Details
Description
We're running into a problem where backups are failing under the following circumstances:
- Server is on Couchbase 3.0.1 community edition
- The bucket being backed up is either using SASL auth with an empty password OR it is using a dedicated port without any authentication
- The environment variable $CB_REST_PASSWORD is set to some non-empty value
How to reproduce:
1. Create a bucket and give it a dedicated port
2. Setup some convenience variables (these handy for using couchbase-cli)
export CB_REST_USERNAME=Administrator
|
export CB_REST_PASSWORD=<password>
|
3. Attempt to take a backup:
cbbackup http://localhost:8091 /var/tmp/backups -b <bucket> -u $CB_REST_USERNAME -p $CB_REST_PASSWORD
|
The error given is:
error: SASL auth failed: <hostname>:11210, user: <user>
|
It is possible to successfully get a backup by using a different environment variable name for the password. Continuing the earlier command sequence this will workaround the problem:
export FOO=$CB_REST_PASSWORD
|
unset CB_REST_PASSWORD
|
cbbackup http://localhost:8091 /var/tmp/backups -b <bucket> -u $CB_REST_USERNAME -p $FOO
|
I have dug through pump_dcp.py and determined that what's going on here is that the code is actually attempting to use the value of $CB_REST_PASSWORD as a SASL auth password which clearly makes no sense. Here is that code (lines 442-443):
github link:
https://github.com/couchbase/couchbase-cli/blob/master/pump_dcp.py#L442
sasl_user = str(self.source_bucket.get("name", pump.get_username(self.opts.username)))
|
sasl_pswd = str(self.source_bucket.get("saslPassword", pump.get_password(self.opts.password)))
|
pump.get_username() and pump.get_password() are the functions that are pulling the rest username/password from the $CB_REST_* environment variables as a fallback when the value passed in is empty. This is always the wrong thing to do here since we're trying to get the username/password for the bucket instead.
I propose the following instead:
sasl_user = str(self.source_bucket.get("name", self.opts.username))
|
sasl_pswd = str(self.source_bucket.get("saslPassword", self.opts.password))
|