Skip to content

slapos
slapos
Commit 3d11fd3e authored by Marco Mariani's avatar Marco Mariani
Browse files
Options

configure a single postgres superuser; comments

parent d7e912bc
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 15 deletions
slapos/recipe/postgres/__init__.py
View file @ 3d11fd3e
...@@ -84,8 +84,7 @@ class Recipe(GenericBaseRecipe): ...@@ -84,8 +84,7 @@ class Recipe(GenericBaseRecipe):
A Postgres cluster is "a collection of databases that is managed A Postgres cluster is "a collection of databases that is managed
by a single instance of a running database server". by a single instance of a running database server".
Here we create an empty cluster. The authentication for this Here we create an empty cluster.
command is through the unix socket.
""" """
initdb_binary = os.path.join(self.options['bin'], 'initdb') initdb_binary = os.path.join(self.options['bin'], 'initdb')
self.check_exists(initdb_binary) self.check_exists(initdb_binary)
...@@ -97,6 +96,7 @@ class Recipe(GenericBaseRecipe): ...@@ -97,6 +96,7 @@ class Recipe(GenericBaseRecipe):
'-D', pgdata, '-D', pgdata,
'-A', 'ident', '-A', 'ident',
'-E', 'UTF8', '-E', 'UTF8',
'-U', self.options['user'],
]) ])
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
raise UserError('Could not create cluster directory in %s' % pgdata) raise UserError('Could not create cluster directory in %s' % pgdata)
...@@ -155,7 +155,8 @@ class Recipe(GenericBaseRecipe): ...@@ -155,7 +155,8 @@ class Recipe(GenericBaseRecipe):
def createSuperuser(self): def createSuperuser(self):
"""\ """\
Creates a Postgres superuser - other than "slapuser#" for use by the application. Set a password for the Postgres superuser.
The application will also use this for its connections.
""" """
# http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
...@@ -166,7 +167,7 @@ class Recipe(GenericBaseRecipe): ...@@ -166,7 +167,7 @@ class Recipe(GenericBaseRecipe):
# encrypt the password to avoid storing in the logs # encrypt the password to avoid storing in the logs
enc_password = 'md5' + md5.md5(password+user).hexdigest() enc_password = 'md5' + md5.md5(password+user).hexdigest()
self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password)) self.runPostgresCommand(cmd="""ALTER USER "%s" ENCRYPTED PASSWORD '%s'""" % (user, enc_password))
def runPostgresCommand(self, cmd): def runPostgresCommand(self, cmd):
......
software/postgres/instance.cfg.in
View file @ 3d11fd3e
...@@ -22,12 +22,6 @@ promises = $${directories:etc}/promise ...@@ -22,12 +22,6 @@ promises = $${directories:etc}/promise
var = $${buildout:directory}/var var = $${buildout:directory}/var
[symlinks]
recipe = cns.recipe.symlink
symlink_target = $${directories:bin}
symlink_base = ${postgresql:location}/bin
#---------------- #----------------
#-- #--
#-- Creates a Postgres cluster, configuration files, and a database. #-- Creates a Postgres cluster, configuration files, and a database.
...@@ -39,7 +33,7 @@ recipe = slapos.cookbook:postgres ...@@ -39,7 +33,7 @@ recipe = slapos.cookbook:postgres
ipv6 = $${instance-parameters:ipv6} ipv6 = $${instance-parameters:ipv6}
ipv4 = $${instance-parameters:ipv4} ipv4 = $${instance-parameters:ipv4}
ipv6_random = $${instance-parameters:ipv6_random} ipv6_random = $${instance-parameters:ipv6_random}
user = user user = postgres
port = 5432 port = 5432
dbname = db dbname = db
# pgdata_directory is created by initdb, and should not exist beforehand. # pgdata_directory is created by initdb, and should not exist beforehand.
...@@ -48,6 +42,16 @@ bin = $${directories:bin} ...@@ -48,6 +42,16 @@ bin = $${directories:bin}
services = $${directories:services} services = $${directories:services}
#----------------
#--
#-- Creates symlinks from the instance to the software release.
[symlinks]
recipe = cns.recipe.symlink
symlink_target = $${directories:bin}
symlink_base = ${postgresql:location}/bin
#---------------- #----------------
#-- #--
#-- Deploy promise scripts. #-- Deploy promise scripts.
...@@ -73,7 +77,6 @@ url = $${postgres-instance:url} ...@@ -73,7 +77,6 @@ url = $${postgres-instance:url}
#-- Fetches parameters defined in SlapOS Master for this instance #-- Fetches parameters defined in SlapOS Master for this instance
[instance-parameters] [instance-parameters]
# Fetches parameters defined in SlapOS Master for this instance
recipe = slapos.cookbook:slapconfiguration recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id} computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id} partition = $${slap-connection:partition-id}
......
software/postgres/software.cfg
View file @ 3d11fd3e
...@@ -18,7 +18,7 @@ parts = ...@@ -18,7 +18,7 @@ parts =
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg output = ${buildout:directory}/instance.cfg
md5sum = 0a500f601bd3c2d5f1cd7ca24bb9d6f3 md5sum = b7175c4b086b3d0bfa57a4f132679664
mode = 0644 mode = 0644
......
stack/lapp/buildout.cfg
View file @ 3d11fd3e
...@@ -87,7 +87,7 @@ mode = 0644 ...@@ -87,7 +87,7 @@ mode = 0644
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
output = ${buildout:directory}/instance-postgres.cfg output = ${buildout:directory}/instance-postgres.cfg
md5sum = 4a339ed20f7579e5558fc53637e441fd md5sum = df34ba3a6542855dd01908306695af8d
mode = 0644 mode = 0644
[instance-postgres-import] [instance-postgres-import]
......
stack/lapp/postgres/instance-postgres.cfg.in
View file @ 3d11fd3e
...@@ -120,10 +120,10 @@ rotate-num = 30 ...@@ -120,10 +120,10 @@ rotate-num = 30
notifempty = true notifempty = true
create = true create = true
#---------------- #----------------
#-- #--
#-- Deploy stunnel. #-- Deploy stunnel.
#-- XXX This is actually not needed with Postgres.
[stunnel] [stunnel]
recipe = slapos.cookbook:stunnel recipe = slapos.cookbook:stunnel
...@@ -165,6 +165,7 @@ certs = $${directory:ca-dir}/certs/ ...@@ -165,6 +165,7 @@ certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/ newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/ crl = $${directory:ca-dir}/crl/
#---------------- #----------------
#-- #--
#-- Creates a Postgres cluster, configuration files, and a database. #-- Creates a Postgres cluster, configuration files, and a database.
...@@ -192,6 +193,7 @@ wrapper = $${basedirectory:services}/stunnel ...@@ -192,6 +193,7 @@ wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file} key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file} cert-file = $${stunnel:cert-file}
#---------------- #----------------
#-- #--
#-- Creates symlinks from the instance to the software release. #-- Creates symlinks from the instance to the software release.
...@@ -240,6 +242,7 @@ recipe = slapos.cookbook:publish ...@@ -240,6 +242,7 @@ recipe = slapos.cookbook:publish
url = $${postgres-instance:url} url = $${postgres-instance:url}
ip = $${instance-parameters:ipv6_random} ip = $${instance-parameters:ipv6_random}
#---------------- #----------------
#-- #--
#-- Fetches parameters defined in SlapOS Master for this instance #-- Fetches parameters defined in SlapOS Master for this instance
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7