From 3d11fd3ed8b92ecce756a1e9f3dc9c9a52a40f22 Mon Sep 17 00:00:00 2001 From: Marco Mariani <marco.mariani@nexedi.com> Date: Wed, 9 Jan 2013 12:49:14 +0100 Subject: [PATCH] configure a single postgres superuser; comments --- slapos/recipe/postgres/__init__.py | 9 +++++---- software/postgres/instance.cfg.in | 19 +++++++++++-------- software/postgres/software.cfg | 2 +- stack/lapp/buildout.cfg | 2 +- stack/lapp/postgres/instance-postgres.cfg.in | 5 ++++- 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/slapos/recipe/postgres/__init__.py b/slapos/recipe/postgres/__init__.py index c8494d4af..dceed6fa3 100644 --- a/slapos/recipe/postgres/__init__.py +++ b/slapos/recipe/postgres/__init__.py @@ -84,8 +84,7 @@ class Recipe(GenericBaseRecipe): A Postgres cluster is "a collection of databases that is managed by a single instance of a running database server". - Here we create an empty cluster. The authentication for this - command is through the unix socket. + Here we create an empty cluster. """ initdb_binary = os.path.join(self.options['bin'], 'initdb') self.check_exists(initdb_binary) @@ -97,6 +96,7 @@ class Recipe(GenericBaseRecipe): '-D', pgdata, '-A', 'ident', '-E', 'UTF8', + '-U', self.options['user'], ]) except subprocess.CalledProcessError: raise UserError('Could not create cluster directory in %s' % pgdata) @@ -155,7 +155,8 @@ class Recipe(GenericBaseRecipe): def createSuperuser(self): """\ - Creates a Postgres superuser - other than "slapuser#" for use by the application. + Set a password for the Postgres superuser. + The application will also use this for its connections. """ # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html @@ -166,7 +167,7 @@ class Recipe(GenericBaseRecipe): # encrypt the password to avoid storing in the logs enc_password = 'md5' + md5.md5(password+user).hexdigest() - self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password)) + self.runPostgresCommand(cmd="""ALTER USER "%s" ENCRYPTED PASSWORD '%s'""" % (user, enc_password)) def runPostgresCommand(self, cmd): diff --git a/software/postgres/instance.cfg.in b/software/postgres/instance.cfg.in index 3d174e076..dbed2051f 100644 --- a/software/postgres/instance.cfg.in +++ b/software/postgres/instance.cfg.in @@ -22,12 +22,6 @@ promises = $${directories:etc}/promise var = $${buildout:directory}/var -[symlinks] -recipe = cns.recipe.symlink -symlink_target = $${directories:bin} -symlink_base = ${postgresql:location}/bin - - #---------------- #-- #-- Creates a Postgres cluster, configuration files, and a database. @@ -39,7 +33,7 @@ recipe = slapos.cookbook:postgres ipv6 = $${instance-parameters:ipv6} ipv4 = $${instance-parameters:ipv4} ipv6_random = $${instance-parameters:ipv6_random} -user = user +user = postgres port = 5432 dbname = db # pgdata_directory is created by initdb, and should not exist beforehand. @@ -48,6 +42,16 @@ bin = $${directories:bin} services = $${directories:services} +#---------------- +#-- +#-- Creates symlinks from the instance to the software release. + +[symlinks] +recipe = cns.recipe.symlink +symlink_target = $${directories:bin} +symlink_base = ${postgresql:location}/bin + + #---------------- #-- #-- Deploy promise scripts. @@ -73,7 +77,6 @@ url = $${postgres-instance:url} #-- Fetches parameters defined in SlapOS Master for this instance [instance-parameters] -# Fetches parameters defined in SlapOS Master for this instance recipe = slapos.cookbook:slapconfiguration computer = $${slap-connection:computer-id} partition = $${slap-connection:partition-id} diff --git a/software/postgres/software.cfg b/software/postgres/software.cfg index f69ddb308..8cfabcfba 100644 --- a/software/postgres/software.cfg +++ b/software/postgres/software.cfg @@ -18,7 +18,7 @@ parts = recipe = slapos.recipe.template url = ${:_profile_base_location_}/instance.cfg.in output = ${buildout:directory}/instance.cfg -md5sum = 0a500f601bd3c2d5f1cd7ca24bb9d6f3 +md5sum = b7175c4b086b3d0bfa57a4f132679664 mode = 0644 diff --git a/stack/lapp/buildout.cfg b/stack/lapp/buildout.cfg index 03da710ed..dd8415877 100644 --- a/stack/lapp/buildout.cfg +++ b/stack/lapp/buildout.cfg @@ -87,7 +87,7 @@ mode = 0644 recipe = slapos.recipe.template url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in output = ${buildout:directory}/instance-postgres.cfg -md5sum = 4a339ed20f7579e5558fc53637e441fd +md5sum = df34ba3a6542855dd01908306695af8d mode = 0644 [instance-postgres-import] diff --git a/stack/lapp/postgres/instance-postgres.cfg.in b/stack/lapp/postgres/instance-postgres.cfg.in index 646b751d2..278595515 100644 --- a/stack/lapp/postgres/instance-postgres.cfg.in +++ b/stack/lapp/postgres/instance-postgres.cfg.in @@ -120,10 +120,10 @@ rotate-num = 30 notifempty = true create = true + #---------------- #-- #-- Deploy stunnel. -#-- XXX This is actually not needed with Postgres. [stunnel] recipe = slapos.cookbook:stunnel @@ -165,6 +165,7 @@ certs = $${directory:ca-dir}/certs/ newcerts = $${directory:ca-dir}/newcerts/ crl = $${directory:ca-dir}/crl/ + #---------------- #-- #-- Creates a Postgres cluster, configuration files, and a database. @@ -192,6 +193,7 @@ wrapper = $${basedirectory:services}/stunnel key-file = $${stunnel:key-file} cert-file = $${stunnel:cert-file} + #---------------- #-- #-- Creates symlinks from the instance to the software release. @@ -240,6 +242,7 @@ recipe = slapos.cookbook:publish url = $${postgres-instance:url} ip = $${instance-parameters:ipv6_random} + #---------------- #-- #-- Fetches parameters defined in SlapOS Master for this instance -- 2.30.9