Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Steven Gueguen
slapos
Commits
c80ffdef
Commit
c80ffdef
authored
Jan 22, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Plain Diff
Expose hashed passwords in slapos.cookbook:generate.password
See merge request
nexedi/slapos!1506
parents
81a83ffe
e820c7d0
Changes
23
Show whitespace changes
Inline
Side-by-side
Showing
23 changed files
with
82 additions
and
57 deletions
+82
-57
component/apache/buildout.cfg
component/apache/buildout.cfg
+2
-2
component/rust/buildout.cfg
component/rust/buildout.cfg
+2
-2
software/dufs/buildout.hash.cfg
software/dufs/buildout.hash.cfg
+1
-1
software/dufs/instance.cfg.in
software/dufs/instance.cfg.in
+3
-2
software/dufs/software.cfg
software/dufs/software.cfg
+2
-2
software/dufs/test/test.py
software/dufs/test/test.py
+20
-0
software/erp5/test/test/test_erp5.py
software/erp5/test/test/test_erp5.py
+17
-0
software/restic-rest-server/buildout.hash.cfg
software/restic-rest-server/buildout.hash.cfg
+1
-1
software/restic-rest-server/instance.cfg.in
software/restic-rest-server/instance.cfg.in
+5
-13
software/restic-rest-server/software.cfg
software/restic-rest-server/software.cfg
+1
-2
software/seleniumserver/buildout.hash.cfg
software/seleniumserver/buildout.hash.cfg
+1
-1
software/seleniumserver/instance-selenium.cfg.in
software/seleniumserver/instance-selenium.cfg.in
+2
-2
software/slapos-master/buildout.hash.cfg
software/slapos-master/buildout.hash.cfg
+1
-1
software/slapos-master/instance-erp5.cfg.in
software/slapos-master/instance-erp5.cfg.in
+6
-5
software/theia/buildout.hash.cfg
software/theia/buildout.hash.cfg
+1
-1
software/theia/instance-theia.cfg.jinja.in
software/theia/instance-theia.cfg.jinja.in
+1
-1
stack/erp5/buildout.hash.cfg
stack/erp5/buildout.hash.cfg
+3
-3
stack/erp5/instance-erp5.cfg.in
stack/erp5/instance-erp5.cfg.in
+6
-5
stack/erp5/instance-zope.cfg.in
stack/erp5/instance-zope.cfg.in
+1
-1
stack/erp5/instance.cfg.in
stack/erp5/instance.cfg.in
+0
-2
stack/monitor/buildout.hash.cfg
stack/monitor/buildout.hash.cfg
+1
-1
stack/monitor/instance-monitor.cfg.jinja2.in
stack/monitor/instance-monitor.cfg.jinja2.in
+2
-8
stack/slapos.cfg
stack/slapos.cfg
+3
-1
No files found.
component/apache/buildout.cfg
View file @
c80ffdef
...
@@ -44,9 +44,9 @@ environment =
...
@@ -44,9 +44,9 @@ environment =
[apache]
[apache]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
version = 2.4.5
7
version = 2.4.5
8
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = 3
4575e92f91fb625f3842d6ca382caa5
md5sum = 3
0377ec4d7fb8361e1d1f2ab3158b467
configure-options = --disable-static
configure-options = --disable-static
--enable-authn-alias
--enable-authn-alias
--enable-bucketeer
--enable-bucketeer
...
...
component/rust/buildout.cfg
View file @
c80ffdef
...
@@ -9,8 +9,8 @@ parts = rustc
...
@@ -9,8 +9,8 @@ parts = rustc
[rustc]
[rustc]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
url = https://static.rust-lang.org/dist/rustc-1.
64
.0-src.tar.gz
url = https://static.rust-lang.org/dist/rustc-1.
75
.0-src.tar.gz
md5sum =
948ecb62b82ed3543f03ebf598501796
md5sum =
6420f7d4e0eb3f4f4963a2e2afdb301b
# --sysconfdir is a workaround for https://github.com/rust-lang/rust/issues/63915
# --sysconfdir is a workaround for https://github.com/rust-lang/rust/issues/63915
configure-options =
configure-options =
--enable-extended
--enable-extended
...
...
software/dufs/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,4 +15,4 @@
...
@@ -15,4 +15,4 @@
[instance.cfg.in]
[instance.cfg.in]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
6edf5c64bf25dfd2e6e8a4e74c9b9812
md5sum =
f7a283e3288d3a9ddfd5de7e9b309273
software/dufs/instance.cfg.in
View file @
c80ffdef
...
@@ -155,9 +155,10 @@ command-line =
...
@@ -155,9 +155,10 @@ command-line =
--enable-cors
--enable-cors
--bind ${:ip}
--bind ${:ip}
--port ${:port}
--port ${:port}
--render-try-index
--allow-all
--allow-all
--auth-method basic
--auth-method basic
--auth ${admin-password:user}:${admin-password:passwd}@/:rw
--auth ${admin-password:user}:${admin-password:passwd
-sha512-crypt
}@/:rw
--auth @/pub
--auth @/pub
--tls-cert ${dufs-certificate:cert-file}
--tls-cert ${dufs-certificate:cert-file}
--tls-key ${dufs-certificate:key-file}
--tls-key ${dufs-certificate:key-file}
...
@@ -210,7 +211,7 @@ init =
...
@@ -210,7 +211,7 @@ init =
frontend_url = urlparse(self.options['frontend-url'])
frontend_url = urlparse(self.options['frontend-url'])
admin_user = self.options['admin-user']
admin_user = self.options['admin-user']
admin_password = self.options['admin-password']
admin_password = self.options['admin-password']
self.options['public-url'] = frontend_url._replace(path='/pub').geturl()
self.options['public-url'] = frontend_url._replace(path='/pub
/
').geturl()
assert not frontend_url.username
assert not frontend_url.username
self.options['upload-url'] = frontend_url._replace(
self.options['upload-url'] = frontend_url._replace(
netloc=f'{admin_user}:{admin_password}@{frontend_url.netloc}').geturl()
netloc=f'{admin_user}:{admin_password}@{frontend_url.netloc}').geturl()
...
...
software/dufs/software.cfg
View file @
c80ffdef
...
@@ -13,8 +13,8 @@ parts =
...
@@ -13,8 +13,8 @@ parts =
[dufs]
[dufs]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
shared = true
shared = true
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.3
4.1
.tar.gz
url = https://github.com/sigoden/dufs/archive/refs/tags/v0.3
9.0
.tar.gz
md5sum =
77cbb2523aca8dad90fd77ee0277704f
md5sum =
e0fca35530c043c5dff7fcbe415ed35d
configure-command = :
configure-command = :
make-binary = cargo install --root=%(location)s --path . --locked
make-binary = cargo install --root=%(location)s --path . --locked
make-targets =
make-targets =
...
...
software/dufs/test/test.py
View file @
c80ffdef
...
@@ -91,6 +91,26 @@ class TestFileServer(SlapOSInstanceTestCase):
...
@@ -91,6 +91,26 @@ class TestFileServer(SlapOSInstanceTestCase):
self
.
assertNotIn
(
'secret'
,
resp
.
text
)
self
.
assertNotIn
(
'secret'
,
resp
.
text
)
self
.
assertEqual
(
resp
.
status_code
,
requests
.
codes
.
ok
)
self
.
assertEqual
(
resp
.
status_code
,
requests
.
codes
.
ok
)
def
test_index
(
self
):
pub
=
pathlib
.
Path
(
self
.
computer_partition_root_path
)
/
'srv'
/
'www'
/
'pub'
(
pub
/
'with-index'
).
mkdir
()
(
pub
/
'with-index'
/
'index.html'
).
write_text
(
'<html>Hello !</html>'
)
self
.
assertEqual
(
requests
.
get
(
urllib
.
parse
.
urljoin
(
self
.
connection_parameters
[
'public-url'
],
'with-index/'
),
verify
=
self
.
ca_cert
,
).
text
,
'<html>Hello !</html>'
)
(
pub
/
'without-index'
).
mkdir
()
(
pub
/
'without-index'
/
'file.txt'
).
write_text
(
'Hello !'
)
self
.
assertIn
(
'file.txt'
,
requests
.
get
(
urllib
.
parse
.
urljoin
(
self
.
connection_parameters
[
'public-url'
],
'without-index/'
),
verify
=
self
.
ca_cert
,
).
text
)
def
test_upload_file_refused_without_auth
(
self
):
def
test_upload_file_refused_without_auth
(
self
):
parsed_upload_url
=
urllib
.
parse
.
urlparse
(
self
.
connection_parameters
[
'upload-url'
])
parsed_upload_url
=
urllib
.
parse
.
urlparse
(
self
.
connection_parameters
[
'upload-url'
])
# upload-url has username:password, remove it
# upload-url has username:password, remove it
...
...
software/erp5/test/test/test_erp5.py
View file @
c80ffdef
...
@@ -32,6 +32,7 @@ import glob
...
@@ -32,6 +32,7 @@ import glob
import
http.client
import
http.client
import
json
import
json
import
os
import
os
import
pathlib
import
resource
import
resource
import
shutil
import
shutil
import
socket
import
socket
...
@@ -1100,6 +1101,22 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
...
@@ -1100,6 +1101,22 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
'log'
,
'log'
,
f
))
f
))
class
TestPassword
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
__partition_reference__
=
'p'
def
test_no_plain_text_password_in_files
(
self
):
inituser_password
=
self
.
getRootPartitionConnectionParameterDict
()[
'inituser-password'
].
encode
()
self
.
assertFalse
(
[
f
for
f
in
pathlib
.
Path
(
self
.
slap
.
_instance_root
).
glob
(
'**/*'
)
if
f
.
is_file
()
and
inituser_password
in
f
.
read_bytes
()])
# the hashed password is present in some files
inituser_password_hashed
=
self
.
getRootPartitionConnectionParameterDict
()[
'inituser-password-hashed'
].
encode
()
self
.
assertTrue
(
[
f
for
f
in
pathlib
.
Path
(
self
.
slap
.
_instance_root
).
glob
(
'**/*'
)
if
f
.
is_file
()
and
inituser_password_hashed
in
f
.
read_bytes
()])
class
TestWithMaxRlimitNofileParameter
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
class
TestWithMaxRlimitNofileParameter
(
ERP5InstanceTestCase
,
TestPublishedURLIsReachableMixin
):
"""Test setting the with-max-rlimit-nofile parameter sets the open fd soft limit to the hard limit.
"""Test setting the with-max-rlimit-nofile parameter sets the open fd soft limit to the hard limit.
...
...
software/restic-rest-server/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,4 +15,4 @@
...
@@ -15,4 +15,4 @@
[instance.cfg.in]
[instance.cfg.in]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
361991f333119f22c8266dc8bde7bc57
md5sum =
b5c479ebb4cf2fd2f63623af88b95078
software/restic-rest-server/instance.cfg.in
View file @
c80ffdef
...
@@ -147,23 +147,15 @@ recipe = slapos.cookbook:generate.password
...
@@ -147,23 +147,15 @@ recipe = slapos.cookbook:generate.password
user = backup
user = backup
[rest-server-htpassword]
[rest-server-htpassword]
recipe = plone.recipe.command
recipe = slapos.recipe.template
command =
inline =
if [ ! -f '${:htpassword}' ] ; then
${rest-server-password:user}:${rest-server-password:passwd-bcrypt}
{{ htpasswd_bin }} \
output = ${directory:rest-server-data-dir}/.htpasswd
-b \
-B \
-c ${:htpassword} \
${rest-server-password:user} \
${rest-server-password:passwd}
fi
htpassword = ${directory:rest-server-data-dir}/.htpasswd
stop-on-error = true
[rest-server]
[rest-server]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line =
command-line =
{{ gowork_bin }}/rest-server
\
{{ gowork_bin }}/rest-server
--listen [${:ip}]:${:port}
--listen [${:ip}]:${:port}
--log ${directory:var-log}/${:_buildout_section_name_}-access.log
--log ${directory:var-log}/${:_buildout_section_name_}-access.log
--path ${directory:rest-server-data-dir}
--path ${directory:rest-server-data-dir}
...
...
software/restic-rest-server/software.cfg
View file @
c80ffdef
...
@@ -25,7 +25,7 @@ install +=
...
@@ -25,7 +25,7 @@ install +=
<= go-git-package
<= go-git-package
go.importpath = github.com/restic/rest-server
go.importpath = github.com/restic/rest-server
repository = https://github.com/restic/rest-server
repository = https://github.com/restic/rest-server
revision = v0.1
0.0-0-g9313f19
revision = v0.1
2.1-0-g4231ef6
[instance.cfg.in]
[instance.cfg.in]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -35,7 +35,6 @@ context =
...
@@ -35,7 +35,6 @@ context =
section buildout buildout
section buildout buildout
key gowork_bin gowork:bin
key gowork_bin gowork:bin
raw openssl_bin ${openssl:location}/bin/openssl
raw openssl_bin ${openssl:location}/bin/openssl
raw htpasswd_bin ${apache:location}/bin/htpasswd
raw dash_bin ${dash:location}/bin/dash
raw dash_bin ${dash:location}/bin/dash
raw curl_bin ${curl:location}/bin/curl
raw curl_bin ${curl:location}/bin/curl
key template_monitor monitor2-template:output
key template_monitor monitor2-template:output
...
...
software/seleniumserver/buildout.hash.cfg
View file @
c80ffdef
...
@@ -19,4 +19,4 @@ md5sum = 10e19df182c692b71ea552da183a0bcf
...
@@ -19,4 +19,4 @@ md5sum = 10e19df182c692b71ea552da183a0bcf
[template-selenium]
[template-selenium]
filename = instance-selenium.cfg.in
filename = instance-selenium.cfg.in
md5sum = 5a7abfff9f9d7898620f8c7fc1e6f488
md5sum = 7239845e758b2d10299699e061b0fc75
\ No newline at end of file
\ No newline at end of file
software/seleniumserver/instance-selenium.cfg.in
View file @
c80ffdef
...
@@ -170,14 +170,14 @@ content =
...
@@ -170,14 +170,14 @@ content =
use_backend admin if { path_beg $${selenium-server-frontend-configuration:path-admin} }
use_backend admin if { path_beg $${selenium-server-frontend-configuration:path-admin} }
userlist hub
userlist hub
user $${selenium-server-selenium-password:username}
insecure-password $${selenium-server-selenium-password:passwd
}
user $${selenium-server-selenium-password:username}
password $${selenium-server-selenium-password:passwd-sha256-crypt
}
backend hub
backend hub
acl auth_ok http_auth(hub)
acl auth_ok http_auth(hub)
http-request auth realm "Selenium Server" unless auth_ok
http-request auth realm "Selenium Server" unless auth_ok
server hub $${selenium-server-hub-instance:hostname}:$${selenium-server-hub-instance:port}
server hub $${selenium-server-hub-instance:hostname}:$${selenium-server-hub-instance:port}
userlist admin
userlist admin
user $${selenium-server-admin-password:username}
insecure-password $${selenium-server-admin-password:passwd
}
user $${selenium-server-admin-password:username}
password $${selenium-server-admin-password:passwd-sha256-crypt
}
backend admin
backend admin
acl auth_ok http_auth(admin)
acl auth_ok http_auth(admin)
http-request auth realm "Grid Admin" unless auth_ok
http-request auth realm "Grid Admin" unless auth_ok
...
...
software/slapos-master/buildout.hash.cfg
View file @
c80ffdef
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template-erp5]
[template-erp5]
filename = instance-erp5.cfg.in
filename = instance-erp5.cfg.in
md5sum =
1fbfca2d64a9824054f7a3281e71efdc
md5sum =
ba46a66da1c834df14a80a20b21e4a96
[template-balancer]
[template-balancer]
filename = instance-balancer.cfg.in
filename = instance-balancer.cfg.in
...
...
software/slapos-master/instance-erp5.cfg.in
View file @
c80ffdef
...
@@ -247,7 +247,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
...
@@ -247,7 +247,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-password
= ${publish-early:inituser-passwor
d}
config-inituser-password
-hashed = ${publish-early:inituser-password-hashe
d}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
recipe = slapos.cookbook:publish-early
recipe = slapos.cookbook:publish-early
-init =
-init =
inituser-password gen-password:passwd
inituser-password gen-password:passwd
inituser-password-hashed gen-password:passwd-ldap-salted-sha1
deadlock-debugger-password gen-deadlock-debugger-password:passwd
deadlock-debugger-password gen-deadlock-debugger-password:passwd
{%- if has_posftix %}
{%- if has_posftix %}
smtpd-sasl-password gen-smtpd-sasl-password:passwd
smtpd-sasl-password gen-smtpd-sasl-password:passwd
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
neo-cluster = {{ dumps(neo[0]) }}
neo-cluster = {{ dumps(neo[0]) }}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
inituser-password = {{ dumps(inituser_password) }}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
...
@@ -552,6 +549,10 @@ recipe =
...
@@ -552,6 +549,10 @@ recipe =
[gen-password]
[gen-password]
recipe = slapos.cookbook:generate.password
recipe = slapos.cookbook:generate.password
storage-path =
storage-path =
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
passwd = {{ dumps(inituser_password) }}
{%- endif %}
[gen-deadlock-debugger-password]
[gen-deadlock-debugger-password]
<= gen-password
<= gen-password
...
...
software/theia/buildout.hash.cfg
View file @
c80ffdef
...
@@ -15,7 +15,7 @@
...
@@ -15,7 +15,7 @@
[instance-theia]
[instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in
_update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum =
43b3435b3bc08db42335c03b5b8fe46
5
md5sum =
07b222d8c29d446fc0957e4e3770658
5
[instance]
[instance]
_update_hash_filename_ = instance.cfg.in
_update_hash_filename_ = instance.cfg.in
...
...
software/theia/instance-theia.cfg.jinja.in
View file @
c80ffdef
...
@@ -255,7 +255,7 @@ context =
...
@@ -255,7 +255,7 @@ context =
key content :content
key content :content
content =
content =
userlist basic-auth-list
userlist basic-auth-list
user $${frontend-instance-password:username}
insecure-password $${frontend-instance-password:passwd
}
user $${frontend-instance-password:username}
password $${frontend-instance-password:passwd-sha256-crypt
}
frontend app
frontend app
log global
log global
...
...
stack/erp5/buildout.hash.cfg
View file @
c80ffdef
...
@@ -70,11 +70,11 @@ md5sum = b95084ae9eed95a68eada45e28ef0c04
...
@@ -70,11 +70,11 @@ md5sum = b95084ae9eed95a68eada45e28ef0c04
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum = 5
5232eae0bcdb68a7cb2598d2ba9d60c
md5sum = 5
e0e9565227fe190c420a7bbcd0f7b93
[template-erp5]
[template-erp5]
filename = instance-erp5.cfg.in
filename = instance-erp5.cfg.in
md5sum =
359bab24aec7772adb5d822c1389b1bd
md5sum =
2b91528d3a77a64714e4295a84c1d71b
[template-zeo]
[template-zeo]
filename = instance-zeo.cfg.in
filename = instance-zeo.cfg.in
...
@@ -86,7 +86,7 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
...
@@ -86,7 +86,7 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
[template-zope]
[template-zope]
filename = instance-zope.cfg.in
filename = instance-zope.cfg.in
md5sum =
2439b90d6f707f47050fc9074fa4d810
md5sum =
41709f47e5a9051ca4a9c943859f589b
[template-balancer]
[template-balancer]
filename = instance-balancer.cfg.in
filename = instance-balancer.cfg.in
...
...
stack/erp5/instance-erp5.cfg.in
View file @
c80ffdef
...
@@ -254,7 +254,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
...
@@ -254,7 +254,7 @@ config-id-store-interval = {{ dumps(slapparameter_dict.get('id-store-interval'))
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-error-threshold = {{ dumps(monitor_dict.get('zope-longrequest-logger-error-threshold', 20)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-zope-longrequest-logger-maximum-delay = {{ dumps(monitor_dict.get('zope-longrequest-logger-maximum-delay', 0)) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-login = {{ dumps(inituser_login) }}
config-inituser-password
= ${publish-early:inituser-passwor
d}
config-inituser-password
-hashed = ${publish-early:inituser-password-hashe
d}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-kumofs-url = ${request-memcached-persistent:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-memcached-url = ${request-memcached-volatile:connection-url}
config-monitor-passwd = ${monitor-htpasswd:passwd}
config-monitor-passwd = ${monitor-htpasswd:passwd}
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ next(iter(zope_address_list_id_dict)) ~ ':connection-host
...
@@ -515,6 +515,7 @@ hosts-dict = {{ '${' ~ next(iter(zope_address_list_id_dict)) ~ ':connection-host
recipe = slapos.cookbook:publish-early
recipe = slapos.cookbook:publish-early
-init =
-init =
inituser-password gen-password:passwd
inituser-password gen-password:passwd
inituser-password-hashed gen-password:passwd-ldap-salted-sha1
deadlock-debugger-password gen-deadlock-debugger-password:passwd
deadlock-debugger-password gen-deadlock-debugger-password:passwd
{%- if has_posftix %}
{%- if has_posftix %}
smtpd-sasl-password gen-smtpd-sasl-password:passwd
smtpd-sasl-password gen-smtpd-sasl-password:passwd
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
...
@@ -532,10 +533,6 @@ recipe = slapos.cookbook:publish-early
neo-cluster = {{ dumps(neo[0]) }}
neo-cluster = {{ dumps(neo[0]) }}
{%- endif %}
{%- endif %}
{%- endif %}
{%- endif %}
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
inituser-password = {{ dumps(inituser_password) }}
{%- endif %}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- set deadlock_debugger_password = slapparameter_dict.get('deadlock-debugger-password') -%}
{%- if deadlock_debugger_password %}
{%- if deadlock_debugger_password %}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
deadlock-debugger-password = {{ dumps(deadlock_debugger_password) }}
...
@@ -552,6 +549,10 @@ recipe =
...
@@ -552,6 +549,10 @@ recipe =
[gen-password]
[gen-password]
recipe = slapos.cookbook:generate.password
recipe = slapos.cookbook:generate.password
storage-path =
storage-path =
{%- set inituser_password = slapparameter_dict.get('inituser-password') %}
{%- if inituser_password %}
passwd = {{ dumps(inituser_password) }}
{%- endif %}
[gen-deadlock-debugger-password]
[gen-deadlock-debugger-password]
<= gen-password
<= gen-password
...
...
stack/erp5/instance-zope.cfg.in
View file @
c80ffdef
...
@@ -252,7 +252,7 @@ file-list = {{ parameter_dict['site-zcml'] }}
...
@@ -252,7 +252,7 @@ file-list = {{ parameter_dict['site-zcml'] }}
[{{ section('zope-inituser') }}]
[{{ section('zope-inituser') }}]
< = jinja2-template-base
< = jinja2-template-base
output = ${directory:instance}/inituser
output = ${directory:instance}/inituser
inline = {{ slapparameter_dict['inituser-login'] }}:{
SHA}{{ base64.b64encode(hashlib.sha1(slapparameter_dict['inituser-password'].encode('utf-8')).digest())
}}
inline = {{ slapparameter_dict['inituser-login'] }}:{
{ slapparameter_dict['inituser-password-hashed']
}}
once = ${:output}_done
once = ${:output}_done
[zope-conf-parameter-base]
[zope-conf-parameter-base]
...
...
stack/erp5/instance.cfg.in
View file @
c80ffdef
...
@@ -143,9 +143,7 @@ extra-context =
...
@@ -143,9 +143,7 @@ extra-context =
key buildout_directory buildout:directory
key buildout_directory buildout:directory
key root_common context:root-common
key root_common context:root-common
section parameter_dict dynamic-template-zope-parameters
section parameter_dict dynamic-template-zope-parameters
import base64 base64
import urllib_parse six.moves.urllib.parse
import urllib_parse six.moves.urllib.parse
import hashlib hashlib
import itertools itertools
import itertools itertools
import json json
import json json
import-list =
import-list =
...
...
stack/monitor/buildout.hash.cfg
View file @
c80ffdef
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[monitor2-template]
[monitor2-template]
filename = instance-monitor.cfg.jinja2.in
filename = instance-monitor.cfg.jinja2.in
md5sum =
3850140a4e61349cc64fa924ce410803
md5sum =
24c7f5527d994e231b4c2bf9fecb68a6
[monitor-httpd-conf]
[monitor-httpd-conf]
_update_hash_filename_ = templates/monitor-httpd.conf.in
_update_hash_filename_ = templates/monitor-httpd.conf.in
...
...
stack/monitor/instance-monitor.cfg.jinja2.in
View file @
c80ffdef
...
@@ -112,7 +112,6 @@ parameter-list =
...
@@ -112,7 +112,6 @@ parameter-list =
htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
${monitor-instance-parameter:instance-configuration}
${monitor-instance-parameter:instance-configuration}
# htpasswd entry: htpasswd key password-file username htpasswd-file
promise-output-file = ${directory:monitor}/monitor-bootstrap-status
promise-output-file = ${directory:monitor}/monitor-bootstrap-status
...
@@ -157,14 +156,11 @@ storage-path = ${directory:etc}/.monitor_pwd
...
@@ -157,14 +156,11 @@ storage-path = ${directory:etc}/.monitor_pwd
[httpd-monitor-htpasswd]
[httpd-monitor-htpasswd]
recipe = plone.recipe.command
recipe = plone.recipe.command
stop-on-error = true
stop-on-error = true
password-file = ${
directory:etc}/.monitor_pw
d
password-file = ${
monitor-directory:etc}/.monitor-passwor
d
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
command =
command =
echo "${monitor-instance-parameter:password}" >${:password-file}
echo "${monitor-instance-parameter:password}" >${:password-file}
[ -s "${:htpasswd-path}" ] ||
{{ apache_location }}/bin/htpasswd -cib ${:htpasswd-path} "${monitor-instance-parameter:username}" "${monitor-instance-parameter:password}"
{{ apache_location }}/bin/htpasswd -ci ${:htpasswd-path} "${monitor-instance-parameter:username}" <${:password-file}
update-command =
[ -s "${:password-file}" ] || ${:command}
[monitor-symlink]
[monitor-symlink]
recipe = cns.recipe.symlink
recipe = cns.recipe.symlink
...
@@ -343,8 +339,6 @@ collector-db = /srv/slapgrid/var/data-log/collector.db
...
@@ -343,8 +339,6 @@ collector-db = /srv/slapgrid/var/data-log/collector.db
# Credentials
# Credentials
password = ${monitor-htpasswd:passwd}
password = ${monitor-htpasswd:passwd}
username = admin
username = admin
# XXX: type key value
# ex raw monitor-password resqdsdsd34
instance-configuration =
instance-configuration =
configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
...
...
stack/slapos.cfg
View file @
c80ffdef
...
@@ -20,6 +20,7 @@ allow-picked-versions = false
...
@@ -20,6 +20,7 @@ allow-picked-versions = false
# Use shacache and lxml
# Use shacache and lxml
extends =
extends =
../component/defaults.cfg
../component/defaults.cfg
../component/bcrypt/buildout.cfg
../component/git/buildout.cfg
../component/git/buildout.cfg
../component/lxml-python/buildout.cfg
../component/lxml-python/buildout.cfg
../component/python-backports-lzma/buildout.cfg
../component/python-backports-lzma/buildout.cfg
...
@@ -102,6 +103,7 @@ eggs =
...
@@ -102,6 +103,7 @@ eggs =
${python-PyYAML:egg}
${python-PyYAML:egg}
${python-cryptography:egg}
${python-cryptography:egg}
${pyrsistent:egg}
${pyrsistent:egg}
${bcrypt:egg}
# slapos.toolbox containing utilities
# slapos.toolbox containing utilities
[slapos-toolbox]
[slapos-toolbox]
...
@@ -302,7 +304,7 @@ sgmllib3k = 1.0.0
...
@@ -302,7 +304,7 @@ sgmllib3k = 1.0.0
simplegeneric = 0.8.1
simplegeneric = 0.8.1
singledispatch = 3.4.0.3
singledispatch = 3.4.0.3
six = 1.16.0
six = 1.16.0
slapos.cookbook = 1.0.3
29
slapos.cookbook = 1.0.3
51
slapos.core = 1.11.0
slapos.core = 1.11.0
slapos.extension.shared = 1.0
slapos.extension.shared = 1.0
slapos.libnetworkcache = 0.25
slapos.libnetworkcache = 0.25
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment