Skip to content
Permalink
Browse files
Persist custom config settings across restarts
This patch ensures that configuration properties set using the _config
endpoint survive container restarts. Previously these settings would be
erased by the code in the entrypoint that writes down the admin user
and cookie auth secret.

The patch also takes care to ensure that the admin user and secret are
not accidentally left on the disk in plaintext -- i.e., it ensures that
the entrypoint writes these settings into the last entry in the config
chain.

Finally, the patch ensures that local.d is always used to store custom
configuration. Backing local.d by a persistent volume should allow for
the config properties to survive a Pod being rescheduled onto another
node by Kubernetes.
  • Loading branch information
kocolosk authored and wohali committed Jul 10, 2018
1 parent a1f4d9d commit 40389583b40ad08b008890aa20af5093c755d1d9
Showing 1 changed file with 13 additions and 6 deletions.
@@ -37,18 +37,25 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
fi

# Ensure that CouchDB will write custom settings in this file
touch /opt/couchdb/etc/local.d/docker.ini

if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
# Create admin
printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini
chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
# Create admin only if not already present
if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
fi
fi

if [ "$COUCHDB_SECRET" ]; then
# Set secret
printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
# Set secret only if not already present
if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
fi
fi

chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true

# if we don't find an [admins] section followed by a non-comment, display a warning
if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/local.d/*.ini; then
# The - option suppresses leading tabs but *not* spaces. :)

0 comments on commit 4038958

Please sign in to comment.