Commit ecf8d12f authored by Marco Mariani's avatar Marco Mariani

random pw for postgres in standalone SR and lapp stack; accept connections from the world

parent 3992d4ed
No related merge requests found
# vim: set et sts=2:
##############################################################################
#
# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
......@@ -24,12 +25,13 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import random
import os
import binascii
import os
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def __init__(self, buildout, name, options):
......@@ -44,7 +46,7 @@ class Recipe(GenericBaseRecipe):
return GenericBaseRecipe.__init__(self, buildout, name, options)
def install(self):
open_file = open(self.options['storage-path'], 'w')
open_file.write(self.options['passwd'])
open_file.close()
with open(self.options['storage-path'], 'w') as fout:
fout.write(self.options['passwd'])
return [self.options['storage-path']]
......@@ -70,7 +70,6 @@ class Recipe(GenericBaseRecipe):
"""
def _options(self, options):
options['password'] = self.generatePassword()
options['url'] = 'postgresql://%(superuser)s:%(password)s@[%(ipv6_random)s]:%(port)s/%(dbname)s' % options
......
......@@ -16,6 +16,7 @@ offline = true
recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin
etc = $${buildout:directory}/etc
srv = $${buildout:directory}/srv
services = $${directories:etc}/service
promises = $${directories:etc}/promise
var = $${buildout:directory}/var
......@@ -30,11 +31,14 @@ recipe = slapos.cookbook:postgres
# Options
ipv6 = $${instance-parameters:ipv6}
ipv6_netmask_bits = 128
# listen to connections from anywhere
ipv6_netmask_bits = 0
ipv4 = $${instance-parameters:ipv4}
ipv4_netmask_bits = 32
# listen to connections from anywhere
ipv4_netmask_bits = 0
ipv6_random = $${instance-parameters:ipv6_random}
superuser = postgres
password = $${gen-passwd:passwd}
port = 5432
dbname = db
# pgdata_directory is created by initdb, and should not exist beforehand.
......@@ -43,6 +47,16 @@ bin = ${postgresql:location}/bin
services = $${directories:services}
#----------------
#--
#-- Generates a random password and stores it in the filesystem
[gen-passwd]
recipe = slapos.cookbook:generate.password
storage-path = $${directories:srv}/postgres_passwd
bytes = 16
#----------------
#--
#-- Deploy promise scripts.
......
......@@ -17,7 +17,7 @@ parts =
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 6f0ec52fdd5f602c0f624cd0e9146e8d
md5sum = 2c54a291ed61910f69a35a6db414c051
mode = 0644
......
......@@ -87,7 +87,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/postgres/instance-postgres.cfg.in
output = ${buildout:directory}/instance-postgres.cfg
md5sum = 6e9e587ddb52fb9a3817fda7d77e4cab
md5sum = 67c7772b80f82642f0f7d12793698374
mode = 0644
[instance-postgres-import]
......
......@@ -173,9 +173,14 @@ crl = $${directory:ca-dir}/crl/
[postgres-instance]
recipe = slapos.cookbook:postgres
ipv6 = $${instance-parameters:ipv6}
# listen to connections from anywhere
ipv6_netmask_bits = 0
ipv4 = $${instance-parameters:ipv4}
# listen to connections from anywhere
ipv4_netmask_bits = 0
ipv6_random = $${instance-parameters:ipv6_random}
superuser = postgres
password = $${postgres-passwd:passwd}
port = 5432
dbname = db
# pgdata_directory is created by initdb, and should not exist beforehand.
......@@ -193,6 +198,16 @@ key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Generates a random password and stores it in the filesystem
[postgres-passwd]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:srv}/postgres_passwd
bytes = 16
#----------------
#--
#-- Deploy slapmonitor.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment