Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
c147f794
Commit
c147f794
authored
Nov 08, 2021
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/metabase: generate proper passwords
parent
46c9fd3e
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
50 additions
and
13 deletions
+50
-13
software/metabase/README.md
software/metabase/README.md
+2
-2
software/metabase/buildout.hash.cfg
software/metabase/buildout.hash.cfg
+1
-1
software/metabase/instance.cfg.in
software/metabase/instance.cfg.in
+47
-10
No files found.
software/metabase/README.md
View file @
c147f794
# Metabae
# Metaba
s
e
https://www.metabase.com/
https://www.metabase.com/
## TODO:
## TODO:
*
export backups for resilience
*
export backups for resilience
*
security (
proper passwords,
verifiable certificate, study metabase encryption option)
*
security (verifiable certificate, study metabase encryption option)
software/metabase/buildout.hash.cfg
View file @
c147f794
[instance-profile]
[instance-profile]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
d611a567cdd2bb919b0263a44b8bb754
md5sum =
10bfacf784241b080d3e8b22cf2b5359
software/metabase/instance.cfg.in
View file @
c147f794
...
@@ -49,19 +49,56 @@ promise = check_url_available
...
@@ -49,19 +49,56 @@ promise = check_url_available
name = $${:_buildout_section_name_}.py
name = $${:_buildout_section_name_}.py
config-url= $${metabase-instance:url}/api/session/properties
config-url= $${metabase-instance:url}/api/session/properties
[metabase-keystore-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[metabase-keystore]
[metabase-keystore]
recipe = plone.recipe.command
recipe = plone.recipe.command
stop-on-error = true
command =
command =
${java:location}/bin/keytool \
if [ -f $${:file} ]
-genkeypair \
then
-alias "metabase" \
# XXX password used to be "insecure", but we changed to proper password.
-keyalg RSA \
# We try to list the store with the new password and if it fail we change
-keypass "$${:password}" \
# the keystore password.
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
if ! ${java:location}/bin/keytool \
-keystore "$${:file}" \
-list \
-storepass "$${:password}"
-keystore "$${:file}" \
-storepass "$${:password}"
then
echo "Migrating keystore password" && \
${java:location}/bin/keytool \
-storepasswd \
-keystore "$${:file}" \
-storepass insecure \
-new "$${:password}" && \
echo "Migrating certificate key password" && \
${java:location}/bin/keytool \
-keypasswd \
-alias "$${:alias}" \
-keypass insecure \
-new "$${:password}" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
else
${java:location}/bin/keytool \
-genkeypair \
-alias "$${:alias}" \
-keyalg RSA \
-keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
file = $${directory:etc}/.metabase_keystore
file = $${directory:etc}/.metabase_keystore
password = insecure
password = $${metabase-keystore-password:passwd}
alias = metabase
[postgresql-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[postgresql]
[postgresql]
recipe = slapos.cookbook:postgres
recipe = slapos.cookbook:postgres
...
@@ -69,7 +106,7 @@ bin = ${postgresql10:location}/bin/
...
@@ -69,7 +106,7 @@ bin = ${postgresql10:location}/bin/
services = $${directory:service}
services = $${directory:service}
dbname = metabase_db
dbname = metabase_db
superuser = metabase-psql
superuser = metabase-psql
password =
insecure
password =
$${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql
pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random}
ipv4 = $${instance-parameter:ipv4-random}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment