connect to postgres through stunnel

slapos/recipe/postgres/__init__.py

@@ -49,7 +49,7 @@ class Recipe(GenericBaseRecipe):
     The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe.
     """
 
-    def fetch_host(self, options):
+    def fetch_ipv6_host(self, options):
         """
         Returns a string represtation of ipv6_host.
         May receive a regular string, a set or a string serialized by buildout.
@@ -64,7 +64,7 @@ class Recipe(GenericBaseRecipe):
 
     def _options(self, options):
         options['password'] = self.generatePassword()
-        options['url'] = 'postgresql://%(user)s:%(password)s@[%(host)s]:%(port)s/%(dbname)s' % dict(options, host=self.fetch_host(options))
+        options['url'] = 'postgresql://%(user)s:%(password)s@[%(ipv4_host)s]:%(port)s/%(dbname)s' % options
 
 
     def install(self):
@@ -109,7 +109,7 @@ class Recipe(GenericBaseRecipe):
 
         with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
             cfg.write(textwrap.dedent("""\
-                    listen_addresses = '%s'
+                    listen_addresses = '%s,%s'
                     logging_collector = on
                     log_rotation_size = 50MB
                     max_connections = 100
@@ -124,7 +124,8 @@ class Recipe(GenericBaseRecipe):
                     unix_socket_directory = '%s'
                     unix_socket_permissions = 0700
                     """ % (
-                        self.fetch_host(self.options),
+                        self.options['ipv4_host'],
+                        self.fetch_ipv6_host(self.options),
                         pgdata,
                         )))
 
@@ -138,9 +139,10 @@ class Recipe(GenericBaseRecipe):
                     # "local" is for Unix domain socket connections only (check unix_socket_permissions!)
                     local   all             all                                     ident
                     host    all             all             127.0.0.1/32            md5
+                    host    all             all             %s/32                   md5
                     host    all             all             ::1/128                 md5
                     host    all             all             %s/128                  md5
-                    """ % self.fetch_host(self.options)))
+                    """ % (self.options['ipv4_host'], self.fetch_ipv6_host(self.options))))
 
 
     def createDatabase(self):

software/postgres/instance.cfg.in

@@ -43,6 +43,7 @@ recipe = slapos.cookbook:postgres
 
 # Options
 ipv6_host = $${instance-parameters:ipv6}
+ipv4_host = $${slap-network-information:local-ipv4}
 user = user
 port = 5432
 dbname = db

stack/lapp/buildout.cfg

@@ -85,7 +85,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
 output = ${buildout:directory}/instance-postgres.cfg
-md5sum = 509bd41a73928367c74308968908cdb7
+md5sum = 03247dadc6b665ed3b876ddc8b1830bf
 mode = 0644
 
 [instance-postgres-import]

stack/lapp/postgres/instance-postgres.cfg.in

@@ -132,8 +132,8 @@ config-file = $${directory:stunnel-conf}/stunnel.conf
 key-file = $${directory:stunnel-conf}/stunnel.key
 cert-file = $${directory:stunnel-conf}/stunnel.crt
 pid-file = $${basedirectory:run}/stunnel.pid
-local-host = $${postgres-instance:ip}            # XXX we don't need tunnel
-local-port = $${postgres-instance:port}          # XXX we don't need tunnel
+local-host = $${postgres-instance:ipv4_host}
+local-port = $${postgres-instance:port}
 remote-host = $${slap-network-information:global-ipv6}
 remote-port = 6446
 client = false
@@ -174,7 +174,7 @@ user = postgres
 port = 5432
 dbname = db
 # XXX the next line is required by stunnel, not by us
-ip = $${slap-network-information:local-ipv4}
+ipv4_host = $${slap-network-information:local-ipv4}
 # pgdata_directory is created by initdb, and should not exist beforehand.
 pgdata-directory = $${rootdirectory:var}/data
 backup-directory = $${basedirectory:backup}/postgres