Interesting thought, Simon. How do you generate the hashed password in the initial local.ini file? Do you use a cleat text one and then let the first CouchDB node hash it? If so, I tried this approach (actually sharing the local.ini file via EFS) and the drawback I found was that you have to wait for this first node to complete this process before starting any other nodes, which I find to sometimes be a little bit of a hindrance when coordinating the initial start of the nodes; not impossible, but an extra step indeed.
On Thu, Jul 20, 2017, 23:12 Simon Keary <[email protected]> wrote: > > Hi Geoff, > > I don't know whether this is relevant for the Docker case but we store the > local.ini file with the hashed password in S3 for the servers we use. When > we recreate the servers in our cluster the cloud-init scripts copy across > the local.ini file with the hashed password in it. > > Cheers, > Simon > > > -----Original Message----- > From: Joan Touzet [mailto:[email protected]] > Sent: Friday, 21 July 2017 12:31 PM > To: [email protected] > Subject: Re: Running a CouchDB 2.0 Cluster in Production on AWS with Docker > > Hi Geoff, > > I describe one approach in the Chef CouchDB cookbook: > > https://github.com/wohali/couchdb-cookbook > > "One way is by downloading and extracting CouchDB's source code, changing > into the dev/ directory, and running the following one-liner, replacing > MYPASSWORD with your desired password:" > > python -c 'import uuid;from pbkdf2 import > pbkdf2_hex;password="MYPASSWORD";salt=uuid.uuid4().hex;iterations=10;print("-pbkdf2-{},{},{}".format(pbkdf2_hex(password,salt,iterations,20),salt,iterations))' > > -Joan > > ----- Original Message ----- > From: "Geoffrey Cox" <[email protected]> > To: "user" <[email protected]> > Sent: Thursday, 20 July, 2017 11:53:13 PM > Subject: Running a CouchDB 2.0 Cluster in Production on AWS with Docker > > Hi, > > I finally got around to writing a post on how we are running a CouchDB 2.0 > cluster in production on AWS < > https://medium.com/@redgeoff/running-a-couchdb-2-0-cluster-in-production-on-aws-with-docker-50f745d4bdbc > >. > I hope this helps others to bootstrap their projects. > > For the community, is there a command line tool or a simple command line > script that can be written to generate the pbkdf2 hash of a password given > the clear text password and secret? I know you can start a CouchDB node > with a clear text password in the local.ini file and then have it create > the hashed value, but this is a bit roundabout. > > If you have any feedback, please send it my way. > > Thanks! > > Geoff > > Disclaimer: > This message contains confidential information and is intended only for > the individual(s) named. If you are not the named addressee you should not > disseminate, distribute or copy this email. Please immediately delete it > and all copies of it from your system, destroy any hard copies of it, and > notify the sender. Email transmission cannot be guaranteed to be secure or > error-free as information could be intercepted, corrupted, lost, destroyed, > arrive late or incomplete, or contain viruses. To the maximum extent > permitted by law, Immersive Technologies Pty. Ltd. does not accept > liability for any errors or omissions in the contents of this message which > arise as a result of email transmission. >
