2

I am new to CouchDB and have run into an odd issue. I can create a database but can't delete it.

I am setting up a test framework which will create the test version of the DB at the start and delete it at the end of the test run but I don't really want to have the framework SSH to the server as suggested in this answer Delete couchDB databases.

My setup is CentOS 7 (from the released minimal image) running in Virtual Box 4.3. I installed CouchDB from the EPEL repository, the version is reported as 1.6.1. I can manage the DB with Futon to create the database, add and delete documents. Deleting the DB in Futon hangs. Deleting with curl returns 404 not found.

$ curl -X PUT http://dbserver:5984/test
{"ok":true}
$ curl -X DELETE http://dbserver:5984/test
{"error":"not_found","reason":"missing"}

Based on the CouchDB documentation that is the correct URL to delete the DB. I disabled SELinux but that had no effect. No CouchDB security has been enabled, all settings are left at their default.

Why can't I delete the DB?

Community
  • 1
  • 1
Russ H
  • 21
  • 2
  • Try to add a / when you create it. Old documentation states: "A database must be named with all lowercase letters (a-z), digits (0-9), or any of the _$()+-/ characters and must end with a slash in the URL." I'm not if this can solve your problem, but this is what I'm doing in my library. Sometimes may happen, when you create and then delete the same database too fast, an error. – noun Dec 07 '14 at 23:10
  • Unfortunately, that didn't work. I also spaced the PUT / DELETE commands more than 30 seconds apart. Tried with and without the slash on both commands. Same response. I also tried doing two successive PUTs and the second one produced the response that the DB already exists. The DELETE then says it doesn't. – Russ H Dec 08 '14 at 01:14
  • Have you tested your installation? http://dbserver:5984/_utils/verify_install.html – Aurélien Bénel Dec 11 '14 at 06:55
  • Yes, I have run the test and it fails with an enoent error. Downloaded and built the source files in dev mode and the delete works just fine. Suspect a permissions issue on the production server. Learned enough Erlang to try and trace through the source code to find the delete handler and add debug output but it is buried way deep somewhere in the Erlang library source. At this point I have no more time to devote to this issue and since I am not tied to the CouchDB platform I have switched to MongoDB. I appreciate all of the responses. Thank you. – Russ H Dec 30 '14 at 17:21
  • I edited the question to include the note about the "Verify your Installation" failing and the log file that I get when I get the same error. – David Alan Hjelle Jan 30 '15 at 04:16
  • Well, until my edit is approved, here's a copy of the log: https://gist.github.com/dahjelle/19f3c3b8aec6d7d4b115 – David Alan Hjelle Jan 30 '15 at 12:49

1 Answers1

2

The problem seems to be a missing SELinux policy.

Running SELinux in Permissive mode, makes the "verify installation" checks work for me. (CentOS 7, couchdb 1.6.1 installed via yum from the EPEL repository).

Looking in /var/audit/audit.log reveals:

type=AVC msg=audit(1422956916.341:371): avc:  denied  { create } for  pid=2188 comm="beam" name=".test_suite_db_design" scontext=system_u:system_r:rabbitmq_beam_t:s0 tcontext=system_u:object_r:couchdb_var_lib_t:s0 tclass=dir

So, SELinux denied the couchdb process to create that directory.

Using the audit2allow tool one may create the missing rules which could be enabled using semodule command:

grep couchdb /var/log/audit/audit.log | audit2allow -M couchdbvarlib
semodule -i couchdbvarlib.pp

See here.

There's already a bug reported against CouchDB in Fedora #1098802

cbley
  • 4,538
  • 1
  • 17
  • 32
  • Awesome! Thank you! (Why didn't I think of that? ;-) ) A few notes for anyone else having this issue. 1) `setenforce 0` sets SELinux to permissive, `setenforce 1` sets SELinux to enforcing. 2) You'll have to restart CouchDB after you mess with SELinux for things to take effect. 3) `audit2allow` isn't in the minimal install, but it is in the `policycoreutils-python` package. – David Alan Hjelle Feb 03 '15 at 16:03
  • Another note here: after some more fiddling, I found there were a couple other things: 1) It appears that adding a second admin user has some SELinux issues (perhaps the first did and I missed it, I'm not sure). That means you'll want to create an admin while SELinux is in permissive mode. 2) Similarly, create an run a view while in permissive mode to capture those errors. 3) `grep couchdb` is too restrictive a search (in other words, in doesn't catch the errors in `couchjs` for views. `grep couch` instead. – David Alan Hjelle Feb 03 '15 at 18:52