As Jan says, and as my SO reply says, this is fixable. You absolutely do not need sticky load balancer routing for this (I can state definitely that Cloudant uses round-robin haproxy in their lb tier).
Since the salt is the likely issue here and only applies to admins (as user hashes are in the distributed _users database), I recommend you not use admin credentials for regular database access, reserve those for the operations that require admin powers. B. > On 14 May 2017, at 18:55, Geoffrey Cox <[email protected]> wrote: > > Thanks Robert, but in my testing, I found that you need to use cookie based > routing, i.e. sticky sessions, in order for the the session to persist when > you are using haproxy. This is even when you set the secret to be the same > on all nodes. > > My working solution with cookie-based routing can be found at > https://github.com/redgeoff/couchdb-docker/blob/production-multi-node/README.md#run-cluster-via-docker-compose-wip > > On Sun, May 14, 2017, 09:50 Robert Samuel Newson <[email protected]> wrote: > >> A session cookie acquired on one node is recognised by any other node if >> you follow the instructions below (these are in the docs and _cluster_setup >> does this too). >> >> You need to ensure each node has the same secret in couch_httpd_auth. It's >> randomized at startup if not set, so set it to something (large, random) >> before starting couchdb. >> >> For _admin_ users, you also need to ensure you set the same hashed version >> in the .init file as the salt value is part of the cookie state (so that >> cookies are invalidated when passwords change). >> >> Basically, anything in the .ini file needs synchronising between the nodes >> externally. By hand, but more likely using chef / puppet, etc. >> >> Cloudant, for example, generates default.ini from a template which sets a >> cluster-wide couch_httpd_auth secret and the [admins] section. >> >> B. >> >>> On 14 May 2017, at 02:43, Geoffrey Cox <[email protected]> wrote: >>> >>> Hi! >>> >>> Anyone have any ideas on this? >> http://stackoverflow.com/q/43958527/2831606 >>> >>> Thanks! >>> >>> Geoff >> >>
