HPE 3PAR StoreServ Storage

3PAR quorum couchdb security


3PAR quorum couchdb security

Hello all,

Have someone experiance with the security on the couchdb which is used on the quorum server. Is it possible to add a security password on it, to prevent a non password connection. Or is it used by the controllers to communicate, in a peer persistance configuration.

Normally it is a way that can be used to check if it's running:


with response: {"couchdb":"Welcome","version":"1.0.4"}

With regards,



Re: 3PAR quorum couchdb security

This is security volunerability issue. Which would be fixed in the next release of Quorum Witness which would be expected to release next year ( 2019). As of now we have below available action plan as a workaround ;

  1. Add new firewall rules to allow access to port 8080 from the 3PAR arrays allowed access to the Quorum Witness and to block access to all others.

iptables -I INPUT 1 -p tcp –dport 8080 -s <ip-addr-array1> -j ACCEPT

iptables -I INPUT 2 -p tcp –dport 8080 -s <ip-addr-array2> -j ACCEPT

<add rules for additional 3PAR arrays sharing the quorum witness> iptables -I INPUT 3 -p tcp –dport 8080 -j DROP

  1. Save the firewall rules:

/etc/init.d/iptables save

  1. Restart the firewall with the newly saved rules:

/etc/init.d/iptables restart

  1. Verify that the rules are as expected (the 3 news rules are at the top).

iptables -L