abilian/redis recipe: separate options for masterauth and requirepass

the one we want to use is 'requirepass'

slapos/recipe/redis/__init__.py

@@ -33,17 +33,30 @@ class Recipe(GenericBaseRecipe):
   def install(self):
     path_list = []
 
+    # XXX use_passwd and passwd should be deprecated, they have confusing names.
     if not self.optionIsTrue('use_passwd', False):
-      master_passwd = "# masterauth <master-password>"
+      masterauth = "# masterauth <master-password>"
     else:
-      master_passwd = "masterauth %s" % self.options['passwd']
+      masterauth = "masterauth %s" % self.options['passwd']
+
+    if self.options.get('masterauth'):
+      masterauth = "masterauth %s" % self.options['masterauth']
+    else:
+      masterauth = "# masterauth <master-password>"
+
+    if self.options.get('requirepass'):
+      requirepass = "requirepass %s" % self.options['requirepass']
+    else:
+      requirepass = "# requirepass foobared"
+
     config_file = self.options['config_file'].strip()
     configuration = dict(pid_file=self.options['pid_file'],
                         port=self.options['port'],
                         ipv6=self.options['ipv6'],
                         server_dir=self.options['server_dir'],
                         log_file=self.options['log_file'],
-                        master_passwd=master_passwd
+                        masterauth=masterauth,
+                        requirepass=requirepass
     )
 
     config = self.createFile(config_file,
@@ -63,7 +76,11 @@ class Recipe(GenericBaseRecipe):
       promise = self.createPythonScript(
         promise_script,
         '%s.promise.main' % __name__,
-        dict(host=self.options['ipv6'], port=self.options['port'])
+        {
+          'host': self.options['ipv6'],
+          'port': self.options['port'],
+          'requirepass_file': self.options.get('promise_requirepass_file')
+        }
       )
       path_list.append(promise)
 

slapos/recipe/redis/promise.py

@@ -7,12 +7,17 @@ import sys
 def main(args):
   host = args['host']
   port = int(args['port'])
+  password = None
   try:
-    pool = redis.ConnectionPool(host=host, port=port, db=0)
+    # use a passfile, we don't store it cleartext on the recipe
+    if 'requirepass_file' in args:
+      with open(args['requirepass_file']) as fin:
+        password = fin.read()
+    pool = redis.ConnectionPool(host=host, port=port, db=0, password=password)
     r = redis.Redis(connection_pool=pool)
-    r.publish("Promise-Service","SlapOS Promise")
+    r.publish('Promise-Service', 'SlapOS Promise')
     pool.disconnect()
     sys.exit(0)
-  except Exception, e:
+  except Exception as e:
     print str(e)
-    sys.exit(1)
+    sys.exit(1)
\ No newline at end of file

slapos/recipe/redis/template/redis.conf.in

@@ -153,7 +153,7 @@ dir %(server_dir)s
 # starting the replication synchronization process, otherwise the master will
 # refuse the slave request.
 #
-%(master_passwd)s
+%(masterauth)s
 
 # When a slave lost the connection with the master, or when the replication
 # is still in progress, the slave can act in two different ways:
@@ -212,7 +212,7 @@ slave-read-only yes
 # 150k passwords per second against a good box. This means that you should
 # use a very strong password otherwise it will be very easy to break.
 #
-# requirepass foobared
+%(requirepass)s
 
 # Command renaming.
 #
@@ -544,4 +544,4 @@ client-output-buffer-limit pubsub 32mb 8mb 60
 # other files, so use this wisely.
 #
 # include /path/to/local.conf
-# include /path/to/other.conf
+# include /path/to/other.conf
\ No newline at end of file

software/abilian/extranet_spr/instance-redis.cfg.in

@@ -5,32 +5,29 @@ parts =
   redis
 
 
-[redis-passwd]
+[redis-requirepass]
 recipe = slapos.cookbook:generate.password
-storage-path = $${directories:etc}/redis_passwd
+storage-path = $${directories:etc}/redis_requirepass
 bytes = 16
 
+
 [redis]
 recipe = slapos.cookbook:redis.server
 server_bin = ${redis:location}/bin/redis-server
 ipv6 = $${instance-parameters:ipv6-random}
 port = 6379
-use_passwd = $${slap-parameter:use_passwd}
 pid_file = $${directories:run}/redis.pid
 server_dir = $${directories:srv}
-passwd = $${redis-passwd:passwd}
+requirepass = $${redis-requirepass:passwd}
 config_file = $${directories:etc}/redis.conf
 log_file = $${directories:log}/redis.log
 wrapper = $${directories:services}/redis_server
 promise_wrapper = $${directories:promises}/redis
+promise_requirepass_file = $${redis-requirepass:storage-path}
 
 ## Send informations to SlapOS Master
 #[publish-redis-connection-parameters]
 #recipe = slapos.cookbook:publish
 #redis_ip = $${redis:ipv6}
 #redis_port = $${redis:port}
-#redis_passwd = $${redis:passwd}
-#redis_uses_password = $${redis:use_passwd}
-  
-[slap-parameter]
-use_passwd = false
+

software/abilian/extranet_spr/instance.cfg.in

@@ -43,8 +43,8 @@ cert = $${slap-connection:cert-file}
 recipe = slapos.cookbook:jsondump
 json-output = $${buildout:directory}/abilian-config-extra.json
 UNOCONV_LOCATION = ${unoconv-repository:location}/unoconv
-BROKER_URL = redis://[$${redis:ipv6}]:$${redis:port}/2
-CELERY_RESULT_BACKEND = redis://[$${redis:ipv6}]:$${redis:port}/2
+BROKER_URL = redis://:$${redis-requirepass:passwd}@[$${redis:ipv6}]:$${redis:port}/2
+CELERY_RESULT_BACKEND = redis://:$${redis-requirepass:passwd}@[$${redis:ipv6}]:$${redis:port}/2
 SECRET_KEY = $${csrf-secret-key:passwd}
 
 

software/abilian/extranet_spr/software.cfg

@@ -213,13 +213,6 @@ configure-command =
     -Dusethreads
 
 
-
-
-# TODO must set UNO_PATH={libreoffice-bin:location}/program to run 'unoconv'
-
-
-
-
 #----------------
 #-- Instance-level buildout profiles.
 
@@ -227,7 +220,7 @@ configure-command =
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
 output = ${buildout:directory}/instance.cfg
-md5sum = e152c7bd8eef50a4e6c3f01ed0c2af31
+md5sum = e6147118f7d297ad9cefe9d81f96da64
 mode = 0644
 
 [instance-postgres]
@@ -241,7 +234,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-redis.cfg.in
 output = ${buildout:directory}/instance-redis.cfg
-md5sum = ccb186134bca3ff626b489bacccae610
+md5sum = cb8dfefa0776de51449ada06c16c38b9
 mode = 0644
 
 [instance-extranet]