From a622ebf4395a23c65482085e68560b0d0e26e727 Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Tue, 8 Feb 2022 16:19:40 +0000 Subject: [PATCH] Bind epmd and distribution port to loopback interface only for standalone --- debian/couchdb.default | 14 ++++++++++++++ debian/couchdb.init | 4 ++++ debian/couchdb.postinst | 17 +++++++++++++++++ debian/couchdb.service | 1 + 4 files changed, 36 insertions(+) create mode 100644 debian/couchdb.default diff --git a/debian/couchdb.default b/debian/couchdb.default new file mode 100644 index 0000000..6deb316 --- /dev/null +++ b/debian/couchdb.default @@ -0,0 +1,14 @@ +#!/bin/sh +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +ERL_EPMD_ADDRESS=127.0.0.1 diff --git a/debian/couchdb.init b/debian/couchdb.init index 34aa47f..2eedb91 100644 --- a/debian/couchdb.init +++ b/debian/couchdb.init @@ -39,6 +39,10 @@ DAEMON=/opt/couchdb/bin/couchdb START_ARGS="--chuid couchdb:couchdb --chdir /opt/couchdb --background" STOP_ARGS="--pid $PID" +if [ -r /etc/default/${NAME} ]; then + . /etc/default/${NAME} +fi + do_usage() { echo "Usage: couchdb {start|stop|status|restart|try-restart|force-reload}" >&2 } diff --git a/debian/couchdb.postinst b/debian/couchdb.postinst index b9facfd..8ee939b 100644 --- a/debian/couchdb.postinst +++ b/debian/couchdb.postinst @@ -157,6 +157,11 @@ case $1 in false fi + # set inet_dist_use_interface default if not present + if ! grep -q '^-kernel inet_dist_use_interface' /opt/couchdb/etc/vm.args; then + echo "-kernel inet_dist_use_interface '{127,0,0,1}'" >> /opt/couchdb/etc/vm.args + fi + case $mode in none) ;; @@ -166,6 +171,12 @@ case $1 in if ! setadminpass; then password_error="yes" fi + + # Bind distribution port to loopback interface only + sed -i "s/^-kernel inet_dist_use_interface '{0,0,0,0}'$/-kernel inet_dist_use_interface '{127,0,0,1}'/" /opt/couchdb/etc/vm.args + + # Bind EPMD to loopback interface + sed -i "s/^ERL_EPMD_ADDRESS=$/ERL_EPMD_ADDRESS=127.0.0.1/" /etc/default/couchdb ;; clustered) db_get couchdb/nodename && nodename="$RET" @@ -179,6 +190,12 @@ case $1 in if ! setadminpass; then password_error="yes" fi + + # Unbind distribution port from lookback interface only + sed -i "s/^-kernel inet_dist_use_interface '{127,0,0,1}'$/-kernel inet_dist_use_interface '{0,0,0,0}'/" /opt/couchdb/etc/vm.args + + # Unbind EPMD from loopback interface + sed -i "s/^ERL_EPMD_ADDRESS=127.0.0.1$/ERL_EPMD_ADDRESS=/" /etc/default/couchdb ;; *) echo "incomprehensible couchdb mode '$mode'!" 1>&2 diff --git a/debian/couchdb.service b/debian/couchdb.service index beb1c85..52cbd8c 100644 --- a/debian/couchdb.service +++ b/debian/couchdb.service @@ -4,6 +4,7 @@ Wants=network-online.target After=network-online.target [Service] +EnvironmentFile=-/etc/default/couchdb RuntimeDirectory=couchdb User=couchdb Group=couchdb