Commit a790d6c5 authored by Xavier Thompson's avatar Xavier Thompson

stack/lamp: Generate random password for mariadb

See merge request nexedi/slapos!1331
parents e3b355ab 457905fe
...@@ -35,7 +35,6 @@ path = ${template-matomo-instance:output} ...@@ -35,7 +35,6 @@ path = ${template-matomo-instance:output}
part-list = matomo-backup.sh matomo-backup-cron part-list = matomo-backup.sh matomo-backup-cron
db-name = matomo db-name = matomo
db-user = matomo db-user = matomo
db-password = 12345678
[template-matomo-instance] [template-matomo-instance]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
......
...@@ -52,6 +52,9 @@ class MatomoTestCase(SlapOSInstanceTestCase): ...@@ -52,6 +52,9 @@ class MatomoTestCase(SlapOSInstanceTestCase):
break break
self.assertTrue(self.matomo_path,"matomo path not found in %r" % (partition_path_list,)) self.assertTrue(self.matomo_path,"matomo path not found in %r" % (partition_path_list,))
self.connection_parameters = self.computer_partition.getConnectionParameterDict() self.connection_parameters = self.computer_partition.getConnectionParameterDict()
# parse <url> out of ['<url>']
url = self.connection_parameters['mariadb-url-list'][2:-2]
self.db_info = urllib.parse.urlparse(url)
#Check if matomo root directory is empty #Check if matomo root directory is empty
def test_matomo_dir(self): def test_matomo_dir(self):
...@@ -83,8 +86,9 @@ class MatomoTestCase(SlapOSInstanceTestCase): ...@@ -83,8 +86,9 @@ class MatomoTestCase(SlapOSInstanceTestCase):
self.assertEqual( self.assertEqual(
tree.xpath('//input[@name="dbname"]/@value'), tree.xpath('//input[@name="dbname"]/@value'),
['matomo']) ['matomo'])
self.assertTrue( self.assertEqual(
tree.xpath('//input[@name="password"]/@value')[0]) tree.xpath('//input[@name="password"]/@value'),
[self.db_info.password])
self.assertEqual( self.assertEqual(
tree.xpath('//input[@name="host"]/@value'), tree.xpath('//input[@name="host"]/@value'),
[f'{self._ipv4_address}:2099'] [f'{self._ipv4_address}:2099']
......
...@@ -39,7 +39,6 @@ path = ${template-nextcloud-instance:output} ...@@ -39,7 +39,6 @@ path = ${template-nextcloud-instance:output}
part-list = nextcloud-install.sh part-list = nextcloud-install.sh
db-name = nextcloud db-name = nextcloud
db-user = nextcloud db-user = nextcloud
db-password = insecure
[nc-download-unpacked] [nc-download-unpacked]
recipe = slapos.recipe.build:download-unpacked recipe = slapos.recipe.build:download-unpacked
......
...@@ -31,6 +31,8 @@ import json ...@@ -31,6 +31,8 @@ import json
import glob import glob
import re import re
from six.moves.urllib.parse import urlparse
from slapos.recipe.librecipe import generateHashFromFiles from slapos.recipe.librecipe import generateHashFromFiles
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
...@@ -63,13 +65,17 @@ class NextCloudTestCase(InstanceTestCase): ...@@ -63,13 +65,17 @@ class NextCloudTestCase(InstanceTestCase):
self.nextcloud_path, self.nextcloud_path,
"Nextcloud path not found in %r" % (partition_path_list,)) "Nextcloud path not found in %r" % (partition_path_list,))
# parse database info from mariadb url
d = self.computer_partition.getConnectionParameterDict()
db_url = d['mariadb-url-list'][2:-2] # parse <url> out of "['<url>']"
self._db_info = urlparse(db_url)
def getNextcloudConfig(self, config_dict={}): def getNextcloudConfig(self, config_dict={}):
data_dict = dict( data_dict = dict(
datadirectory=self.partition_dir + "/srv/data", datadirectory=self.partition_dir + "/srv/data",
dbhost="%s:2099" % self._ipv4_address, dbhost="%s:2099" % self._ipv4_address,
dbname="nextcloud", dbname="nextcloud",
dbpassword="insecure", dbpassword=self._db_info.password,
dbport="", dbport="",
dbuser="nextcloud", dbuser="nextcloud",
mail_domain="nextcloud@example.com", mail_domain="nextcloud@example.com",
......
...@@ -63,7 +63,6 @@ part-list = ...@@ -63,7 +63,6 @@ part-list =
# database information # database information
db-name = lamp db-name = lamp
db-user = lamp db-user = lamp
db-password = insecure
#---------------- #----------------
#-- Instance-level buildout profiles. #-- Instance-level buildout profiles.
...@@ -114,7 +113,6 @@ context = ...@@ -114,7 +113,6 @@ context =
key custom_application_template custom-application-deployment:path key custom_application_template custom-application-deployment:path
key db_name custom-application-deployment:db-name key db_name custom-application-deployment:db-name
key db_user custom-application-deployment:db-user key db_user custom-application-deployment:db-user
key db_password custom-application-deployment:db-password
key lamp_apache_httpd template-apache-httpd:target key lamp_apache_httpd template-apache-httpd:target
[instance-apache-php] [instance-apache-php]
......
...@@ -14,15 +14,15 @@ ...@@ -14,15 +14,15 @@
# not need these here). # not need these here).
[lamp-instance] [lamp-instance]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 603d03f43ea04e95237c80d3b9e72ba7 md5sum = 7854dd0edd48f2d91c16412c4a875ca4
[instance-apache-php] [instance-apache-php]
filename = instance-apache-php.cfg.in filename = instance-apache-php.cfg.in
md5sum = 8506f245087dfdc02561e8739a567bd6 md5sum = 9ab14922535d4d85e0db8602c47a707d
[instance-lamp] [instance-lamp]
filename = instance-lamp.cfg.jinja2.in filename = instance-lamp.cfg.jinja2.in
md5sum = 3ff36cb2d10f53f932ba9ee99b5fe9e1 md5sum = 347ddf1516bf2ddb5f6fb23539382847
[template-apache.conf] [template-apache.conf]
filename = apache.conf.in filename = apache.conf.in
......
...@@ -22,6 +22,14 @@ develop-eggs-directory = {{ develop_eggs_directory }} ...@@ -22,6 +22,14 @@ develop-eggs-directory = {{ develop_eggs_directory }}
offline = true offline = true
#----------------
#--
#-- Monitor password aggregation.
[monitor-instance-parameter]
password = {{ slapparameter_dict['monitor-passwd'] }}
#---------------- #----------------
#-- #--
#-- Creation of all needed directories. #-- Creation of all needed directories.
......
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
{% set part_list = [] -%} {% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%} {% set ipv6 = (ipv6 | list)[0] -%}
{% set monitor_base_url_dict = {} -%} {% set monitor_base_url_dict = {} -%}
{% set mariadb_dict = {} -%}
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -28,6 +27,7 @@ sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', '')) ...@@ -28,6 +27,7 @@ sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', ''))
config-{{ key }} = {{ dumps(value) }} config-{{ key }} = {{ dumps(value) }}
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
config-monitor-passwd = ${monitor-instance-parameter:password}
config-database-list = ${request-mariadb:connection-database-list} config-database-list = ${request-mariadb:connection-database-list}
return = return =
backend-url backend-url
...@@ -37,24 +37,20 @@ return = ...@@ -37,24 +37,20 @@ return =
{% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%} {% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%}
{% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%} {% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%}
{% do mariadb_dict.__setitem__('database-list', [{'name': db_name, 'user': db_user, 'password': db_password }]) -%}
{% do mariadb_dict.__setitem__('test-database-amount', 0) -%}
{% do mariadb_dict.__setitem__('tcpv4-port', 2099) -%}
{% do mariadb_dict.__setitem__('max-slowqueries-threshold', 1000) -%}
{% do mariadb_dict.__setitem__('slowest-query-threshold', '') -%}
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% do mariadb_dict.__setitem__('monitor-passwd', '${monitor-htpasswd:passwd}') -%}
{% do mariadb_dict.__setitem__('name', 'Mariadb') -%}
{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
[request-mariadb] [request-mariadb]
<= request-common <= request-common
software-type = mariadb software-type = mariadb
name = Mariadb name = Mariadb
sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }} sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
{% for key, value in mariadb_dict.items() -%} config-database-list = {{ dumps([{'name': db_name, 'user': db_user, 'password': db_password }]) }}
config-{{ key }} = {{ dumps(value) }} config-test-database-amount = {{ dumps(0) }}
{% endfor -%} config-tcpv4-port = {{ dumps(2099) }}
config-max-slowqueries-threshold = {{ dumps(1000) }}
config-slowest-query-threshold =
config-computer-memory-percent-threshold = {{ dumps(80) }}
config-monitor-passwd = ${monitor-instance-parameter:password}
config-name = ${:name}
config-innodb-file-per-table = {{ dumps(slapparameter_dict.get('innodb-file-per-table', 1)) }}
return = return =
database-list database-list
monitor-base-url monitor-base-url
......
...@@ -40,8 +40,11 @@ context = ...@@ -40,8 +40,11 @@ context =
${:extra-context} ${:extra-context}
[dynamic-template-lamp-parameters]
[mariadb-password]
recipe = slapos.cookbook:generate.password
[dynamic-template-lamp-parameters]
[dynamic-template-lamp] [dynamic-template-lamp]
<= jinja2-template-base <= jinja2-template-base
...@@ -51,7 +54,7 @@ extra-context = ...@@ -51,7 +54,7 @@ extra-context =
section parameter_dict dynamic-template-lamp-parameters section parameter_dict dynamic-template-lamp-parameters
raw db_name {{ db_name }} raw db_name {{ db_name }}
raw db_user {{ db_user }} raw db_user {{ db_user }}
raw db_password {{ db_password }} key db_password mariadb-password:passwd
[dynamic-template-apache-php-parameters] [dynamic-template-apache-php-parameters]
{% if application_archive_root %} {% if application_archive_root %}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment