1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
# Each node in the system must have a unique name. These are specified through
# the Erlang -name flag, which takes the form:
#
# -name nodename@<FQDN>
#
# or
#
# -name nodename@<IP-ADDRESS>
#
# CouchDB recommends the following values for this flag:
#
# 1. If this is a single node, not in a cluster, use:
# -name couchdb@127.0.0.1
#
# 2. If DNS is configured for this host, use the FQDN, such as:
# -name couchdb@my.host.domain.com
#
# 3. If DNS isn't configured for this host, use IP addresses only, such as:
# -name couchdb@192.168.0.1
#
# Do not rely on tricks with /etc/hosts or libresolv to handle anything
# other than the above 3 approaches correctly. They will not work reliably.
#
# Multiple CouchDBs running on the same machine can use couchdb1@, couchdb2@,
# etc.
{{node_name}}
# All nodes must share the same magic cookie for distributed Erlang to work.
# Uncomment the following line and append a securely generated random value.
# -setcookie
# Which interfaces should the node listen on?
-kernel inet_dist_use_interface {127,0,0,1}
# Tell kernel and SASL not to log anything
-kernel error_logger silent
-sasl sasl_error_logger false
# This will toggle to true in Erlang 25+. However since we don't use global
# any longer, and have our own auto-connection module, we can keep the
# existing global behavior to avoid surprises. See
# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more
# information about possible increased coordination and messages being sent on
# disconnections when this setting is enabled.
#
-kernel prevent_overlapping_partitions false
# Increase the pool of dirty IO schedulers from 10 to 16
# Dirty IO schedulers are used for file IO.
+SDio 16
# Increase distribution buffer size from default of 1MB to 32MB. The default is
# usually a bit low on busy clusters. Has no effect for single-node setups.
# The unit is in kilobytes.
+zdbbl 32768
# When running on Docker, Kubernetes or an OS using CFS (Completely Fair
# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to
# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares.
#+sbwt none
#+sbwtdcpu none
#+sbwtdio none
# Comment this line out to enable the interactive Erlang shell on startup
+Bd -noinput
# Set maximum SSL session lifetime to reap terminated replication readers
-ssl session_lifetime 300
## TLS Distribution
## Use TLS for connections between Erlang cluster members.
## http://erlang.org/doc/apps/ssl/ssl_distribution.html
##
## Generate Cert(PEM) File
## This is just an example command to generate a certfile (PEM).
## This is not an endorsement of specific expiration limits, key sizes, or algorithms.
## $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
## $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem
##
## Generate a Config File (couch_ssl_dist.conf)
## [{server,
## [{certfile, "</path/to/erlserver.pem>"},
## {secure_renegotiate, true}]},
## {client,
## [{secure_renegotiate, true}]}].
##
## CouchDB recommends the following values for no_tls flag:
## 1. Use TCP only, set to true, such as:
## -couch_dist no_tls true
## 2. Use TLS only, set to false, such as:
## -couch_dist no_tls false
## 3. Specify which node to use TCP, such as:
## -couch_dist no_tls \"*@127.0.0.1\"
##
## To ensure search works, make sure to set 'no_tls' option for the clouseau node.
## By default that would be "clouseau@127.0.0.1".
## Don't forget to override the paths to point to your certificate(s) and key(s)!
##
#-proto_dist couch
#-couch_dist no_tls '"clouseau@127.0.0.1"'
#-ssl_dist_optfile <path/to/couch_ssl_dist.conf>
# Enable FIPS mode
# https://www.erlang.org/doc/apps/crypto/fips.html
# Ensure that:
# - Erlang is built with --enable-fips configuration option
# - Crypto library (e.g. OpenSSL) supports this mode
#
# When the mode is successfully enabled "Welcome" message should show `fips`
# in the features list.
#
#-crypto fips_mode true
|
