From b3b7f065c745c6c5eb53ae52f3316bdacbc831e2 Mon Sep 17 00:00:00 2001 From: Marco Mariani <marco.mariani@nexedi.com> Date: Tue, 25 Sep 2012 16:25:08 +0200 Subject: [PATCH] only listen to ipv6 address, and unix socket --- slapos/recipe/postgres/__init__.py | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/slapos/recipe/postgres/__init__.py b/slapos/recipe/postgres/__init__.py index dce35a223..85e2f522a 100644 --- a/slapos/recipe/postgres/__init__.py +++ b/slapos/recipe/postgres/__init__.py @@ -27,13 +27,11 @@ import md5 import os -import sys import subprocess import textwrap from zc.buildout import UserError from slapos.recipe.librecipe import GenericBaseRecipe -from slapos.recipe.librecipe import filehash class Recipe(GenericBaseRecipe): @@ -75,11 +73,13 @@ class Recipe(GenericBaseRecipe): def createConfig(self): + from zc.buildout import buildout pgdata = self.options['pgdata-directory'] + host = buildout.loads(self.options['ipv6_host']).pop() # XXX ugly hack with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg: - # XXX TODO listen_addresses cfg.write(textwrap.dedent("""\ + listen_addresses = '%s' logging_collector = on log_rotation_size = 50MB max_connections = 100 @@ -90,7 +90,7 @@ class Recipe(GenericBaseRecipe): lc_numeric = 'en_US.UTF-8' lc_time = 'en_US.UTF-8' default_text_search_config = 'pg_catalog.english' - """)) + """ % host)) with open(os.path.join(pgdata, 'pg_hba.conf'), 'wb') as cfg: @@ -103,7 +103,8 @@ class Recipe(GenericBaseRecipe): local all all ident host all all 127.0.0.1/32 md5 host all all ::1/128 md5 - """)) + host all all %s/128 md5 + """ % host)) def createDatabase(self): @@ -114,9 +115,14 @@ class Recipe(GenericBaseRecipe): """ Creates a Postgres superuser - other than "slapuser#" for use by the application. """ + user = self.options['user'] password = 'insecure' - enc_password = md5.md5(password).hexdigest() - self.runPostgresCommand(cmd="""CREATE USER "%s" PASSWORD '%s' SUPERUSER""" % (self.options['user'], enc_password)) + + # XXX should send it encrypted, didn't work + # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html + # enc_password = 'md5' + md5.md5(password+user).hexdigest() + + self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password)) def runPostgresCommand(self, cmd): @@ -135,6 +141,7 @@ class Recipe(GenericBaseRecipe): p = subprocess.Popen([postgres_binary, '--single', '-D', pgdata, + '-d', '1', # debug level, do not output commands 'postgres', ], stdin=subprocess.PIPE) -- 2.30.9