Configure sync gateway to connect to a password protected sync db?

[Jeremy Kelley]

I'm sure I'm missing something obvious but I'm trying to get syncgateway to connect to a bucket that is password protected.

I have tried setting something like 

...

"databases":{ "mysyncdb": {

   "server":"http://mysyncdb:PASS...@db.server.com",

   ...

} } ...

I've tried setting a separate "password"  key in the database stanza.

I found a pull request that mentioned how to do this for shadowed buckets (put the name of the bucket as the username).

This is the error I'm seeing.

18:28:37.187523 FATAL: Error opening database: 502 Unable to connect to server: HTTP error 401 Unauthorized getting "http://db-00.lvlr.io:8091/pools":  -- rest.RunServer() at config.go:358

Am I missing something obvious?

I'll admit I've not dug into the actual source of sync gateway yet, but that's next.

Thanks.

-jeremy

[Jens Alfke]

On Aug 5, 2014, at 3:31 PM, Jeremy Kelley <nods...@gmail.com> wrote:

I've tried setting a separate "password"  key in the database stanza.

You need to set both "username" and "password" properties.

—Jens

[Jeremy Kelley]

Jens - I have tried that.

Here is my json config for sync gateway.

{

  "interface":":4984",

  "adminInterface":":4985",

  "verbose":true,

  "log":["REST", "CRUD", "Shadow"],

  "databases":{

    "dbsync":{

      "username": "Administrator",

      "password": "SECRET",

      "server":"http://MYSERVER:8091",

      "bucket":"dbsync",

      "sync":`function(doc) { if(doc.type=="co") channel(doc._id); else channel(doc.co);}`,

      "shadow": {

        "server": "http://mydb:OTHERSECRET@MYSERVER:8091",

        "bucket": "mydb"

      }

    }

  }

}

The user/pass are the same I login to my couchbase console with.

The error I'm seeing is:

20:59:50.260325 Enabling logging: [REST CRUD Shadow]

20:59:50.260921 ==== Couchbase Sync Gateway/1.00 (1.0.1-18; commit 81a69a16) ====

20:59:50.261131 Configured Go to use all 2 CPUs; setenv GOMAXPROCS to override this

20:59:50.261350 Opening db /dbsync as bucket "dbsync", pool "default", server <http://MYSERVER:8091>

20:59:50.261597 Opening Couchbase database dbsync on <http://MYSERVER:8091> as user "Administrator"

20:59:50.549766 WARNING: Error from Incr in _reserveSequences(0): MCResponse status=0x20, opcode=SASL_AUTH, opaque=0, msg: Auth failure -- db.(*sequenceAllocator)._reserveSequences() at sequence_allocator.go:59

20:59:50.549954 FATAL: Error opening database: MCResponse status=0x20, opcode=SASL_AUTH, opaque=0, msg: Auth failure -- rest.RunServer() at config.go:358

Again, I'm sure it's some misconfiguration on my part but I can't seem to figure it out.  Thanks.

[Jeremy Kelley]

Followup with resolution.

Couple of issues compounded the wonkiness  but the big takeaway is that the sync bucket config allows username and password to be specified in the url or via  `username` and `password` members in the dict.  However, the shadow db config will only work with the username/password  keywords.  I figured this out when I realized the dbConfig stanza goes out of it's way to initialize user/pass from the url if not set but doesn't do the same thing for the shadowConfig.  (see https://github.com/couchbase/sync_gateway/blob/1da4ee46a91c4cad15074233fcdd7cfd4603ee63/src/github.com/couchbaselabs/sync_gateway/rest/config.go#L119 ) 

Also - and I had to dig to find this - the "Administrator" account is NOT the correct one.  The errors here are a bit esoteric and useless to me.  The correct thing to do is set the SASL password per the bucket via admin console.  Then, in your sync config, set username=NameOfBucket and password=(the sasl password you set in the console).   I spent a ton of time thinking I wasn't connecting to the sync bucket, but instead my issue was with the shadow bucket.

I'm sure this is all documented somewhere, but I couldn't find it.  Maybe my goof will help someone else.

-jeremy

On Tuesday, August 5, 2014 5:31:21 PM UTC-5, Jeremy Kelley wrote:

[Jens Alfke]

Thanks a lot for posting your answers, Jeremy! I've filed an internal ticket against our docs, with a link to this thread, so we can update the docs to describe this more clearly. (Including the part about getting the right credentials for the Couchbase Server bucket.)

—Jens