You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2018/07/10 06:42:33 UTC

[couchdb-docker] branch master updated: Persist custom config settings across restarts

This is an automated email from the ASF dual-hosted git repository.

wohali pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git


The following commit(s) were added to refs/heads/master by this push:
     new 4038958  Persist custom config settings across restarts
4038958 is described below

commit 40389583b40ad08b008890aa20af5093c755d1d9
Author: Adam Kocoloski <ko...@apache.org>
AuthorDate: Mon May 21 08:31:36 2018 -0400

    Persist custom config settings across restarts
    
    This patch ensures that configuration properties set using the _config
    endpoint survive container restarts. Previously these settings would be
    erased by the code in the entrypoint that writes down the admin user
    and cookie auth secret.
    
    The patch also takes care to ensure that the admin user and secret are
    not accidentally left on the disk in plaintext -- i.e., it ensures that
    the entrypoint writes these settings into the last entry in the config
    chain.
    
    Finally, the patch ensures that local.d is always used to store custom
    configuration. Backing local.d by a persistent volume should allow for
    the config properties to survive a Pod being rescheduled onto another
    node by Kubernetes.
---
 dev/docker-entrypoint.sh | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh
index 718779e..de42028 100755
--- a/dev/docker-entrypoint.sh
+++ b/dev/docker-entrypoint.sh
@@ -37,18 +37,25 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
 		echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
 	fi
 
+	# Ensure that CouchDB will write custom settings in this file
+	touch /opt/couchdb/etc/local.d/docker.ini
+
 	if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
-		# Create admin
-		printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini
-		chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+		# Create admin only if not already present
+		if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
+			printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+		fi
 	fi
 
 	if [ "$COUCHDB_SECRET" ]; then
-		# Set secret
-		printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
-		chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+		# Set secret only if not already present
+		if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
+			printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+		fi
 	fi
 
+	chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+
 	# if we don't find an [admins] section followed by a non-comment, display a warning
 	if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then
 		# The - option suppresses leading tabs but *not* spaces. :)