Commit b3b7f065 authored by Marco Mariani's avatar Marco Mariani

only listen to ipv6 address, and unix socket

parent 8ab881ea
...@@ -27,13 +27,11 @@ ...@@ -27,13 +27,11 @@
import md5 import md5
import os import os
import sys
import subprocess import subprocess
import textwrap import textwrap
from zc.buildout import UserError from zc.buildout import UserError
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
from slapos.recipe.librecipe import filehash
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
...@@ -75,11 +73,13 @@ class Recipe(GenericBaseRecipe): ...@@ -75,11 +73,13 @@ class Recipe(GenericBaseRecipe):
def createConfig(self): def createConfig(self):
from zc.buildout import buildout
pgdata = self.options['pgdata-directory'] pgdata = self.options['pgdata-directory']
host = buildout.loads(self.options['ipv6_host']).pop() # XXX ugly hack
with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg: with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
# XXX TODO listen_addresses
cfg.write(textwrap.dedent("""\ cfg.write(textwrap.dedent("""\
listen_addresses = '%s'
logging_collector = on logging_collector = on
log_rotation_size = 50MB log_rotation_size = 50MB
max_connections = 100 max_connections = 100
...@@ -90,7 +90,7 @@ class Recipe(GenericBaseRecipe): ...@@ -90,7 +90,7 @@ class Recipe(GenericBaseRecipe):
lc_numeric = 'en_US.UTF-8' lc_numeric = 'en_US.UTF-8'
lc_time = 'en_US.UTF-8' lc_time = 'en_US.UTF-8'
default_text_search_config = 'pg_catalog.english' default_text_search_config = 'pg_catalog.english'
""")) """ % host))
with open(os.path.join(pgdata, 'pg_hba.conf'), 'wb') as cfg: with open(os.path.join(pgdata, 'pg_hba.conf'), 'wb') as cfg:
...@@ -103,7 +103,8 @@ class Recipe(GenericBaseRecipe): ...@@ -103,7 +103,8 @@ class Recipe(GenericBaseRecipe):
local all all ident local all all ident
host all all 127.0.0.1/32 md5 host all all 127.0.0.1/32 md5
host all all ::1/128 md5 host all all ::1/128 md5
""")) host all all %s/128 md5
""" % host))
def createDatabase(self): def createDatabase(self):
...@@ -114,9 +115,14 @@ class Recipe(GenericBaseRecipe): ...@@ -114,9 +115,14 @@ class Recipe(GenericBaseRecipe):
""" """
Creates a Postgres superuser - other than "slapuser#" for use by the application. Creates a Postgres superuser - other than "slapuser#" for use by the application.
""" """
user = self.options['user']
password = 'insecure' password = 'insecure'
enc_password = md5.md5(password).hexdigest()
self.runPostgresCommand(cmd="""CREATE USER "%s" PASSWORD '%s' SUPERUSER""" % (self.options['user'], enc_password)) # XXX should send it encrypted, didn't work
# http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
# enc_password = 'md5' + md5.md5(password+user).hexdigest()
self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password))
def runPostgresCommand(self, cmd): def runPostgresCommand(self, cmd):
...@@ -135,6 +141,7 @@ class Recipe(GenericBaseRecipe): ...@@ -135,6 +141,7 @@ class Recipe(GenericBaseRecipe):
p = subprocess.Popen([postgres_binary, p = subprocess.Popen([postgres_binary,
'--single', '--single',
'-D', pgdata, '-D', pgdata,
'-d', '1', # debug level, do not output commands
'postgres', 'postgres',
], stdin=subprocess.PIPE) ], stdin=subprocess.PIPE)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment