added some docs; fixed pw encryption

slapos/recipe/maarch/configuration.py

@@ -33,6 +33,13 @@ import os
 
 import lxml
 
+
+# TODO: remove the hack below, used to reach psycopg2
+# XXX: When run inside webrunner, Postgres refuses connection.
+# TODO: make the recipe work inside webrunner
+
+
+
 def temporary_hack():
     # XXX TODO provide psycopg to sys.path by other means
     import sys
@@ -53,6 +60,16 @@ def xpath_set(xml, settings):
 
 
 class Recipe(GenericBaseRecipe):
+    """\
+    This recipe configures a maarch instance to be ready to run,
+    without going through the initial wizard:
+
+     - creation of two xml files from the provided defaults
+     - php.ini as required by Maarch
+     - database setup.
+
+     The superuser password will be the same as the Postgres one.
+    """
 
     def install(self):
         apps_config_xml = self.create_apps_config_xml()

slapos/recipe/postgres/__init__.py

@@ -34,7 +34,22 @@ from zc.buildout import UserError
 from slapos.recipe.librecipe import GenericBaseRecipe
 
 
+# TODO: read ipv6 host without calling loads() in createConfig()
+
+
 class Recipe(GenericBaseRecipe):
+    """\
+    This recipe creates:
+
+        - a Postgres cluster
+        - configuration to allow connections from IPV6 only (or unix socket)
+        - a superuser with provided name and generated password
+        - a database with provided name
+        - a foreground start script in the services directory
+
+    then adds the connection URL to the options.
+    The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe.
+    """
 
     def _options(self, options):
         options['password'] = self.generatePassword()
@@ -52,7 +67,7 @@ class Recipe(GenericBaseRecipe):
             self.createRunScript()
 
         return [
-                # XXX what to return here?
+                # XXX should we really return something here?
                 # os.path.join(pgdata, 'postgresql.conf')
                 ]
 
@@ -74,9 +89,10 @@ class Recipe(GenericBaseRecipe):
 
     def createConfig(self):
         from zc.buildout import buildout
-        pgdata = self.options['pgdata-directory']
         host = buildout.loads(self.options['ipv6_host']).pop()      # XXX ugly hack
 
+        pgdata = self.options['pgdata-directory']
+
         with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
             cfg.write(textwrap.dedent("""\
                     listen_addresses = '%s'
@@ -115,14 +131,16 @@ class Recipe(GenericBaseRecipe):
         """
         Creates a Postgres superuser - other than "slapuser#" for use by the application.
         """
-        user = self.options['user']
-        password = 'insecure'
 
-        # XXX should send it encrypted, didn't work
         # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
-        # enc_password = 'md5' + md5.md5(password+user).hexdigest()
 
-        self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password))
+        user = self.options['user']
+        password = self.options['password']
+
+        # encrypt the password to avoid storing in the logs
+        enc_password = 'md5' + md5.md5(password+user).hexdigest()
+
+        self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password))
 
 
     def runPostgresCommand(self, cmd):
@@ -141,7 +159,6 @@ class Recipe(GenericBaseRecipe):
             p = subprocess.Popen([postgres_binary,
                                   '--single',
                                   '-D', pgdata,
-                                  '-d', '1',        # debug level, do not output commands
                                   'postgres',
                                   ], stdin=subprocess.PIPE)
 

stack/lapp/README.txt

+
+LAPP stack
+==========
+
+This fork of the LAMP stack provides:
+
+ - a Postgres instance, with an empty database and a 'postgres' superuser.
+   Log rotation is handled by Postgres itself.
+
+ - symlinks to all the postgres binaries, usable through unix socket
+   with no further authentication, or through ipv6
+
+ - a psycopg2 (postgres driver) egg
+
+ - configuration for a maarch instance (this part should be brought outside the stack)
+