Commit 260b0069 authored by Marco Mariani's avatar Marco Mariani

connect to postgres through stunnel

parent 75f83ced
......@@ -49,7 +49,7 @@ class Recipe(GenericBaseRecipe):
The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe.
"""
def fetch_host(self, options):
def fetch_ipv6_host(self, options):
"""
Returns a string represtation of ipv6_host.
May receive a regular string, a set or a string serialized by buildout.
......@@ -64,7 +64,7 @@ class Recipe(GenericBaseRecipe):
def _options(self, options):
options['password'] = self.generatePassword()
options['url'] = 'postgresql://%(user)s:%(password)s@[%(host)s]:%(port)s/%(dbname)s' % dict(options, host=self.fetch_host(options))
options['url'] = 'postgresql://%(user)s:%(password)s@[%(ipv4_host)s]:%(port)s/%(dbname)s' % options
def install(self):
......@@ -109,7 +109,7 @@ class Recipe(GenericBaseRecipe):
with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
cfg.write(textwrap.dedent("""\
listen_addresses = '%s'
listen_addresses = '%s,%s'
logging_collector = on
log_rotation_size = 50MB
max_connections = 100
......@@ -124,7 +124,8 @@ class Recipe(GenericBaseRecipe):
unix_socket_directory = '%s'
unix_socket_permissions = 0700
""" % (
self.fetch_host(self.options),
self.options['ipv4_host'],
self.fetch_ipv6_host(self.options),
pgdata,
)))
......@@ -138,9 +139,10 @@ class Recipe(GenericBaseRecipe):
# "local" is for Unix domain socket connections only (check unix_socket_permissions!)
local all all ident
host all all 127.0.0.1/32 md5
host all all %s/32 md5
host all all ::1/128 md5
host all all %s/128 md5
""" % self.fetch_host(self.options)))
""" % (self.options['ipv4_host'], self.fetch_ipv6_host(self.options))))
def createDatabase(self):
......
......@@ -43,6 +43,7 @@ recipe = slapos.cookbook:postgres
# Options
ipv6_host = $${instance-parameters:ipv6}
ipv4_host = $${slap-network-information:local-ipv4}
user = user
port = 5432
dbname = db
......
......@@ -85,7 +85,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
output = ${buildout:directory}/instance-postgres.cfg
md5sum = 509bd41a73928367c74308968908cdb7
md5sum = 03247dadc6b665ed3b876ddc8b1830bf
mode = 0644
[instance-postgres-import]
......
......@@ -132,8 +132,8 @@ config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
local-host = $${postgres-instance:ip} # XXX we don't need tunnel
local-port = $${postgres-instance:port} # XXX we don't need tunnel
local-host = $${postgres-instance:ipv4_host}
local-port = $${postgres-instance:port}
remote-host = $${slap-network-information:global-ipv6}
remote-port = 6446
client = false
......@@ -174,7 +174,7 @@ user = postgres
port = 5432
dbname = db
# XXX the next line is required by stunnel, not by us
ip = $${slap-network-information:local-ipv4}
ipv4_host = $${slap-network-information:local-ipv4}
# pgdata_directory is created by initdb, and should not exist beforehand.
pgdata-directory = $${rootdirectory:var}/data
backup-directory = $${basedirectory:backup}/postgres
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment