Decommission an online node

Is it possible to “ban” an online node (a node that always had perfect health).
In doc, it’s unclear to me: Seems that we can only ban (decommission) nodes that are offline, and prevent them to go back into the cluster.

Hi @ilrico,

Yes, by “decommissioning” a live node, you cause it to rebalance its data to other nodes and stop accepting client connections. Please take a look at this section of the docs on decommissioning and let me know if you have further questions.

Best,
Jesse

Ah, I see now that those docs have you stop the node as part of the decommissioning process. If you want to keep the node online but decommissioned, you can run the cockroach node decommission command against the node, as seen in this step.

1 Like

Thx for this insight, maybe “remove a single node” should state that’s possible for online nodes, I previously missed the second link you mentioned because I had a single node in mind, but now it’s clear to me that’s possible.

I have two more things still unclear:

  • what are rights policy on decommissionning ? I suspect that everyone can do it, which seems fairly permissive…
  • it’s not possible to remove the uncommissioned node from cluster if we don’t have access to it (think: the decommissionned node is managed by another organization) ?

@ilrico - If you’re running a secure cluster, then only root should be able to decommission a node. You can decommission a node without being able to ssh into it. In a secure cluster, you could decommission any node from any other node. So say you have nodes x and y, and y is managed by another org on a machine you can’t access. You could run:

cockroach node decommission y --wait=live --certs-dir=certs --host=<AddressX>

And that would remove y from the cluster. Hope that helps.

1 Like