erp5: Make initial user login and password configurable

Also, generate password randomly if not provided instead of using an hardcoded value. Publish them as they can be generated internally.

erp5: Make initial user login and password configurable
Also, generate password randomly if not provided instead of using an hardcoded value. Publish them as they can be generated internally.
893ea87b · Vincent Pelletier · 06feee8c · 893ea87b · 893ea87b · 893ea87b
Commit 893ea87b authored Feb 03, 2014 by Vincent Pelletier
6 changed files
--- a/software/erp5/instance-erp5-input-schema.json
+++ b/software/erp5/instance-erp5-input-schema.json
@@ -19,6 +19,16 @@
      "default": "random",
      "type": "string"
    },
+    "inituser-login": {
+      "description": "Login of the initial/rescue user",
+      "default": "zope",
+      "type": "string"
+    },
+    "inituser-password": {
+      "description": "Password of the initial/rescue user",
+      "default": "random",
+      "type": "string"
+    },
    "frontend": {
      "description": "Front-end slave instance request parameters",
      "properties": {

--- a/software/erp5/instance-erp5-output-schema.json
+++ b/software/erp5/instance-erp5-output-schema.json
@@ -6,6 +6,14 @@
      "description": "Chosen ERP5Site object identifier",
      "type": "string"
    },
+    "inituser-login": {
+      "description": "Initial user login",
+      "type": "string"
+    },
+    "inituser-password": {
+      "description": "Initial user password",
+      "type": "string"
+    },
    "kumofs-url": {
      "description": "Persistent memcached access information",
      "type": "string"

--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -220,7 +220,7 @@ md6sum = 4504b8e58cf6eb0f17ef30c29c04432d
 [template-create-erp5-site-real]
 < = download-base
 filename = instance-create-erp5-site-real.cfg.in
-md5sum = c7dde5117e3e99c9669b9a10c82778f3
+md5sum = 2440e054821628bfbc4837d4ceb16bc2

 [template]
 < = template-jinja2-base
@@ -286,7 +286,7 @@ extra-context =
 [template-erp5]
 < = download-base
 filename = instance-erp5.cfg.in
-md5sum = 0de8f9b4c873975a80bc3b0885c964ab
+md5sum = b9157fea0060db385c143bd87ef2f12b

 [template-neo]
 < = download-base
@@ -301,7 +301,7 @@ md5sum = 32de16140a294a7e456a9665124bdb93
 [template-zope]
 < = download-base
 filename = instance-zope.cfg.in
-md5sum = 21116639ac07dd3473f99522ea042334
+md5sum = eb2e3000e86e0f7205b8979612a132dc
 link-binary =
  ${aspell:location}/bin/aspell
  ${coreutils:location}/bin/basename

--- a/stack/erp5/instance-create-erp5-site-real.cfg.in
+++ b/stack/erp5/instance-create-erp5-site-real.cfg.in
@@ -16,7 +16,7 @@ mysql-url = {{ publish['mariadb-database-list'][0] }}
 {%     do family_list.append(value.split('://', 1)) -%}
 {%   endif -%}
 {%  endfor -%}
-zope-url = {{ family_list[0][0] + '://zope:insecure@' + family_list[0][1] + '/' + publish['site-id'] }}
+zope-url = {{ family_list[0][0] + '://' + publish['inituser-login'] + ':' + publish['inituser-password'] + '@' + family_list[0][1] + '/' + publish['site-id'] }}

 [promise-erp5-site]
 recipe = slapos.cookbook:check_url_available

--- a/stack/erp5/instance-erp5.cfg.in
+++ b/stack/erp5/instance-erp5.cfg.in
@@ -2,7 +2,8 @@
 {% set frontend_dict = slapparameter_dict.get('frontend', {}) %}
 {% set has_frontend = frontend_dict.get('software-url', '') != '' -%}
 {% set site_id = slapparameter_dict.get('site-id', 'erp5') -%}
-{% set publish_dict = {'site-id': site_id} -%}
+{% set inituser_login = slapparameter_dict.get('inituser-login', 'zope') -%}
+{% set publish_dict = {'site-id': site_id, 'inituser-login': inituser_login} -%}
 [request-common]
 recipe = slapos.cookbook:request.serialised
 software-url = ${slap-connection:software-release-url}
@@ -44,6 +45,14 @@ config-{{ option }} = {{ dumps(value) }}
 {{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099}, {'database-list': True, 'test-database-list': True}) }}
 {{ request('zodb', 'zodb-' ~ slapparameter_dict.get('zodb-software-type', 'zeo'), 'zodb', {'tcpv4-port': 2100, 'zodb-dict': {'root': {}}}, {'zodb-storage-type': False, 'zodb-dict': False, 'tidstorage-ip': False, 'tidstorage-port': False}) }}

+[inituser-password]
+{% set inituser_password = slapparameter_dict.get('inituser-password') -%}
+{% if inituser_password -%}
+passwd = {{ dumps(inituser_password) }}
+{% else -%}
+recipe = slapos.cookbook:generate.password
+{% endif -%}
+
 [deadlock-debugger-password]
 {% set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
 {% if deadlock_debugger_password -%}
@@ -78,6 +87,8 @@ extra-config =
  longrequest-logger-timeout
  port-base
  deadlock-debugger-password
+  inituser-login
+  inituser-password
 config-mysql-url-list = ${request-mariadb:connection-database-list}
 config-mysql-test-url-list = ${request-mariadb:connection-test-database-list}
 config-memcached-url = ${request-memcached-volatile:connection-url}
@@ -93,6 +104,8 @@ config-tidstorage-port = ${request-zodb:connection-tidstorage-port}
 config-timezone = {{ slapparameter_dict.get('timezone', 'UTC') }}
 config-site-id = {{ site_id }}
 config-deadlock-debugger-password = ${deadlock-debugger-password:passwd}
+config-inituser-login = {{ dumps(inituser_login) }}
+config-inituser-password = ${inituser-password:passwd}
 software-type = zope

 {% set zope_family_dict = {} -%}
@@ -189,6 +202,7 @@ return = site_url
 [publish]
 recipe = slapos.cookbook:publish.serialised
 deadlock-debugger-password = ${deadlock-debugger-password:passwd}
+inituser-password = ${inituser-password:passwd}
 {% for name, value in publish_dict.items() -%}
 {{   name }} = {{ value }}
 {% endfor -%}

--- a/stack/erp5/instance-zope.cfg.in
+++ b/stack/erp5/instance-zope.cfg.in
@@ -165,7 +165,8 @@ ipv4-port =

 [zope-base]
 recipe = slapos.cookbook:generic.zope.zeo.client
-user = zope
+user = {{ slapparameter_dict['inituser-login'] }}
+password = {{ slapparameter_dict['inituser-password'] }}
 ip = {{ ipv4 }}
 timezone = {{ slapparameter_dict['timezone'] }}
 tidstorage-ip = ${tidstorage:ipv4}