couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joan Touzet <woh...@apache.org>
Subject Re: CouchDB and future
Date Mon, 08 Jul 2019 21:03:48 GMT
On 2019-07-08 15:53, ermouth wrote:
>> disabling clustering (i.e., setting Q=N=1)
> 
> Let’s start with this one, because it’s about installation process. To set
> q=1 you should install Couch manually. Built-in installer sets up q=8 for
> single node setup.

And why is q=8 *always* right for a single-node install? To me, it's
not. n=1 is a universal truth for a single-node install, though, which
was fixed about a year ago.

We can't know at install time if you're installing on a Raspberry Pi or
a single, beefy server. That said, I'd support a new option at install
time for a "iot" config, which tuned things as small as possible.

There's an open ticket to document these settings, which is the first
step: https://github.com/apache/couchdb-documentation/issues/278
Once we have that, we can automate making those settings available at
install time.

We only make any of these choices in the Debian/Ubuntu installer, by the
way. I believe CentOS/RedHat lacks the ability to do user-driven
postinst questions, and it was simply never coded in the Mac or Windows
installers. PRs to add that functionality to those platforms welcome,
but we should keep the selections available parallel across platforms if
at all possible.

HOWEVER: Adding a `etc/local.d/50-my-defaults.ini` file with the
`[cluster] q=1` line is trivial. Surely you're doing other config
changes when you set up your iot devices. Why not plop this file onto
the machine and restart CouchDB before using it?


> Also, as for our experience, protecting Couch admin from administering by
> hard-disabling write for some _config/*/* endpoints, is a mistake. This
> kind of role separation isn’t reasonable for single-node scenario (which
> often is ‘I gonna make something small’).

Which endpoints specifically? Are you talking about using _config
endpoints to reconfigure view servers remotely? Because that's been
widely exploited on the Internet, judging from all the reports we get
about bitcoin miners being installed on various people's machines. We
had little choice to stem the tide of CVEs than to change the entire
view server setup process. The security team got tired of playing
whac-a-mole.

-Joan


Mime
View raw message