Remove runtime configurability of core system components #1602
In the 1.x era of CouchDB, many parts of the core systems were managed via the config system. This is mostly due to in the early days, no good standard patterns for what Erlang apps looked like were obvious. This has changed now.
In addition, being able to change core parts of the database, including what code modules to load when and where, and which OS binaries to run when and where, opened us up to a set of security vulnerabilities, that we want to close once and for all with this PR by no longer allowing runtime configuration of core system parts.
This patch retains the ability to configure an existing CouchDB installation to, say, add a third party query server, but it’ll require console access to the server and restarting CouchDB from said console.
This allowed end-users post-install and even runtime-changes to which
This patch changes things, so only a post-install, but not at-runtime
This still allows people to configure their CouchDB to run a third-
Additional query servers can now be configured using environment
Where the last segment in the environment variable matches the usual
Multiple query servers can be configured by using more environment
Native Query Servers
The mango query server continues to be enabled by default. The erlang
If the legacy configuration for enabling the query server is detected,
Since the setting of the
I did this to the best of my abilities and research, but this needs
OS Daemons have been deleted completely as they were deprecated in 2.2.0
@wohali good catch, if someone were to do that, it’d override the internal ones. I think that’s still okay, if someone wanted to write a mango engine in, say, Python. We could forbid the configuring of those two specifically, but it’d be introducing quite fiddly code for not much benefit IMHO.
I'm +1 on removing runtime configurability but would prefer that the configuration is expressed in the .app files of the respective erlang applications. This will allow package maintainers (etc) to more easily tweak at build time if necessary without introducing the runtime malleability that concerns us.
@rnewson latest push defines all http handlers in
Since query servers can still be setup using env vars, the solution to this already exists: