Commit e870252f authored by Jérome Perrin's avatar Jérome Perrin

Metabase 0.41.2

Update metabase and fix a few minor problems, mostly:
 - use proper passwords for keystore and for postgresql
 - use Eclipse Temurin JRE, where the SSH tunnels work


See merge request nexedi/slapos!1077
parents 14d90bcd f2eb74db
Pipeline #18349 failed with stage
in 0 seconds
[buildout] [buildout]
extends =
../coreutils/buildout.cfg
../patchelf/buildout.cfg
../alsa/buildout.cfg
../libpng/buildout.cfg
../freetype/buildout.cfg
../fontconfig/buildout.cfg
../xorg/buildout.cfg
../zlib/buildout.cfg
parts = parts =
java java
...@@ -9,12 +17,12 @@ parts = ...@@ -9,12 +17,12 @@ parts =
[java-re] [java-re]
<= java-re-7 <= java-re-7
[java-common] [java-sun-common]
recipe = slapos.recipe.build:download-unpacked recipe = slapos.recipe.build:download-unpacked
url = http://javadl.sun.com/webapps/download/AutoDL?BundleId=${:bundle-id} url = https://javadl.sun.com/webapps/download/AutoDL?BundleId=${:bundle-id}
[java-re-7] [java-re-7]
<= java-common <= java-sun-common
# http://java.com/en/download/manual_java7.jsp # http://java.com/en/download/manual_java7.jsp
[java-re-7:linux and platform.machine() == 'i686'] [java-re-7:linux and platform.machine() == 'i686']
...@@ -26,7 +34,7 @@ bundle-id = 97800 ...@@ -26,7 +34,7 @@ bundle-id = 97800
md5sum = 7605134662f6c87131eca5745895fe84 md5sum = 7605134662f6c87131eca5745895fe84
[java-re-8] [java-re-8]
<= java-common <= java-sun-common
# https://www.java.com/en/download/manual.jsp # https://www.java.com/en/download/manual.jsp
# Update 161 # Update 161
...@@ -45,3 +53,25 @@ stop-on-error = true ...@@ -45,3 +53,25 @@ stop-on-error = true
update-command = ${:command} update-command = ${:command}
command = ${coreutils-output:test} -x ${:keytool} command = ${coreutils-output:test} -x ${:keytool}
keytool = ${java-re-8:location}/bin/keytool keytool = ${java-re-8:location}/bin/keytool
[java-re-temurin-11]
recipe = slapos.recipe.build
update =
from zc.buildout import UserError
raise UserError("unsupported platform")
[java-re-temurin-11:linux and platform.machine() == 'x86_64']
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.13%2B8/OpenJDK11U-jre_x64_linux_hotspot_11.0.13_8.tar.gz
md5sum = 1b06100bcd0923d3f3279c2f09773af0
configure-command = :
make-binary = :
post-install =
mv * %(location)s
for file in %(location)s/bin/* %(location)s/lib/*.so %(location)s/lib/*/*.so ; do
echo appending rpath to $file
${patchelf:location}/bin/patchelf --set-rpath %(rpath)s $file
done
rpath = ${alsa:location}/lib:${freetype:location}/lib:${fontconfig:location}/lib:${libpng:location}/lib:${libXrender:location}/lib:${libXtst:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXext:location}/lib:${libXdmcp:location}/lib:${libXi:location}/lib:${libxcb:location}/lib:${zlib:location}/lib:@@LOCATION@@/lib:@@LOCATION@@/lib/server:@@LOCATION@@/lib/jli
# Metabae # Metabase
https://www.metabase.com/ https://www.metabase.com/
## TODO: ## TODO:
* export backups for resilience * export backups for resilience
* security (proper passwords, verifiable certificate, study metabase encryption option) * security (verifiable certificate, study metabase encryption option)
[instance-profile] [instance-profile]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 143f46b125389f39905226ec9482ce2a md5sum = 5f2f7c4c2f793d609ad3c4fa0aa2f8a5
...@@ -7,10 +7,28 @@ eggs-directory = ${buildout:eggs-directory} ...@@ -7,10 +7,28 @@ eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory} develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true offline = true
[fontconfig-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-fonts-conf:output}
rendered = $${directory:etc}/fonts.conf
context =
key cachedir directory:fontconfig-cache
key fonts :fonts
key includes :includes
fonts =
${android-fonts:location}
${dejavu-fonts:location}
${ipa-fonts:location}
${ipaex-fonts:location}
${liberation-fonts:location}
${ocrb-fonts:location}
includes =
${fontconfig:location}/etc/fonts/conf.d
[metabase-instance] [metabase-instance]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:service}/$${:_buildout_section_name_} wrapper-path = $${directory:service}/$${:_buildout_section_name_}
command-line = sh -c "cd $${directory:srv-metabase}; ${java-re-8:location}/bin/java $JAVA_ARGS -jar ${metabase.jar:location}/metabase.jar" command-line = sh -c "cd $${directory:srv-metabase}; ${java:location}/bin/java $JAVA_ARGS -jar ${metabase.jar:location}/metabase.jar"
# https://www.metabase.com/docs/latest/operations-guide/customizing-jetty-webserver.html # https://www.metabase.com/docs/latest/operations-guide/customizing-jetty-webserver.html
# note that we set org.quartz.scheduler.instanceId through $JAVA_ARGS as a workaround for machines # note that we set org.quartz.scheduler.instanceId through $JAVA_ARGS as a workaround for machines
# which cannot resolve their hostnames. See also https://github.com/metabase/metabase/issues/8373 # which cannot resolve their hostnames. See also https://github.com/metabase/metabase/issues/8373
...@@ -28,7 +46,8 @@ environment = ...@@ -28,7 +46,8 @@ environment =
MB_DB_USER=$${postgresql:superuser} MB_DB_USER=$${postgresql:superuser}
MB_DB_PASS=$${postgresql:password} MB_DB_PASS=$${postgresql:password}
MB_DB_HOST=$${postgresql:ipv4} MB_DB_HOST=$${postgresql:ipv4}
JAVA_ARGS=-Dorg.quartz.scheduler.instanceId=$${slap-connection:computer-id}.$${slap-connection:partition-id} FONTCONFIG_FILE=$${fontconfig-conf:rendered}
JAVA_ARGS=-Dorg.quartz.scheduler.instanceId=$${slap-connection:computer-id}.$${slap-connection:partition-id} -Djava.io.tmpdir="$${directory:tmp}"
hash-existing-files = hash-existing-files =
$${buildout:directory}/software_release/buildout.cfg $${buildout:directory}/software_release/buildout.cfg
...@@ -49,19 +68,56 @@ promise = check_url_available ...@@ -49,19 +68,56 @@ promise = check_url_available
name = $${:_buildout_section_name_}.py name = $${:_buildout_section_name_}.py
config-url= $${metabase-instance:url}/api/session/properties config-url= $${metabase-instance:url}/api/session/properties
[metabase-keystore-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[metabase-keystore] [metabase-keystore]
recipe = plone.recipe.command recipe = plone.recipe.command
stop-on-error = true
command = command =
${java-re-8-output:keytool} \ if [ -f $${:file} ]
then
# XXX password used to be "insecure", but we changed to proper password.
# We try to list the store with the new password and if it fail we change
# the keystore password.
if ! ${java:location}/bin/keytool \
-list \
-keystore "$${:file}" \
-storepass "$${:password}"
then
echo "Migrating keystore password" && \
${java:location}/bin/keytool \
-storepasswd \
-keystore "$${:file}" \
-storepass insecure \
-new "$${:password}" && \
echo "Migrating certificate key password" && \
${java:location}/bin/keytool \
-keypasswd \
-alias "$${:alias}" \
-keypass insecure \
-new "$${:password}" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
else
${java:location}/bin/keytool \
-genkeypair \ -genkeypair \
-alias "metabase" \ -alias "$${:alias}" \
-keyalg RSA \ -keyalg RSA \
-keypass "$${:password}" \ -keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \ -dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \ -keystore "$${:file}" \
-storepass "$${:password}" -storepass "$${:password}"
fi
file = $${directory:etc}/.metabase_keystore file = $${directory:etc}/.metabase_keystore
password = insecure password = $${metabase-keystore-password:passwd}
alias = metabase
[postgresql-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[postgresql] [postgresql]
recipe = slapos.cookbook:postgres recipe = slapos.cookbook:postgres
...@@ -69,7 +125,7 @@ bin = ${postgresql10:location}/bin/ ...@@ -69,7 +125,7 @@ bin = ${postgresql10:location}/bin/
services = $${directory:service} services = $${directory:service}
dbname = metabase_db dbname = metabase_db
superuser = metabase-psql superuser = metabase-psql
password = insecure password = $${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random} ipv4 = $${instance-parameter:ipv4-random}
...@@ -125,7 +181,7 @@ wrapper-path = $${directory:bin}/$${:_buildout_section_name_} ...@@ -125,7 +181,7 @@ wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line = command-line =
sh -e -c "\ sh -e -c "\
echo 'This will replace current database with latest backup. Hit Ctrl+C to cancel'; echo 'This will replace current database with latest backup. Hit Ctrl+C to cancel';
sleep 5; sleep 30;
$${postgresql:bin}/pg_restore \ $${postgresql:bin}/pg_restore \
--exit-on-error \ --exit-on-error \
-h $${postgresql:pgdata-directory} \ -h $${postgresql:pgdata-directory} \
...@@ -176,7 +232,7 @@ tmp = $${buildout:directory}/tmp ...@@ -176,7 +232,7 @@ tmp = $${buildout:directory}/tmp
service = $${:etc}/service service = $${:etc}/service
srv-metabase = $${:srv}/metabase srv-metabase = $${:srv}/metabase
srv-backup = $${:srv}/backup srv-backup = $${:srv}/backup
fontconfig-cache = $${buildout:directory}/.fontconfig
[publish-connection-parameter] [publish-connection-parameter]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
......
[buildout] [buildout]
extends = extends =
../../component/defaults.cfg ../../component/defaults.cfg
../../component/fontconfig/buildout.cfg
../../component/fonts/buildout.cfg
../../component/java/buildout.cfg ../../component/java/buildout.cfg
../../component/postgresql/buildout.cfg ../../component/postgresql/buildout.cfg
../../component/dcron/buildout.cfg ../../component/dcron/buildout.cfg
...@@ -15,10 +17,13 @@ parts = ...@@ -15,10 +17,13 @@ parts =
[python] [python]
part = python3 part = python3
[java]
<= java-re-temurin-11
[metabase.jar] [metabase.jar]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = https://downloads.metabase.com/v0.38.3/metabase.jar url = https://downloads.metabase.com/v0.41.2/metabase.jar
md5sum = b91e4b9ae13c892894fec8bab2fd195f md5sum = 630068d1ccbdc95556931fe9cfc12e61
[instance-profile] [instance-profile]
recipe = slapos.recipe.template recipe = slapos.recipe.template
......
...@@ -85,7 +85,7 @@ class TestMetabaseSetup(MetabaseTestCase): ...@@ -85,7 +85,7 @@ class TestMetabaseSetup(MetabaseTestCase):
"username": email, "username": email,
"password": "wrong" "password": "wrong"
}) })
self.assertEqual(requests.codes.bad_request, resp.status_code) self.assertEqual(resp.status_code, requests.codes.unauthorized)
session = requests.post( session = requests.post(
parse.urljoin(url, '/api/session'), parse.urljoin(url, '/api/session'),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment