Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
c80ffdef
Commit
c80ffdef
authored
Jan 22, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Plain Diff
Expose hashed passwords in slapos.cookbook:generate.password
See merge request
nexedi/slapos!1506
parents
81a83ffe
e820c7d0
Changes
23
Hide whitespace changes
Inline
Side-by-side
Showing
23 changed files
with
82 additions
and
57 deletions
+82
-57
component/apache/buildout.cfg
component/apache/buildout.cfg
+2
-2
component/rust/buildout.cfg
component/rust/buildout.cfg
+2
-2
software/dufs/buildout.hash.cfg
software/dufs/buildout.hash.cfg
+1
-1
software/dufs/instance.cfg.in
software/dufs/instance.cfg.in
+3
-2
software/dufs/software.cfg
software/dufs/software.cfg
+2
-2
software/dufs/test/test.py
software/dufs/test/test.py
+20
-0
software/erp5/test/test/test_erp5.py
software/erp5/test/test/test_erp5.py
+17
-0
software/restic-rest-server/buildout.hash.cfg
software/restic-rest-server/buildout.hash.cfg
+1
-1
software/restic-rest-server/instance.cfg.in
software/restic-rest-server/instance.cfg.in
+5
-13
software/restic-rest-server/software.cfg
software/restic-rest-server/software.cfg
+1
-2
software/seleniumserver/buildout.hash.cfg
software/seleniumserver/buildout.hash.cfg
+1
-1
software/seleniumserver/instance-selenium.cfg.in
software/seleniumserver/instance-selenium.cfg.in
+2
-2
software/slapos-master/buildout.hash.cfg
software/slapos-master/buildout.hash.cfg
+1
-1
software/slapos-master/instance-erp5.cfg.in
software/slapos-master/instance-erp5.cfg.in
+6
-5
software/theia/buildout.hash.cfg
software/theia/buildout.hash.cfg
+1
-1
software/theia/instance-theia.cfg.jinja.in
software/theia/instance-theia.cfg.jinja.in
+1
-1
stack/erp5/buildout.hash.cfg
stack/erp5/buildout.hash.cfg
+3
-3
stack/erp5/instance-erp5.cfg.in
stack/erp5/instance-erp5.cfg.in
+6
-5
stack/erp5/instance-zope.cfg.in
stack/erp5/instance-zope.cfg.in
+1
-1
stack/erp5/instance.cfg.in
stack/erp5/instance.cfg.in
+0
-2
stack/monitor/buildout.hash.cfg
stack/monitor/buildout.hash.cfg
+1
-1
stack/monitor/instance-monitor.cfg.jinja2.in
stack/monitor/instance-monitor.cfg.jinja2.in
+2
-8
stack/slapos.cfg
stack/slapos.cfg
+3
-1
No files found.
component/apache/buildout.cfg
View file @
c80ffdef
...
@@ -44,9 +44,9 @@ environment =
...
@@ -44,9 +44,9 @@ environment =
[apache]
[apache]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
version = 2.4.5
7
version = 2.4.5
8
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = 3
4575e92f91fb625f3842d6ca382caa5
md5sum = 3
0377ec4d7fb8361e1d1f2ab3158b467
configure-options = --disable-static
configure-options = --disable-static
--enable-authn-alias
--enable-authn-alias
--enable-bucketeer
--enable-bucketeer
...
...
component/rust/buildout.cfg
View file @
c80ffdef
...
@@ -9,8 +9,8 @@ parts = rustc
...
@@ -9,8 +9,8 @@ parts = rustc
[rustc]
[rustc]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
url = https://static.rust-lang.org/dist/rustc-1.
64
.0-src.tar.gz
url = https://static.rust-lang.org/dist/rustc-1.
75
.0-src.tar.gz
md5sum =
948ecb62b82ed3543f03ebf598501796
md5sum =
6420f7d4e0eb3f4f4963a2e2afdb301b
# --sysconfdir is a workaround for https://github.com/rust-lang/rust/issues/63915
# --sysconfdir is a workaround for https://github.com/rust-lang/rust/issues/63915
configure-options =
configure-options =
--enable-extended
--enable-extended
...
...
software/dufs/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,4 +15,4 @@
...
@@ -15,4 +15,4 @@
[instance.cfg.in]
[instance.cfg.in]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
6edf5c64bf25dfd2e6e8a4e74c9b9812
md5sum =
f7a283e3288d3a9ddfd5de7e9b309273
software/dufs/instance.cfg.in
View file @
c80ffdef
...
@@ -155,9 +155,10 @@ command-line =
...
@@ -155,9 +155,10 @@ command-line =
--enable-cors
--enable-cors
--bind ${:ip}
--bind ${:ip}
--port ${:port}
--port ${:port}
--render-try-index
--allow-all
--allow-all
--auth-method basic
--auth-method basic
--auth ${admin-password:user}:${admin-password:passwd}@/:rw
--auth ${admin-password:user}:${admin-password:passwd
-sha512-crypt
}@/:rw
--auth @/pub
--auth @/pub
--tls-cert ${dufs-certificate:cert-file}
--tls-cert ${dufs-certificate:cert-file}
--tls-key ${dufs-certificate:key-file}
--tls-key ${dufs-certificate:key-file}
...
@@ -210,7 +211,7 @@ init =
...
@@ -210,7 +211,7 @@ init =
frontend_url = urlparse(self.options['frontend-url'])
frontend_url = urlparse(self.options['frontend-url'])
admin_user = self.options['admin-user']
admin_user = self.options['admin-user']
admin_password = self.options['admin-password']
admin_password = self.options['admin-password']
self.options['public-url'] = frontend_url._replace(path='/pub').geturl()
self.options['public-url'] = frontend_url._replace(path='/pub
/
').geturl()
assert not frontend_url.username
assert not frontend_url.username
self.options['upload-url'] = frontend_url._replace(
self.options['upload-url'] = frontend_url._replace(
netloc=f'{admin_user}:{admin_password}@{frontend_url.netloc}').geturl()
netloc=f'{admin_user}:{admin_password}@{frontend_url.netloc}').geturl()
...
...
software/dufs/software.cfg
View file @
c80ffdef
...
@@ -13,8 +13,8 @@ parts =
...
@@ -13,8 +13,8 @@ parts =
[dufs]
[dufs]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.3
4.1
.tar.gz
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.3
9.0
.tar.gz
md5sum =
77cbb2523aca8dad90fd77ee0277704f
md5sum =
e0fca35530c043c5dff7fcbe415ed35d
configure-command = :
configure-command = :
make-binary = cargo install --root=%(location)s --path . --locked
make-binary = cargo install --root=%(location)s --path . --locked
make-targets =
make-targets =
...
...
software/dufs/test/test.py
View file @
c80ffdef
...
@@ -91,6 +91,26 @@ class TestFileServer(SlapOSInstanceTestCase):
...
@@ -91,6 +91,26 @@ class TestFileServer(SlapOSInstanceTestCase):
self
.
assertNotIn
(
'secret'
,
resp
.
text
)
self
.
assertNotIn
(
'secret'
,
resp
.
text
)
self
.
assertEqual
(
resp
.
status_code
,
requests
.
codes
.
ok
)
self
.
assertEqual
(
resp
.
status_code
,
requests
.
codes
.
ok
)
def
test_index
(
self
):
pub
=
pathlib
.
Path
(
self
.
computer_partition_root_path
)
/
'srv'
/
'www'
/
'pub'
(
pub
/
'with-index'
).
mkdir
()
(
pub
/
'with-index'
/
'index.html'
).
write_text
(
'<html>Hello !</html>'
)
self
.
assertEqual
(
requests
.
get
(
urllib
.
parse
.
urljoin
(
self
.
connection_parameters
[
'public-url'
],
'with-index/'
),
verify
=
self
.
ca_cert
,
).
text
,
'<html>Hello !</html>'
)
(
pub
/
'without-index'
).
mkdir
()
(
pub
/
'without-index'
/
'file.txt'
).
write_text
(
'Hello !'
)
self
.
assertIn
(
'file.txt'
,
requests
.
get
(
urllib
.
parse
.
urljoin
(
self
.
connection_parameters
[
'public-url'
],
'without-index/'
),
verify
=
self
.
ca_cert
,
).
text
)
def
test_upload_file_refused_without_auth
(
self
):
def
test_upload_file_refused_without_auth
(
self
):
parsed_upload_url
=
urllib
.
parse
.
urlparse
(
self
.
connection_parameters
[
'upload-url'
])
parsed_upload_url
=
urllib
.
parse
.
urlparse
(
self
.
connection_parameters
[
'upload-url'
])
# upload-url has username:password, remove it
# upload-url has username:password, remove it
...
...
software/erp5/test/test/test_erp5.py
View file @
c80ffdef
...
@@ -32,6 +32,7 @@ import glob
...
@@ -32,6 +32,7 @@ import glob
import
http.client
import
http.client
import
json
import
json
import
os
import
os
import
pathlib
import
resource
import
resource
import
shutil
import
shutil
import
socket
import
socket
...
@@ -1100,6 +1101,22 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
...
@@ -1100,6 +1101,22 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
'log'
,
'log'
,
f
))
f
))
class
TestPassword
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
__partition_reference__
=
'p'
def
test_no_plain_text_password_in_files
(
self
):
inituser_password
=
self
.
getRootPartitionConnectionParameterDict
()[
'inituser-password'
].
encode
()
self
.
assertFalse
(
[
f
for
f
in
pathlib
.
Path
(
self
.
slap
.
_instance_root
).
glob
(
'**/*'
)
if
f
.
is_file
()
and
inituser_password
in
f
.
read_bytes
()])
# the hashed password is present in some files
inituser_password_hashed
=
self
.
getRootPartitionConnectionParameterDict
()[
'inituser-password-hashed'
].
encode
()
self
.
assertTrue
(
[
f
for
f
in
pathlib
.
Path
(
self
.
slap
.
_instance_root
).
glob
(
'**/*'
)
if
f
.
is_file
()
and
inituser_password_hashed
in
f
.
read_bytes
()])
class
TestWithMaxRlimitNofileParameter
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestWithMaxRlimitNofileParameter
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test setting the with-max-rlimit-nofile parameter sets the open fd soft limit to the hard limit.
"""Test setting the with-max-rlimit-nofile parameter sets the open fd soft limit to the hard limit.
...
...
software/restic-rest-server/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,4 +15,4 @@
...
@@ -15,4 +15,4 @@
[instance.cfg.in]
[instance.cfg.in]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
361991f333119f22c8266dc8bde7bc57
md5sum =
b5c479ebb4cf2fd2f63623af88b95078
software/restic-rest-server/instance.cfg.in
View file @
c80ffdef
...
@@ -147,23 +147,15 @@ recipe = slapos.cookbook:generate.password
...
@@ -147,23 +147,15 @@ recipe = slapos.cookbook:generate.password
user = backup
user = backup
[rest-server-htpassword]
[rest-server-htpassword]
recipe = plone.recipe.command
recipe = slapos.recipe.template
command =
inline =
if [ ! -f '${:htpassword}' ] ; then
${rest-server-password:user}:${rest-server-password:passwd-bcrypt}
{{ htpasswd_bin }} \
output = ${directory:rest-server-data-dir}/.htpasswd
-b \
-B \
-c ${:htpassword} \
${rest-server-password:user} \
${rest-server-password:passwd}
fi
htpassword = ${directory:rest-server-data-dir}/.htpasswd
stop-on-error = true
[rest-server]
[rest-server]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line =
command-line =
{{ gowork_bin }}/rest-server
\
{{ gowork_bin }}/rest-server
--listen [${:ip}]:${:port}
--listen [${:ip}]:${:port}
--log ${directory:var-log}/${:_buildout_section_name_}-access.log
--log ${directory:var-log}/${:_buildout_section_name_}-access.log
--path ${directory:rest-server-data-dir}
--path ${directory:rest-server-data-dir}
...
...
software/restic-rest-server/software.cfg
View file @
c80ffdef
...
@@ -25,7 +25,7 @@ install +=
...
@@ -25,7 +25,7 @@ install +=
<= go-git-package
<= go-git-package
go.importpath = github.com/restic/rest-server
go.importpath = github.com/restic/rest-server
repository = https://github.com/restic/rest-server
repository = https://github.com/restic/rest-server
revision = v0.1
0.0-0-g9313f19
revision = v0.1
2.1-0-g4231ef6
[instance.cfg.in]
[instance.cfg.in]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -35,7 +35,6 @@ context =
...
@@ -35,7 +35,6 @@ context =
section buildout buildout
section buildout buildout
key gowork_bin gowork:bin
key gowork_bin gowork:bin
raw openssl_bin ${openssl:location}/bin/openssl
raw openssl_bin ${openssl:location}/bin/openssl
raw htpasswd_bin ${apache:location}/bin/htpasswd
raw dash_bin ${dash:location}/bin/dash
raw dash_bin ${dash:location}/bin/dash
raw curl_bin ${curl:location}/bin/curl
raw curl_bin ${curl:location}/bin/curl
key template_monitor monitor2-template:output
key template_monitor monitor2-template:output
...
...
software/seleniumserver/buildout.hash.cfg
View file @
c80ffdef
...
@@ -19,4 +19,4 @@ md5sum = 10e19df182c692b71ea552da183a0bcf
...
@@ -19,4 +19,4 @@ md5sum = 10e19df182c692b71ea552da183a0bcf
[template-selenium]
[template-selenium]
filename = instance-selenium.cfg.in
filename = instance-selenium.cfg.in
md5sum = 5a7abfff9f9d7898620f8c7fc1e6f488
md5sum = 7239845e758b2d10299699e061b0fc75
\ No newline at end of file
\ No newline at end of file
software/seleniumserver/instance-selenium.cfg.in
View file @
c80ffdef
...
@@ -170,14 +170,14 @@ content =
...
@@ -170,14 +170,14 @@ content =
use_backend admin if { path_beg $${selenium-server-frontend-configuration:path-admin} }
use_backend admin if { path_beg $${selenium-server-frontend-configuration:path-admin} }
userlist hub
userlist hub
user $${selenium-server-selenium-password:username}
insecure-password $${selenium-server-selenium-password:passwd
}
user $${selenium-server-selenium-password:username}
password $${selenium-server-selenium-password:passwd-sha256-crypt
}
backend hub
backend hub
acl auth_ok http_auth(hub)
acl auth_ok http_auth(hub)
http-request auth realm "Selenium Server" unless auth_ok
http-request auth realm "Selenium Server" unless auth_ok
server hub $${selenium-server-hub-instance:hostname}:$${selenium-server-hub-instance:port}
server hub $${selenium-server-hub-instance:hostname}:$${selenium-server-hub-instance:port}
userlist admin
userlist admin
user $${selenium-server-admin-password:username}
insecure-password $${selenium-server-admin-password:passwd
}
user $${selenium-server-admin-password:username}
password $${selenium-server-admin-password:passwd-sha256-crypt
}
backend admin
backend admin
acl auth_ok http_auth(admin)
acl auth_ok http_auth(admin)
http-request auth realm "Grid Admin" unless auth_ok
http-request auth realm "Grid Admin" unless auth_ok
...
...
software/slapos-master/buildout.hash.cfg
View file @
c80ffdef
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template-erp5]
[template-erp5]
filename = instance-erp5.cfg.in
filename = instance-erp5.cfg.in
md5sum =
1fbfca2d64a9824054f7a3281e71efdc
md5sum =
ba46a66da1c834df14a80a20b21e4a96
[template-balancer]
[template-balancer]
filename = instance-balancer.cfg.in
filename = instance-balancer.cfg.in
...
...
software/slapos-master/instance-erp5.cfg.in
View file @
c80ffdef
...
@@ -247,7 +247,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
...
@@ -247,7 +247,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-password
= ${publish-early:inituser-passwor
d}
config-inituser-password
-hashed = ${publish-early:inituser-password-hashe
d}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
recipe = slapos.cookbook:publish-early
recipe = slapos.cookbook:publish-early
-init =
-init =
inituser-password gen-password:passwd
inituser-password gen-password:passwd
inituser-password-hashed gen-password:passwd-ldap-salted-sha1
deadlock-debugger-password gen-deadlock-debugger-password:passwd
deadlock-debugger-password gen-deadlock-debugger-password:passwd
{%- if has_posftix %}
{%- if has_posftix %}
smtpd-sasl-password gen-smtpd-sasl-password:passwd
smtpd-sasl-password gen-smtpd-sasl-password:passwd
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
neo-cluster = {{ dumps(neo[0]) }}
neo-cluster = {{ dumps(neo[0]) }}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
inituser-password = {{ dumps(inituser_password) }}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
...
@@ -552,6 +549,10 @@ recipe =
...
@@ -552,6 +549,10 @@ recipe =
[gen-password]
[gen-password]
recipe = slapos.cookbook:generate.password
recipe = slapos.cookbook:generate.password
storage-path =
storage-path =
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
passwd = {{ dumps(inituser_password) }}
{%- endif %}
[gen-deadlock-debugger-password]
[gen-deadlock-debugger-password]
<= gen-password
<= gen-password
...
...
software/theia/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,7 +15,7 @@
...
@@ -15,7 +15,7 @@
[instance-theia]
[instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in
_update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum =
43b3435b3bc08db42335c03b5b8fe46
5
md5sum =
07b222d8c29d446fc0957e4e3770658
5
[instance]
[instance]
_update_hash_filename_ = instance.cfg.in
_update_hash_filename_ = instance.cfg.in
...
...
software/theia/instance-theia.cfg.jinja.in
View file @
c80ffdef
...
@@ -255,7 +255,7 @@ context =
...
@@ -255,7 +255,7 @@ context =
key content :content
key content :content
content =
content =
userlist basic-auth-list
userlist basic-auth-list
user $${frontend-instance-password:username}
insecure-password $${frontend-instance-password:passwd
}
user $${frontend-instance-password:username}
password $${frontend-instance-password:passwd-sha256-crypt
}
frontend app
frontend app
log global
log global
...
...
stack/erp5/buildout.hash.cfg
View file @
c80ffdef
...
@@ -70,11 +70,11 @@ md5sum = b95084ae9eed95a68eada45e28ef0c04
...
@@ -70,11 +70,11 @@ md5sum = b95084ae9eed95a68eada45e28ef0c04
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum = 5
5232eae0bcdb68a7cb2598d2ba9d60c
md5sum = 5
e0e9565227fe190c420a7bbcd0f7b93
[template-erp5]
[template-erp5]
filename = instance-erp5.cfg.in
filename = instance-erp5.cfg.in
md5sum =
359bab24aec7772adb5d822c1389b1bd
md5sum =
2b91528d3a77a64714e4295a84c1d71b
[template-zeo]
[template-zeo]
filename = instance-zeo.cfg.in
filename = instance-zeo.cfg.in
...
@@ -86,7 +86,7 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
...
@@ -86,7 +86,7 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
[template-zope]
[template-zope]
filename = instance-zope.cfg.in
filename = instance-zope.cfg.in
md5sum =
2439b90d6f707f47050fc9074fa4d810
md5sum =
41709f47e5a9051ca4a9c943859f589b
[template-balancer]
[template-balancer]
filename = instance-balancer.cfg.in
filename = instance-balancer.cfg.in
...
...
stack/erp5/instance-erp5.cfg.in
View file @
c80ffdef
...
@@ -254,7 +254,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
...
@@ -254,7 +254,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-password
= ${publish-early:inituser-passwor
d}
config-inituser-password
-hashed = ${publish-early:inituser-password-hashe
d}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ next(iter(zope_address_list_id_dict)) ~ ':connection-host
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ next(iter(zope_address_list_id_dict)) ~ ':connection-host
recipe = slapos.cookbook:publish-early
recipe = slapos.cookbook:publish-early
-init =
-init =
inituser-password gen-password:passwd
inituser-password gen-password:passwd
inituser-password-hashed gen-password:passwd-ldap-salted-sha1
deadlock-debugger-password gen-deadlock-debugger-password:passwd
deadlock-debugger-password gen-deadlock-debugger-password:passwd
{%- if has_posftix %}
{%- if has_posftix %}
smtpd-sasl-password gen-smtpd-sasl-password:passwd
smtpd-sasl-password gen-smtpd-sasl-password:passwd
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
neo-cluster = {{ dumps(neo[0]) }}
neo-cluster = {{ dumps(neo[0]) }}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
inituser-password = {{ dumps(inituser_password) }}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
...
@@ -552,6 +549,10 @@ recipe =
...
@@ -552,6 +549,10 @@ recipe =
[gen-password]
[gen-password]
recipe = slapos.cookbook:generate.password
recipe = slapos.cookbook:generate.password
storage-path =
storage-path =
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
passwd = {{ dumps(inituser_password) }}
{%- endif %}
[gen-deadlock-debugger-password]
[gen-deadlock-debugger-password]
<= gen-password
<= gen-password
...
...
stack/erp5/instance-zope.cfg.in
View file @
c80ffdef
...
@@ -252,7 +252,7 @@ file-list = {{ parameter_dict['site-zcml'] }}
...
@@ -252,7 +252,7 @@ file-list = {{ parameter_dict['site-zcml'] }}
[{{ section('zope-inituser') }}]
[{{ section('zope-inituser') }}]
< = jinja2-template-base
< = jinja2-template-base
output = ${directory:instance}/inituser
output = ${directory:instance}/inituser
inline = {{ slapparameter_dict['inituser-login'] }}:{
SHA}{{ base64.b64encode(hashlib.sha1(slapparameter_dict['inituser-password'].encode('utf-8')).digest())
}}
inline = {{ slapparameter_dict['inituser-login'] }}:{
{ slapparameter_dict['inituser-password-hashed']
}}
once = ${:output}_done
once = ${:output}_done
[zope-conf-parameter-base]
[zope-conf-parameter-base]
...
...
stack/erp5/instance.cfg.in
View file @
c80ffdef
...
@@ -143,9 +143,7 @@ extra-context =
...
@@ -143,9 +143,7 @@ extra-context =
key buildout_directory buildout:directory
key buildout_directory buildout:directory
key root_common context:root-common
key root_common context:root-common
section parameter_dict dynamic-template-zope-parameters
section parameter_dict dynamic-template-zope-parameters
import base64 base64
import urllib_parse six.moves.urllib.parse
import urllib_parse six.moves.urllib.parse
import hashlib hashlib
import itertools itertools
import itertools itertools
import json json
import json json
import-list =
import-list =
...
...
stack/monitor/buildout.hash.cfg
View file @
c80ffdef
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[monitor2-template]
[monitor2-template]
filename = instance-monitor.cfg.jinja2.in
filename = instance-monitor.cfg.jinja2.in
md5sum =
3850140a4e61349cc64fa924ce410803
md5sum =
24c7f5527d994e231b4c2bf9fecb68a6
[monitor-httpd-conf]
[monitor-httpd-conf]
_update_hash_filename_ = templates/monitor-httpd.conf.in
_update_hash_filename_ = templates/monitor-httpd.conf.in
...
...
stack/monitor/instance-monitor.cfg.jinja2.in
View file @
c80ffdef
...
@@ -112,7 +112,6 @@ parameter-list =
...
@@ -112,7 +112,6 @@ parameter-list =
htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
${monitor-instance-parameter:instance-configuration}
${monitor-instance-parameter:instance-configuration}
# htpasswd entry: htpasswd key password-file username htpasswd-file
promise-output-file = ${directory:monitor}/monitor-bootstrap-status
promise-output-file = ${directory:monitor}/monitor-bootstrap-status
...
@@ -157,14 +156,11 @@ storage-path = ${directory:etc}/.monitor_pwd
...
@@ -157,14 +156,11 @@ storage-path = ${directory:etc}/.monitor_pwd
[httpd-monitor-htpasswd]
[httpd-monitor-htpasswd]
recipe = plone.recipe.command
recipe = plone.recipe.command
stop-on-error = true
stop-on-error = true
password-file = ${
directory:etc}/.monitor_pw
d
password-file = ${
monitor-directory:etc}/.monitor-passwor
d
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
command =
command =
echo "${monitor-instance-parameter:password}" >${:password-file}
echo "${monitor-instance-parameter:password}" >${:password-file}
[ -s "${:htpasswd-path}" ] ||
{{ apache_location }}/bin/htpasswd -cib ${:htpasswd-path} "${monitor-instance-parameter:username}" "${monitor-instance-parameter:password}"
{{ apache_location }}/bin/htpasswd -ci ${:htpasswd-path} "${monitor-instance-parameter:username}" <${:password-file}
update-command =
[ -s "${:password-file}" ] || ${:command}
[monitor-symlink]
[monitor-symlink]
recipe = cns.recipe.symlink
recipe = cns.recipe.symlink
...
@@ -343,8 +339,6 @@ collector-db = /srv/slapgrid/var/data-log/collector.db
...
@@ -343,8 +339,6 @@ collector-db = /srv/slapgrid/var/data-log/collector.db
# Credentials
# Credentials
password = ${monitor-htpasswd:passwd}
password = ${monitor-htpasswd:passwd}
username = admin
username = admin
# XXX: type key value
# ex raw monitor-password resqdsdsd34
instance-configuration =
instance-configuration =
configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
...
...
stack/slapos.cfg
View file @
c80ffdef
...
@@ -20,6 +20,7 @@ allow-picked-versions = false
...
@@ -20,6 +20,7 @@ allow-picked-versions = false
# Use shacache and lxml
# Use shacache and lxml
extends =
extends =
../component/defaults.cfg
../component/defaults.cfg
../component/bcrypt/buildout.cfg
../component/git/buildout.cfg
../component/git/buildout.cfg
../component/lxml-python/buildout.cfg
../component/lxml-python/buildout.cfg
../component/python-backports-lzma/buildout.cfg
../component/python-backports-lzma/buildout.cfg
...
@@ -102,6 +103,7 @@ eggs =
...
@@ -102,6 +103,7 @@ eggs =
${python-PyYAML:egg}
${python-PyYAML:egg}
${python-cryptography:egg}
${python-cryptography:egg}
${pyrsistent:egg}
${pyrsistent:egg}
${bcrypt:egg}
# slapos.toolbox containing utilities
# slapos.toolbox containing utilities
[slapos-toolbox]
[slapos-toolbox]
...
@@ -302,7 +304,7 @@ sgmllib3k = 1.0.0
...
@@ -302,7 +304,7 @@ sgmllib3k = 1.0.0
simplegeneric = 0.8.1
simplegeneric = 0.8.1
singledispatch = 3.4.0.3
singledispatch = 3.4.0.3
six = 1.16.0
six = 1.16.0
slapos.cookbook = 1.0.3
29
slapos.cookbook = 1.0.3
51
slapos.core = 1.11.0
slapos.core = 1.11.0
slapos.extension.shared = 1.0
slapos.extension.shared = 1.0
slapos.libnetworkcache = 0.25
slapos.libnetworkcache = 0.25
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment