Setting up couch2pg to read from medic-sentinel

Technical Support
1

Hi there!

I see that CHT couch2pg has this flag:

  • SYNC_DB_SENTINEL - Whether to sync the content of the medic-sentinel database. Suggested: true

When I run cht-couch2pg I get this error:

[2025-02-04T05:39:18.632Z ERROR]:  Couch2PG import failed
[2025-02-04T05:39:18.632Z ERROR]:  {
  error: 'forbidden',
  reason: 'You are not allowed to access this db.',
  status: 403,
  name: 'forbidden',
  message: 'You are not allowed to access this db.',
  stack: 'Error\n' +
    '    at Object.generateErrorFromResponse (/var/adapter/shared/cht-couch2pg-v3.6.2/node_modules/pouchdb-errors/lib/index.js:104:18)\n' +
    '    at /var/adapter/shared/cht-couch2pg-v3.6.2/node_modules/pouchdb-adapter-http/lib/index.js:254:33\n' +
    '    at runMicrotasks (<anonymous>)\n' +
    '    at processTicksAndRejections (internal/process/task_queues.js:97:5)'
}

And I’ve been told that this is because the user I’m using (couch2pg) doesn’t have access to the medic-sentinel database in CouchDB.

How do I give my couch2pg user access to the database to avoid this 403 when cht-couch2pg runs??

(I know I should be using CHT Sync, but this is an old install that hasn’t made the migration yet)

2

In cht-core 4.x, there are no longer multiple admin users (per service) by design.

I’m suspecting this older project started on 3.x and recently upgraded to 4.x leading to a change in couchdb configuration files that hold admin user credentials. Unfortunately, the current bootstrap scripts and templates don’t allow importing custom configuration files as lots of default config values changed. If that is a path we want to resolve, a few scripts that ensure the import of CouchDB settings are appropriate parameters for its version should be sufficient.

The manual workarounds would be:

  • edit couch2pg configuration to use the single admin in cht-core 4.x
    OR
  • Log into couchdb-1 container and add a new admin to the persistent volume, in location: /opt/couchdb/etc/local.d/cluster-credentials.ini. Restart couchdb-1 and copy that password hash into the couchdb containers at the same location.
3

This can also be achieved by changing the security property of the database:

This is super easy to be done in Fauxton, but CURL works just the same:

image
image1043Ă—558 72.4 KB

image
image1024Ă—559 66.5 KB

To curl you would call /medic-sentinel/_security and PUT to add this new user.

1 Like
4

Sweet! Confirming that clicking the lock for medic-sentinel and then adding my couch2pg user in the “Members” section worked! (note: screenshot above shows medic-audit DB, but users should click medic-sentinel or which ever DB is in question)

I tested this before the change with curl and got a forbidden:

$ curl -s https://couch2pg:********@my.cht-url-here.com/medic-sentinel/ | jq
{
  "error": "forbidden",
  "reason": "You are not allowed to access this db."
}

And the re-running the exact same command after adding my user I got the expected JSON payload:

$ curl -s https://couch2pg:********@my.cht-url-here.com/medic-sentinel/ | jq
{
  "instance_start_time": "1547767256",
  "db_name": "medic-sentinel",
  "purge_seq": "0-g1AAAAJbeJzLYWBg4MhgTmEwSs4vTc5ISXKA0rpGermlxfm6uYk5mboFRfkpesVlyXrJOaXFJalFejn5yYk5OUC9THksQJLhAZD6DwRZiQxYDTMkxbADEMPu4zLMmBTDFkAM24_LMJK82QAxbD6F3kxKAJJJ9XjCi0gvJjmADIrHYxCR3ktSABlkT3kMJjIkyUNMyQIAVefP3Q",
  "update_seq": "118847034-g1AAAASLeJzLYWBg4MhgTmEwSs4vTc5ISXKA0rpGermlxfm6uYk5mboFRfkpesVlyXrJOaXFJalFejn5yYk5OUC9THksQJLhAZD6DwRZGcxJDI-ux-UCxdiTUlPMkk1SyTIbq5MMSXHSAYiT7kOctJgf7CQLc4u05DRzsszG6iRjUpy0AOKk_RAndcuCnZRonGyeZmxIltmUR1wDxEnzIU5aOxHspDQLMyNDY1O6R1xSApBMqoenozsfwc4xSDU0SjZKoXukJTmAnBMPd06_KsQ5hqmWKalmdI-wJAWQc-zhzpl9DOwco2QTCwPzRLpHViJDkjzcLbudwW4xt0xKTkszIcvQLAD-kpH2",
  "sizes": {
    "file": 25499597099,
    "external": 11573022115,
    "active": 23230910833
  },
  "props": {},
  "doc_del_count": 10305086,
  "doc_count": 32225475,
  "disk_format_version": 8,
  "compact_running": false,
  "cluster": {
    "q": 8,
    "n": 1,
    "w": 1,
    "r": 1
  }
}

Thanks again!