Skip to content

slapos
slapos
Commit ecf8d12f authored by Marco Mariani's avatar Marco Mariani
Browse files
Options

random pw for postgres in standalone SR and lapp stack; accept connections from the world

parent 3992d4ed
Hide whitespace changes
Inline Side-by-side
Showing with 40 additions and 10 deletions
slapos/recipe/generatepassword.py
View file @ ecf8d12f
# vim: set et sts=2:
############################################################################## ##############################################################################
# #
# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved. # Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
...@@ -24,12 +25,13 @@ ...@@ -24,12 +25,13 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# #
############################################################################## ##############################################################################
import random
import os
import binascii import binascii
import os
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
def __init__(self, buildout, name, options): def __init__(self, buildout, name, options):
...@@ -44,7 +46,7 @@ class Recipe(GenericBaseRecipe): ...@@ -44,7 +46,7 @@ class Recipe(GenericBaseRecipe):
return GenericBaseRecipe.__init__(self, buildout, name, options) return GenericBaseRecipe.__init__(self, buildout, name, options)
def install(self): def install(self):
open_file = open(self.options['storage-path'], 'w') with open(self.options['storage-path'], 'w') as fout:
open_file.write(self.options['passwd']) fout.write(self.options['passwd'])
open_file.close()
return [self.options['storage-path']] return [self.options['storage-path']]
slapos/recipe/postgres/__init__.py
View file @ ecf8d12f
...@@ -70,7 +70,6 @@ class Recipe(GenericBaseRecipe): ...@@ -70,7 +70,6 @@ class Recipe(GenericBaseRecipe):
""" """
def _options(self, options): def _options(self, options):
options['password'] = self.generatePassword()
options['url'] = 'postgresql://%(superuser)s:%(password)s@[%(ipv6_random)s]:%(port)s/%(dbname)s' % options options['url'] = 'postgresql://%(superuser)s:%(password)s@[%(ipv6_random)s]:%(port)s/%(dbname)s' % options
......
software/postgres/instance.cfg.in
View file @ ecf8d12f
...@@ -16,6 +16,7 @@ offline = true ...@@ -16,6 +16,7 @@ offline = true
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin bin = $${buildout:directory}/bin
etc = $${buildout:directory}/etc etc = $${buildout:directory}/etc
srv = $${buildout:directory}/srv
services = $${directories:etc}/service services = $${directories:etc}/service
promises = $${directories:etc}/promise promises = $${directories:etc}/promise
var = $${buildout:directory}/var var = $${buildout:directory}/var
...@@ -30,11 +31,14 @@ recipe = slapos.cookbook:postgres ...@@ -30,11 +31,14 @@ recipe = slapos.cookbook:postgres
# Options # Options
ipv6 = $${instance-parameters:ipv6} ipv6 = $${instance-parameters:ipv6}
ipv6_netmask_bits = 128 # listen to connections from anywhere
ipv6_netmask_bits = 0
ipv4 = $${instance-parameters:ipv4} ipv4 = $${instance-parameters:ipv4}
ipv4_netmask_bits = 32 # listen to connections from anywhere
ipv4_netmask_bits = 0
ipv6_random = $${instance-parameters:ipv6_random} ipv6_random = $${instance-parameters:ipv6_random}
superuser = postgres superuser = postgres
password = $${gen-passwd:passwd}
port = 5432 port = 5432
dbname = db dbname = db
# pgdata_directory is created by initdb, and should not exist beforehand. # pgdata_directory is created by initdb, and should not exist beforehand.
...@@ -43,6 +47,16 @@ bin = ${postgresql:location}/bin ...@@ -43,6 +47,16 @@ bin = ${postgresql:location}/bin
services = $${directories:services} services = $${directories:services}
#----------------
#--
#-- Generates a random password and stores it in the filesystem
[gen-passwd]
recipe = slapos.cookbook:generate.password
storage-path = $${directories:srv}/postgres_passwd
bytes = 16
#---------------- #----------------
#-- #--
#-- Deploy promise scripts. #-- Deploy promise scripts.
......
software/postgres/software.cfg
View file @ ecf8d12f
...@@ -17,7 +17,7 @@ parts = ...@@ -17,7 +17,7 @@ parts =
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg output = ${buildout:directory}/instance.cfg
md5sum = 6f0ec52fdd5f602c0f624cd0e9146e8d md5sum = 2c54a291ed61910f69a35a6db414c051
mode = 0644 mode = 0644
......
stack/lapp/buildout.cfg
View file @ ecf8d12f
...@@ -87,7 +87,7 @@ mode = 0644 ...@@ -87,7 +87,7 @@ mode = 0644
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
output = ${buildout:directory}/instance-postgres.cfg output = ${buildout:directory}/instance-postgres.cfg
md5sum = 6e9e587ddb52fb9a3817fda7d77e4cab md5sum = 67c7772b80f82642f0f7d12793698374
mode = 0644 mode = 0644
[instance-postgres-import] [instance-postgres-import]
......
stack/lapp/postgres/instance-postgres.cfg.in
View file @ ecf8d12f
...@@ -173,9 +173,14 @@ crl = $${directory:ca-dir}/crl/ ...@@ -173,9 +173,14 @@ crl = $${directory:ca-dir}/crl/
[postgres-instance] [postgres-instance]
recipe = slapos.cookbook:postgres recipe = slapos.cookbook:postgres
ipv6 = $${instance-parameters:ipv6} ipv6 = $${instance-parameters:ipv6}
# listen to connections from anywhere
ipv6_netmask_bits = 0
ipv4 = $${instance-parameters:ipv4} ipv4 = $${instance-parameters:ipv4}
# listen to connections from anywhere
ipv4_netmask_bits = 0
ipv6_random = $${instance-parameters:ipv6_random} ipv6_random = $${instance-parameters:ipv6_random}
superuser = postgres superuser = postgres
password = $${postgres-passwd:passwd}
port = 5432 port = 5432
dbname = db dbname = db
# pgdata_directory is created by initdb, and should not exist beforehand. # pgdata_directory is created by initdb, and should not exist beforehand.
...@@ -193,6 +198,16 @@ key-file = $${stunnel:key-file} ...@@ -193,6 +198,16 @@ key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file} cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Generates a random password and stores it in the filesystem
[postgres-passwd]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:srv}/postgres_passwd
bytes = 16
#---------------- #----------------
#-- #--
#-- Deploy slapmonitor. #-- Deploy slapmonitor.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7