Hi James, I’ve tried your fix and it worked !!!! Many thanks for your help (and to those on the IRC channel as well) :-)
Guillaume. On 1 March 2016 at 22:44:00, James Dingwall ([email protected]) wrote: Guillaume Belrose wrote: > Hi all, > > I’ve deployed a cluster of CouchDB servers (CentOS 6.7 CouchDB 1.6.1) which > are configured to replicate each other. The cluster runs within a production > facility that is cut of from the outside world, so so far, we’ve been running > in Admin Party mode. > When looking at the log files today, I realised that most documents would get > correctly replicated except the design documents. Replicating such documents > fails with an error message that looks like this: > > > [Thu, 11 Feb 2016 11:46:12 GMT] [error] [<0.297.0>] Replicator: couldn't > write document `_design/vistas`, revision > `3-aa26ce096d35048c7c6182624bd6ce77`, to target database `qstack_occasions`. > Error: `unauthorized`, reaso > n: `You are not a db or server admin.`. > > Is there an easy way around this? I could add a server admin to each of my > nodes, but that would mean that all the client applications (the code which > uses CouchDB) would not be able to create or delete databases (unless they > use the right credentials). This is a lot of code to change as we’ve have not > taken security into account (there was no need to given the isolation > provided elsewhere). Is it somehow possible to allow anonymous users to > create / delete databases when the admin party is off? > > I am a bit confused by the semantics as Admin Party seems to mean everybody > is an admin expect when it comes to replicating design documents. > > I use the _replicator endpoint to replicate my databases. The replication is > set via Ansible and I post a JSON document that is create from the following > template: > > - name: setup (continuous) replication for each of the databases > local_action: uri > url="http://{{ inventory_hostname }}:5984/_replicator/{{ item[1] }}_to_{{ > item[0] }}" > method=PUT > body='{"continuous":true,"target":"{{ item[0] }}","source":"http://{{ item[1] > }}:5984/{{ item[0] }}"}' > HEADER_Content-Type="application/json" > status_code=201,409 > If the target is local then you should be able to add "user_ctx" to the replication document so it has sufficient privileges to write the design documents. { ... "usert_ctx": { "roles": [ "_admin" ] }, ... } If the target is remote you will need to authenticate the connection with a user that has admin privileges for that database or is a global admin. James Zynstra is a private limited company registered in England and Wales (registered number 07864369). Our registered office and Headquarters are at The Innovation Centre, Broad Quay, Bath, BA1 1UD. This email, its contents and any attachments are confidential. If you have received this message in error please delete it from your system and advise the sender immediately.
