[MB-5385] make ebucketmigrator support sasl auth Created: 26/May/12  Updated: 29/May/12  Resolved: 26/May/12

Status: Resolved
Project: Couchbase Server
Component/s: ns_server
Affects Version/s: 1.8.1-release-candidate
Fix Version/s: 1.8.1
Security Level: Public

Type: Bug Priority: Major
Reporter: Aleksey Kondratenko Assignee: Aleksey Kondratenko
Resolution: Fixed Votes: 0
Labels: customer
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   
SUBJ

 Comments   
Comment by Aleksey Kondratenko [ 26/May/12 ]
http://review.couchbase.org/16447
Comment by Farshid Ghods (Inactive) [ 26/May/12 ]
Aliaksey,
bucket sasl password can also be an empty string ?
does this change consider that as well ?
Comment by Aleksey Kondratenko [ 26/May/12 ]
Yes. Note however that password is read from stdin. So you'll need something like

(auth as admin and then select particular bucket)

echo _admin | ./ebucketmigrator -a _admin --bucket-name my-bucket

or

(auth as user = bucket name that'll automagically select bucket)
echo | ./ebucketmigrator -a my-bucket
Comment by Farshid Ghods (Inactive) [ 26/May/12 ]
it makes it hard for scripting doesn't it ?
memcached commands cbstats for instance allows the user to pass the bucket name and password in the command line without having to enter it through stdin
Comment by Aleksey Kondratenko [ 26/May/12 ]
Disagree. Its still pretty simple to script. Its kind of insecure to have password on cmdline. Ie it'll be visible to all users of system.

Let me know however if you insist.
Comment by Farshid Ghods (Inactive) [ 26/May/12 ]
i can agree with you but all our memcached command lines allow the user to pass the password as an argument.

in any case this is a one time patch i am going to give to the customer so appreciate if you can add the option to read the password from the cli.

also i noticed that if bucket name is != default and sasl password is empty string ebucketmigrator does not work. in my case i changed the password to be non-empty and after that script worked but not sure if we can ask the customer to also change their password if its empty string

PATH=/opt/couchbase/bin:$PATH /opt/couchbase/bin/ebucketmigrator -h 10.1.2.31:11210 -A -V -t -b 778 -d 10.1.2.35:11210 -a third -v
Ignoring "-A" flag
...


Unknown error {'EXIT',<0.57.0>,
                  {badmatch,{memcached_error,auth_error,<<"Auth failure">>}}}
Comment by Thuan Nguyen [ 29/May/12 ]
Integrated in github-ns-server-2-0 #357 (See [http://qa.hq.northscale.net/job/github-ns-server-2-0/357/])
    MB-5385: fixed standalone bucketmigrator to support sasl auth (Revision e1bbcb0f2d5f602c777d8472dc9a076fa3631865)
MB-5385: added support for specifying password on cmdline (Revision da52c53f7d9388330ea0b5a15d4a48204f706ea2)

     Result = SUCCESS
Aliaksey Kandratsenka :
Files :
* src/ebucketmigrator.erl

Aliaksey Kandratsenka :
Files :
* src/ebucketmigrator.erl
Generated at Thu Apr 24 18:12:41 CDT 2014 using JIRA 5.2.4#845-sha1:c9f4cc41abe72fb236945343a1f485c2c844dac9.