Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Cédric Le Ninivin
slapos
Commits
54283870
Commit
54283870
authored
Feb 05, 2014
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
erp5.mariadb: Provide a way to enable SSL support.
parent
8cffc02a
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
68 additions
and
3 deletions
+68
-3
software/erp5/instance-mariadb-input-schema.json
software/erp5/instance-mariadb-input-schema.json
+19
-0
stack/erp5/buildout.cfg
stack/erp5/buildout.cfg
+2
-2
stack/erp5/instance-mariadb.cfg.in
stack/erp5/instance-mariadb.cfg.in
+39
-1
stack/erp5/my.cnf.in
stack/erp5/my.cnf.in
+8
-0
No files found.
software/erp5/instance-mariadb-input-schema.json
View file @
54283870
...
...
@@ -90,6 +90,25 @@
"description"
:
"When enabled, sets innodb_flush_log_at_trx_commit = 0, innodb_flush_method = nosync, innodb_doublewrite = 0 and sync_frm = 0 - RTFM, those options are dangerous"
,
"default"
:
false
,
"type"
:
"boolean"
},
"ssl"
:
{
"description"
:
"Enable and define SSL support for network connections"
,
"default"
:
{},
"properties"
:
{
"ca-crt"
:
{
"description"
:
"Certificate Authority's certificate, in PEM format"
,
"type"
:
"string"
,
},
"crt"
:
{
"description"
:
"Server's certificate, in PEM format (mandatory to enable SSL support)"
,
"type"
:
"string"
},
"key"
:
{
"description"
:
"Server's key, in PEM format (mandatory to enable SSL support)"
,
"type"
:
"string"
}
},
"type"
:
"object"
}
}
}
stack/erp5/buildout.cfg
View file @
54283870
...
...
@@ -174,7 +174,7 @@ context =
[template-mariadb]
< = download-base
filename = instance-mariadb.cfg.in
md5sum =
d51a5ad6cfa76b7bc20519694e88df80
md5sum =
31e49ad3abb6926f21f29c53cda49ebb
link-binary =
${coreutils:location}/bin/basename
${coreutils:location}/bin/cat
...
...
@@ -205,7 +205,7 @@ md5sum = b54344ee94519f7e95e270664ba3dc99
[template-my-cnf]
< = download-base
filename = my.cnf.in
md5sum =
774b0e5d167b75a0ad8ead45fa2eadf6
md5sum =
21d1e74c964a4882f33c360e9c8a3d44
[template-mariadb-initial-setup]
< = download-base
...
...
stack/erp5/instance-mariadb.cfg.in
View file @
54283870
...
...
@@ -29,6 +29,40 @@ recipe = slapos.cookbook:publish.serialised
database-list = {{ render_database_list(database_list) }}
test-database-list = {{ render_database_list(test_database_list) }}
[simplefile]
recipe = slapos.recipe.template:jinja2
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section(section_name) }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{content_section_name}}:content
mode = {{ mode }}
{%- endmacro %}
{% set ssl_dict = {} -%}
{% macro sslfile(key, content, mode='644') -%}
{% set path = '${directory:mariadb-ssl}/' ~ key ~ '.pem' -%}
{% do ssl_dict.__setitem__(key, path) -%}
{{ simplefile('ssl-file-' ~ key, path, content, mode) }}
{%- endmacro %}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl') -%}
{% if ssl_parameter_dict -%}
{% set base_directory = '${directory:mariadb-ssl}/' -%}
{# Note: The key content will be stored in .installed.cfg, and this template's
rendering, so the only point of mode is to avoid risking mariadb complaining
about laxist file mode. -#}
{{ sslfile('key', ssl_parameter_dict['key'], mode='600') }}
{{ sslfile('crt', ssl_parameter_dict['crt']) }}
{% if 'ca-crt' in ssl_parameter_dict -%}
{{ sslfile('ca-crt', ssl_parameter_dict['ca-crt']) }}
{% endif -%}
{%- endif %}
{% if full_backup_retention_days > -1 -%}
[{{ section('cron-entry-mariadb-backup') }}]
<= cron
...
...
@@ -75,7 +109,10 @@ binlog-path = ${directory:mariadb-backup-incremental}/binlog
binlog-expire-days = {{ incremental_backup_retention_days }}
{% else %}
binlog-path =
{% endif -%}
{%- endif %}
{%- for key, value in ssl_dict.items() -%}
ssl-{{ key }} = {{ value }}
{% endfor %}
[my-cnf]
recipe = slapos.recipe.template:jinja2
...
...
@@ -206,6 +243,7 @@ mariadb-backup-full = ${:backup}/mariadb-full
mariadb-backup-incremental = ${:backup}/mariadb-incremental
logrotate-backup = ${:backup}/logrotate
mariadb-data = ${:srv}/mariadb
mariadb-ssl = ${:etc}/mariadb-ssl
var = ${buildout:directory}/var
log = ${:var}/log
run = ${:var}/run
...
...
stack/erp5/my.cnf.in
View file @
54283870
...
...
@@ -70,6 +70,14 @@ collation_server = utf8_unicode_ci
character_set_server = utf8
skip_character_set_client_handshake
{% if 'ssl-key' in parameter_dict -%}
ssl_cert = {{ parameter_dict['ssl-crt'] }}
ssl_key = {{ parameter_dict['ssl-key'] }}
{% if 'ssl-ca-crt' in parameter_dict -%}
ssl_ca = {{ parameter_dict['ssl-ca-crt'] }}
{%- endif %}
{%- endif %}
[client]
socket = {{ socket }}
user = root
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment