From 3d11fd3ed8b92ecce756a1e9f3dc9c9a52a40f22 Mon Sep 17 00:00:00 2001
From: Marco Mariani <marco.mariani@nexedi.com>
Date: Wed, 9 Jan 2013 12:49:14 +0100
Subject: [PATCH] configure a single postgres superuser; comments

---
 slapos/recipe/postgres/__init__.py           |  9 +++++----
 software/postgres/instance.cfg.in            | 19 +++++++++++--------
 software/postgres/software.cfg               |  2 +-
 stack/lapp/buildout.cfg                      |  2 +-
 stack/lapp/postgres/instance-postgres.cfg.in |  5 ++++-
 5 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/slapos/recipe/postgres/__init__.py b/slapos/recipe/postgres/__init__.py
index c8494d4af..dceed6fa3 100644
--- a/slapos/recipe/postgres/__init__.py
+++ b/slapos/recipe/postgres/__init__.py
@@ -84,8 +84,7 @@ class Recipe(GenericBaseRecipe):
         A Postgres cluster is "a collection of databases that is managed
         by a single instance of a running database server".
 
-        Here we create an empty cluster. The authentication for this
-        command is through the unix socket.
+        Here we create an empty cluster.
         """
         initdb_binary = os.path.join(self.options['bin'], 'initdb')
         self.check_exists(initdb_binary)
@@ -97,6 +96,7 @@ class Recipe(GenericBaseRecipe):
                                    '-D', pgdata,
                                    '-A', 'ident',
                                    '-E', 'UTF8',
+                                   '-U', self.options['user'],
                                    ])
         except subprocess.CalledProcessError:
             raise UserError('Could not create cluster directory in %s' % pgdata)
@@ -155,7 +155,8 @@ class Recipe(GenericBaseRecipe):
 
     def createSuperuser(self):
         """\
-        Creates a Postgres superuser - other than "slapuser#" for use by the application.
+        Set a password for the Postgres superuser.
+        The application will also use this for its connections.
         """
 
         # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
@@ -166,7 +167,7 @@ class Recipe(GenericBaseRecipe):
         # encrypt the password to avoid storing in the logs
         enc_password = 'md5' + md5.md5(password+user).hexdigest()
 
-        self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password))
+        self.runPostgresCommand(cmd="""ALTER USER "%s" ENCRYPTED PASSWORD '%s'""" % (user, enc_password))
 
 
     def runPostgresCommand(self, cmd):
diff --git a/software/postgres/instance.cfg.in b/software/postgres/instance.cfg.in
index 3d174e076..dbed2051f 100644
--- a/software/postgres/instance.cfg.in
+++ b/software/postgres/instance.cfg.in
@@ -22,12 +22,6 @@ promises = $${directories:etc}/promise
 var = $${buildout:directory}/var
 
 
-[symlinks]
-recipe = cns.recipe.symlink
-symlink_target = $${directories:bin}
-symlink_base = ${postgresql:location}/bin
-
-
 #----------------
 #--
 #-- Creates a Postgres cluster, configuration files, and a database.
@@ -39,7 +33,7 @@ recipe = slapos.cookbook:postgres
 ipv6 = $${instance-parameters:ipv6}
 ipv4 = $${instance-parameters:ipv4}
 ipv6_random = $${instance-parameters:ipv6_random}
-user = user
+user = postgres
 port = 5432
 dbname = db
 # pgdata_directory is created by initdb, and should not exist beforehand.
@@ -48,6 +42,16 @@ bin = $${directories:bin}
 services = $${directories:services}
 
 
+#----------------
+#--
+#-- Creates symlinks from the instance to the software release.
+
+[symlinks]
+recipe = cns.recipe.symlink
+symlink_target = $${directories:bin}
+symlink_base = ${postgresql:location}/bin
+
+
 #----------------
 #--
 #-- Deploy promise scripts.
@@ -73,7 +77,6 @@ url = $${postgres-instance:url}
 #-- Fetches parameters defined in SlapOS Master for this instance
 
 [instance-parameters]
-# Fetches parameters defined in SlapOS Master for this instance
 recipe = slapos.cookbook:slapconfiguration
 computer = $${slap-connection:computer-id}
 partition = $${slap-connection:partition-id}
diff --git a/software/postgres/software.cfg b/software/postgres/software.cfg
index f69ddb308..8cfabcfba 100644
--- a/software/postgres/software.cfg
+++ b/software/postgres/software.cfg
@@ -18,7 +18,7 @@ parts =
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
 output = ${buildout:directory}/instance.cfg
-md5sum = 0a500f601bd3c2d5f1cd7ca24bb9d6f3
+md5sum = b7175c4b086b3d0bfa57a4f132679664
 mode = 0644
 
 
diff --git a/stack/lapp/buildout.cfg b/stack/lapp/buildout.cfg
index 03da710ed..dd8415877 100644
--- a/stack/lapp/buildout.cfg
+++ b/stack/lapp/buildout.cfg
@@ -87,7 +87,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
 output = ${buildout:directory}/instance-postgres.cfg
-md5sum = 4a339ed20f7579e5558fc53637e441fd
+md5sum = df34ba3a6542855dd01908306695af8d
 mode = 0644
 
 [instance-postgres-import]
diff --git a/stack/lapp/postgres/instance-postgres.cfg.in b/stack/lapp/postgres/instance-postgres.cfg.in
index 646b751d2..278595515 100644
--- a/stack/lapp/postgres/instance-postgres.cfg.in
+++ b/stack/lapp/postgres/instance-postgres.cfg.in
@@ -120,10 +120,10 @@ rotate-num = 30
 notifempty = true
 create = true
 
+
 #----------------
 #--
 #-- Deploy stunnel.
-#-- XXX This is actually not needed with Postgres.
 
 [stunnel]
 recipe = slapos.cookbook:stunnel
@@ -165,6 +165,7 @@ certs = $${directory:ca-dir}/certs/
 newcerts = $${directory:ca-dir}/newcerts/
 crl = $${directory:ca-dir}/crl/
 
+
 #----------------
 #--
 #-- Creates a Postgres cluster, configuration files, and a database.
@@ -192,6 +193,7 @@ wrapper = $${basedirectory:services}/stunnel
 key-file = $${stunnel:key-file}
 cert-file = $${stunnel:cert-file}
 
+
 #----------------
 #--
 #-- Creates symlinks from the instance to the software release.
@@ -240,6 +242,7 @@ recipe = slapos.cookbook:publish
 url = $${postgres-instance:url}
 ip = $${instance-parameters:ipv6_random}
 
+
 #----------------
 #--
 #-- Fetches parameters defined in SlapOS Master for this instance
-- 
2.30.9