You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/11/29 22:28:57 UTC

[GitHub] jaydoane commented on issue #1781: Cluster Setup doesn't set consistent admin user

jaydoane commented on issue #1781: Cluster Setup doesn't set consistent admin user
URL: https://github.com/apache/couchdb/issues/1781#issuecomment-443017874
 
 
   Not sure if this is useful, but I wrote a function to set admin passwords that could maybe be used and/or repurposed? The idea is that it takes a while for the first, locally set password to get hashed, so it retries until the hashing occurs, and only then sets the same Username, and HashedPassword on the other nodes in the cluster:
   ```erlang
   set_cluster_admin_password(Username, Password) ->
       Section = "admins",
       ok = config:set(Section, Username, Password),
       Generator = fun() -> config:get(Section, Username) end,
       Condition = fun
           (P) when P =:= Password -> unhashed;
           (_) -> ok
       end,
       HashedPassword = retry_until(Generator, Condition, 1, 10),
       {Results, []} = rpc:multicall(config, set, [Section, Username, HashedPassword]),
       true = lists:all(fun(ok) -> true end, Results),
       {Passwords, []} = rpc:multicall(config, get, [Section, Username]),
       true = lists:all(fun(P) -> P =:= HashedPassword end, Passwords),
       ok.
   
   retry_until(Generator, Condition, SleepMS, MaxIters) ->
       retry_until(Generator, Condition, SleepMS, MaxIters, 0).
   
   retry_until(Generator, Condition, SleepMS, MaxIters, Iter) when Iter =< MaxIters ->
       Val = Generator(),
       case Condition(Val) of
           ok ->
               Val;
           _ ->
               timer:sleep(SleepMS),
               retry_until(Generator, Condition, SleepMS, MaxIters, Iter + 1)
       end.            
   ```
   I wrote it a while ago, and it could almost certainly be improved, but I just tested it on a recent couchdb build (added to couch_util) and it seems to work:
   ```
   (node1@127.0.0.1)3> couch_util:set_cluster_admin_password("foo", "pass").
   ok
   
   (node1@127.0.0.1)6> rpc:multicall(config, get, ["admins", "foo"]).
   {["-pbkdf2-d00f9817d6cf97d27c34c2c46a1f6719e30444ec,d37cabfbb9e30868557afdb432a5c641,10",
     "-pbkdf2-d00f9817d6cf97d27c34c2c46a1f6719e30444ec,d37cabfbb9e30868557afdb432a5c641,10",
     "-pbkdf2-d00f9817d6cf97d27c34c2c46a1f6719e30444ec,d37cabfbb9e30868557afdb432a5c641,10"],
    []}
   ```
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services