Changing admin password in a cluster #4652
-
As part of our security best practices, we regularly have to change the admin password of our couchdb clusters. Is it as simple as updating |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
That could work as long as the 10-admins.ini file is writable, as on first use it will be update it with the hashed value (admin = -pbkdf2-...`). But note, if the file is updated outside CouchDB, by some external process (ex: configuration management replaces it on disk), CouchDB won't automatically re-read it from disk. It doesn't automatically poll or monitor config files after the initial read. So, you could either restart the node yourself, or issue a POST to This shouldn't affect data synchronization in a cluster as that goes over Erlang distribution: https://docs.couchdb.org/en/stable/setup/cluster.html#ports-and-firewalls. But obviously might affect clients which didn't update their admin:pass combination yet. |
Beta Was this translation helpful? Give feedback.
-
you also ideally want to set all nodes to the same hashed form, otherwise a session cookie acquired on one node will not be accepted by the others. either 1) generate the hashed form yourself when PUT'ing to config (and remember to set |
Beta Was this translation helpful? Give feedback.
That could work as long as the 10-admins.ini file is writable, as on first use it will be update it with the hashed value (admin = -pbkdf2-...`).
But note, if the file is updated outside CouchDB, by some external process (ex: configuration management replaces it on disk), CouchDB won't automatically re-read it from disk. It doesn't automatically poll or monitor config files after the initial read. So, you could either restart the node yourself, or issue a POST to
http://adm:$oldpass@$url/_node/[email protected]/_config/_reload
that will force a reload.This shouldn't affect data synchronization in a cluster as that goes over Erlang distribution: https://docs.couchdb.org/en/stable/setup/clus…