diff options
author | Jan Lehnardt <jan@apache.org> | 2020-01-03 19:27:23 +0100 |
---|---|---|
committer | Jan Lehnardt <jan@apache.org> | 2020-01-03 20:46:50 +0100 |
commit | e8c2e7af2747d0818ecf88dfe876ad0ad757415d (patch) | |
tree | 68e9b392be8aa6c4fc4e4799ab21e676e7bd712a | |
parent | b9a8281a20157e2573eaf783cac2893af554f219 (diff) | |
download | couchdb-feat/disable-launch-without-admin-password.tar.gz |
feat: refuse startup with no server admin set upfeat/disable-launch-without-admin-password
includes an admin party assert escape hatch for tests
adds a log message every 5 minutes, if escape hatch is enabled.
should play nice with systemd restart policies
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | src/couch/src/couch_sup.erl | 36 |
2 files changed, 37 insertions, 1 deletions
@@ -93,7 +93,7 @@ EXUNIT_OPTS=$(subst $(comma),$(space),$(tests)) #ignore javascript tests ignore_js_suites= -TEST_OPTS="-c 'startup_jitter=0' -c 'default_security=admin_local'" +TEST_OPTS="-c 'startup_jitter=0' -c 'default_security=admin_local' -c 'COUCH_TEST_ADMIN_PARTY_OVERRIDE=1'" ################################################################################ # Main commands diff --git a/src/couch/src/couch_sup.erl b/src/couch/src/couch_sup.erl index 8dcaf1dc7..9075a9ebc 100644 --- a/src/couch/src/couch_sup.erl +++ b/src/couch/src/couch_sup.erl @@ -28,6 +28,8 @@ start_link() -> + assert_admins(), + launch_admin_annoyance_reporter(), write_pidfile(), notify_starting(), @@ -87,6 +89,40 @@ handle_config_change(_, _, _, _, _) -> handle_config_terminate(_Server, _Reason, _State) -> ok. +assert_admins() -> + couch_log:info("Preflight check: Asserting Admin Account~n", []), + case {config:get("admins"), os:getenv("COUCH_TEST_ADMIN_PARTY_OVERRIDE")} of + {[], false} -> + couch_log:info("~n%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%~n" + ++ " No Admin Account Found, aborting startup. ~n" + ++ " Please configure an admin account in your local.ini file. ~n" + ++ "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%~n", []), + % Wait a second so the log message can make it to the log + timer:sleep(500), + throw(admin_account_required); + _ -> ok + end. + + +maybe_send_no_admin_account_error_message() -> + case os:getenv("COUCH_TEST_ADMIN_PARTY_OVERRIDE") of + false -> + ok; + _ -> + couch_log:error("No Admin Account configured." + ++ " Please configure an Admin Account in your local.ini file and restart CouchDB.~n", []) + end, + launch_admin_annoyance_reporter(). + +admin_annoyance_interval() -> + FiveMinutes = 5 * 1000 * 60, + timer:sleep(FiveMinutes), + maybe_send_no_admin_account_error_message(). + +launch_admin_annoyance_reporter() -> + spawn_link(fun admin_annoyance_interval/0). + + notify_starting() -> couch_log:info("Apache CouchDB ~s is starting.~n", [ couch_server:get_version() |