couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Belrose <kafe...@gmail.com>
Subject Re: Question regarding the Admin Party and the replication of design documents.
Date Wed, 02 Mar 2016 08:01:35 GMT
Hi James, 

I’ve tried your fix and it worked !!!! Many thanks for your help (and to those on the IRC
channel as well) :-)

Guillaume.


On 1 March 2016 at 22:44:00, James Dingwall (james.dingwall@zynstra.com) wrote:
Guillaume Belrose wrote:  
> Hi all,  
>  
> I’ve deployed a cluster of CouchDB servers (CentOS 6.7 CouchDB 1.6.1) which are configured
to replicate each other. The cluster runs within a production facility that is cut of from
the outside world, so so far, we’ve been running in Admin Party mode.  
> When looking at the log files today, I realised that most documents would get correctly
replicated except the design documents. Replicating such documents fails with an error message
that looks like this:  
>  
>  
> [Thu, 11 Feb 2016 11:46:12 GMT] [error] [<0.297.0>] Replicator: couldn't write
document `_design/vistas`, revision `3-aa26ce096d35048c7c6182624bd6ce77`, to target database
`qstack_occasions`. Error: `unauthorized`, reaso  
> n: `You are not a db or server admin.`.  
>  
> Is there an easy way around this? I could add a server admin to each of my nodes, but
that would mean that all the client applications (the code which uses CouchDB) would not be
able to create or delete databases (unless they use the right credentials). This is a lot
of code to change as we’ve have not taken security into account (there was no need to given
the isolation provided elsewhere). Is it somehow possible to allow anonymous users to create
/ delete databases when the admin party is off?  
>  
> I am a bit confused by the semantics as Admin Party seems to mean everybody is an admin
expect when it comes to replicating design documents.  
>  
> I use the _replicator endpoint to replicate my databases. The replication is set via
Ansible and I post a JSON document that is create from the following template:  
>  
> - name: setup (continuous) replication for each of the databases  
> local_action: uri  
> url="http://{{ inventory_hostname }}:5984/_replicator/{{ item[1] }}_to_{{ item[0] }}"
 
> method=PUT  
> body='{"continuous":true,"target":"{{ item[0] }}","source":"http://{{ item[1] }}:5984/{{
item[0] }}"}'  
> HEADER_Content-Type="application/json"  
> status_code=201,409  
>  
If the target is local then you should be able to add "user_ctx" to the  
replication document so it has sufficient privileges to write the design  
documents.  

{  
...  
"usert_ctx": {  
"roles": [  
"_admin"  
]  
},  
...  
}  

If the target is remote you will need to authenticate the connection  
with a user that has admin privileges for that database or is a global  
admin.  

James  
Zynstra is a private limited company registered in England and Wales (registered number 07864369).
Our registered office and Headquarters are at The Innovation Centre, Broad Quay, Bath, BA1
1UD. This email, its contents and any attachments are confidential. If you have received this
message in error please delete it from your system and advise the sender immediately.  

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message