Commit 25727e97 authored by Marco Mariani's avatar Marco Mariani

abilian/redis recipe: separate options for masterauth and requirepass

the one we want to use is 'requirepass'
parent 12a09f19
......@@ -33,17 +33,30 @@ class Recipe(GenericBaseRecipe):
def install(self):
path_list = []
# XXX use_passwd and passwd should be deprecated, they have confusing names.
if not self.optionIsTrue('use_passwd', False):
master_passwd = "# masterauth <master-password>"
masterauth = "# masterauth <master-password>"
else:
master_passwd = "masterauth %s" % self.options['passwd']
masterauth = "masterauth %s" % self.options['passwd']
if self.options.get('masterauth'):
masterauth = "masterauth %s" % self.options['masterauth']
else:
masterauth = "# masterauth <master-password>"
if self.options.get('requirepass'):
requirepass = "requirepass %s" % self.options['requirepass']
else:
requirepass = "# requirepass foobared"
config_file = self.options['config_file'].strip()
configuration = dict(pid_file=self.options['pid_file'],
port=self.options['port'],
ipv6=self.options['ipv6'],
server_dir=self.options['server_dir'],
log_file=self.options['log_file'],
master_passwd=master_passwd
masterauth=masterauth,
requirepass=requirepass
)
config = self.createFile(config_file,
......@@ -63,7 +76,11 @@ class Recipe(GenericBaseRecipe):
promise = self.createPythonScript(
promise_script,
'%s.promise.main' % __name__,
dict(host=self.options['ipv6'], port=self.options['port'])
{
'host': self.options['ipv6'],
'port': self.options['port'],
'requirepass_file': self.options.get('promise_requirepass_file')
}
)
path_list.append(promise)
......
......@@ -7,12 +7,17 @@ import sys
def main(args):
host = args['host']
port = int(args['port'])
password = None
try:
pool = redis.ConnectionPool(host=host, port=port, db=0)
# use a passfile, we don't store it cleartext on the recipe
if 'requirepass_file' in args:
with open(args['requirepass_file']) as fin:
password = fin.read()
pool = redis.ConnectionPool(host=host, port=port, db=0, password=password)
r = redis.Redis(connection_pool=pool)
r.publish("Promise-Service","SlapOS Promise")
r.publish('Promise-Service', 'SlapOS Promise')
pool.disconnect()
sys.exit(0)
except Exception, e:
except Exception as e:
print str(e)
sys.exit(1)
......@@ -153,7 +153,7 @@ dir %(server_dir)s
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
%(master_passwd)s
%(masterauth)s
# When a slave lost the connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
......@@ -212,7 +212,7 @@ slave-read-only yes
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
%(requirepass)s
# Command renaming.
#
......
......@@ -5,32 +5,29 @@ parts =
redis
[redis-passwd]
[redis-requirepass]
recipe = slapos.cookbook:generate.password
storage-path = $${directories:etc}/redis_passwd
storage-path = $${directories:etc}/redis_requirepass
bytes = 16
[redis]
recipe = slapos.cookbook:redis.server
server_bin = ${redis:location}/bin/redis-server
ipv6 = $${instance-parameters:ipv6-random}
port = 6379
use_passwd = $${slap-parameter:use_passwd}
pid_file = $${directories:run}/redis.pid
server_dir = $${directories:srv}
passwd = $${redis-passwd:passwd}
requirepass = $${redis-requirepass:passwd}
config_file = $${directories:etc}/redis.conf
log_file = $${directories:log}/redis.log
wrapper = $${directories:services}/redis_server
promise_wrapper = $${directories:promises}/redis
promise_requirepass_file = $${redis-requirepass:storage-path}
## Send informations to SlapOS Master
#[publish-redis-connection-parameters]
#recipe = slapos.cookbook:publish
#redis_ip = $${redis:ipv6}
#redis_port = $${redis:port}
#redis_passwd = $${redis:passwd}
#redis_uses_password = $${redis:use_passwd}
[slap-parameter]
use_passwd = false
......@@ -43,8 +43,8 @@ cert = $${slap-connection:cert-file}
recipe = slapos.cookbook:jsondump
json-output = $${buildout:directory}/abilian-config-extra.json
UNOCONV_LOCATION = ${unoconv-repository:location}/unoconv
BROKER_URL = redis://[$${redis:ipv6}]:$${redis:port}/2
CELERY_RESULT_BACKEND = redis://[$${redis:ipv6}]:$${redis:port}/2
BROKER_URL = redis://:$${redis-requirepass:passwd}@[$${redis:ipv6}]:$${redis:port}/2
CELERY_RESULT_BACKEND = redis://:$${redis-requirepass:passwd}@[$${redis:ipv6}]:$${redis:port}/2
SECRET_KEY = $${csrf-secret-key:passwd}
......
......@@ -213,13 +213,6 @@ configure-command =
-Dusethreads
# TODO must set UNO_PATH={libreoffice-bin:location}/program to run 'unoconv'
#----------------
#-- Instance-level buildout profiles.
......@@ -227,7 +220,7 @@ configure-command =
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = e152c7bd8eef50a4e6c3f01ed0c2af31
md5sum = e6147118f7d297ad9cefe9d81f96da64
mode = 0644
[instance-postgres]
......@@ -241,7 +234,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-redis.cfg.in
output = ${buildout:directory}/instance-redis.cfg
md5sum = ccb186134bca3ff626b489bacccae610
md5sum = cb8dfefa0776de51449ada06c16c38b9
mode = 0644
[instance-extranet]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment