You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/05/21 13:22:36 UTC

[GitHub] kocolosk opened a new pull request #82: Persist custom config settings across restarts

kocolosk opened a new pull request #82: Persist custom config settings across restarts
URL: https://github.com/apache/couchdb-docker/pull/82
 
 
   ## Overview
   
   This bug appears similar to #78 but the underlying code is quite different and so I went ahead and submitted a separate issue.
   
   The end result is the same -- any settings configured via the `_config` endpoint are lost when the container restarts using the `dev` image. This is because in `dev` the `local.d/docker.ini` file is now the last file in the chain, and the `docker-entrypoint.sh` overwrites it on startup.
   
   As @Maxima078 pointed out, the problem does not exist on 2.1.1, because we have a `local.d/local.ini` file which is last in the chain. In #50 we moved this file to `default.d` and inadvertently introduced this bug.
   
   Some constraints on a possible solution:
   * From Kubernetes' perspective it would be good to *always* have a file in `local.d` as the last file in the chain, as we can configure `local.d` to be backed by persistent storage. Currently if we run the `dev` image in admin party mode custom configuration is written to `etc/local.ini` which would also not survive a Pod being rescheduled onto a different node.
   * We should not expose the admin password in plaintext for any significant length of time. Currently in the `2.1.1` image we do leave the unencrypted password sitting in `local.d/docker.ini` as we're writing the encrypted version to `local.d/local.ini`.
   
   The best idea I have at the moment is 
   1. `touch` the `docker.ini` file every time
   2. append the `[admins]` entry to the file only if a hashed version of the username is not already present (this has the added benefit of not overriding any password changes submitted via `_config`)
   3. do the same conditional append for `[couch_httpd_auth]`
   
   And so that's what I've attempted to do here.
   
   ## Testing recommendations
   
   Build an image using this branch and start up a container. Make some config changes using `_config`, restart the container and see if it sticks. Also try changing the admin user password and see that it survives a restart.
   
   ## Related Pull Requests
   
   #50 (changed behavior since 2.1.1)
   #78 (similar issue in 1.x)
   
   ## Checklist
   
   - [x] Code is written and works correctly;
   - [ ] Changes are covered by tests;
   - [ ] Documentation reflects the changes;
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services