudo nano /etc/systemd/system/cockroachdb.service
```
Add (adjust IPs for your nodes):
```ini
[Unit]
Description=CockroachDB
After=network.target
[Service]
Type=notify
User=cockroach
Group=cockroach
ExecStart=/usr/local/bin/cockroach start --certs-dir=/etc/cockroach/certs --store=/var/lib/cockroach --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080 --join=10.0.0.1:26257,10.0.0.2:26257,10.0.0.3:26257 --cache=25% --max-sql-memory=25%
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=cockroach
[Install]
WantedBy=multi-user.target
```
**5. Start CockroachDB (All Nodes):**
```bash
# Enable and start service
sudo systemctl daemon-reload
sudo systemctl enable cockroachdb
sudo systemctl start cockroachdb
sudo systemctl status cockroachdb
```
**6. Initialize Cluster (First Node Only):**
```bash
# Initialize the cluster
cockroach init --certs-dir=/etc/cockroach/certs --host=10.0.0.1:26257
# Verify cluster status
cockroach node status --certs-dir=/etc/cockroach/certs --host=10.0.0.1:26257
```
**7. Create Admin User and Database:**
```bash
# Connect to SQL shell
cockroach sql --certs-dir=/etc/cockroach/certs --host=10.0.0.1:26257
# Create user
CREATE USER admin WITH PASSWORD 'secure_password';
GRANT ADMIN TO admin;
# Create database
CREATE DATABASE myapp;
GRANT ALL ON DATABASE myapp TO admin;
# Exit
\q
```
**8. Configure Firewall (All Nodes):**
```bash
sudo ufw allow 26257/tcp # SQL
sudo ufw allow 8080/tcp # Admin UI
sudo ufw allow 26258/tcp # Internal communication
```
**9. Access Admin UI:**
Open browser to `https://node1.example.com:8080`
- Login with root certificate or create admin user
**10. Test Connection:**
```bash
# From application server
cockroach sql --url="postgresql://admin:secure_password@node1.example.com:26257,node2.example.com:26257,node3.example.com:26257/myapp?sslmode=verify-full"
```
Configuration Tips
**Essential Configuration:**
1. **Cluster Startup Flags:**
```bash
cockroach start --certs-dir=/etc/cockroach/certs --store=/var/lib/cockroach --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080 --join=node1:26257,node2:26257,node3:26257 --cache=25% \ # Memory for cache
--max-sql-memory=25% \ # Memory for SQL queries
--locality=region=us-east,zone=a # Geo-locality
```
2. **Connection String Formats:**
```bash
# Basic connection
postgresql://user:password@host:26257/database
# Multi-node with load balancing
postgresql://user:password@host1:26257,host2:26257,host3:26257/database
# With SSL verification
postgresql://user:password@host:26257/database?sslmode=verify-full&sslrootcert=/path/to/ca.crt
# Application failover
postgresql://user:password@lb.example.com:26257/database?application_name=myapp
```
3. **Multi-Region Configuration:**
```sql
-- Set up regions
ALTER DATABASE mydb PRIMARY REGION "us-east-1";
ALTER DATABASE mydb ADD REGION "us-west-1";
ALTER DATABASE mydb ADD REGION "eu-west-1";
-- Geo-partitioned table
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email STRING,
region STRING,
data JSONB,
INDEX (region)
) LOCALITY REGIONAL BY ROW AS region;
-- Regional table (single region)
CREATE TABLE eu_customers (
id UUID PRIMARY KEY,
name STRING,
address STRING
) LOCALITY REGIONAL IN "eu-west-1";
```
4. **Replication and Zones:**
```sql
-- Default replication factor
ALTER RANGE default CONFIGURE ZONE USING num_replicas = 3;
-- Pin specific table to region
ALTER TABLE users CONFIGURE ZONE USING
num_replicas = 5,
constraints = '{"+region=us-east": 2, "+region=us-west": 2, "+region=eu-west": 1}';
-- Fast reads with follower reads (slightly stale data acceptable)
SET CLUSTER SETTING kv.closed_timestamp.target_duration = '1s';
```
5. **Performance Tuning:**
```sql
-- Increase SQL memory limit
SET CLUSTER SETTING sql.defaults.distsql.max_running_flows = 500;
-- Enable statement statistics
SET CLUSTER SETTING sql.metrics.statement_details.enabled = true;
-- Adjust range size for large datasets
ALTER RANGE default CONFIGURE ZONE USING range_max_bytes = 134217728; -- 128MB
-- Connection pool settings (application side)
-- Max connections: 4 × num_cores per node
-- Min connections: num_cores per node
```
6. **Backup and Restore:**
```sql
-- Full backup to S3
BACKUP DATABASE mydb TO 's3://bucket/backup?AWS_ACCESS_KEY_ID=xxx&AWS_SECRET_ACCESS_KEY=xxx';
-- Incremental backup
BACKUP DATABASE mydb TO 'latest' IN 's3://bucket/backups';
-- Restore
RESTORE DATABASE mydb FROM 'latest' IN 's3://bucket/backups';
-- Scheduled backups (Enterprise)
CREATE SCHEDULE backup_schedule
FOR BACKUP DATABASE mydb INTO 's3://bucket/backups'
RECURRING '@daily'
WITH SCHEDULE OPTIONS first_run = 'now';
```
7. **Change Data Capture (Enterprise):**
```sql
-- Stream changes to Kafka
CREATE CHANGEFEED FOR TABLE users, orders
INTO 'kafka://broker:9092?topic_prefix=myapp_';
-- Stream to webhook
CREATE CHANGEFEED FOR TABLE events
INTO 'webhook-https://myapp.com/webhook?insecure_tls_skip_verify=true';
```
8. **Monitoring Queries:**
```sql
-- Cluster health
SHOW CLUSTER SETTING version;
-- Node status
SELECT node_id, address, is_live, is_available FROM crdb_internal.gossip_liveness;
-- Active queries
SELECT query_id, user_name, query, start FROM [SHOW QUERIES];
-- Slow queries
SELECT query, count, avg_latency FROM crdb_internal.statement_statistics
ORDER BY avg_latency DESC
LIMIT 10;
-- Range distribution
SELECT range_id, replicas, lease_holder FROM crdb_internal.ranges;
```
**Best Practices:**
- Run at least 3 nodes per region for fault tolerance
- Use load balancers for connection distribution
- Enable follower reads for read-heavy workloads (1-48s staleness acceptable)
- Pin critical tables to specific regions with zone configurations
- Use UUID primary keys instead of sequential integers (better distribution)
- Monitor replication lag in multi-region deployments
- Configure automated backups to external storage
- Use connection pooling (PgBouncer, application-level pools)
- Set appropriate timeouts for long-running queries
- Regular vacuum and statistics updates (automatic in CockroachDB)
- Test failover scenarios regularly
- Keep cluster balanced (avoid hotspots with good key design)