Commit 9f11c7f8 authored by Marco Mariani's avatar Marco Mariani

added some docs; fixed pw encryption

parent 4e81db01
...@@ -33,6 +33,13 @@ import os ...@@ -33,6 +33,13 @@ import os
import lxml import lxml
# TODO: remove the hack below, used to reach psycopg2
# XXX: When run inside webrunner, Postgres refuses connection.
# TODO: make the recipe work inside webrunner
def temporary_hack(): def temporary_hack():
# XXX TODO provide psycopg to sys.path by other means # XXX TODO provide psycopg to sys.path by other means
import sys import sys
...@@ -53,6 +60,16 @@ def xpath_set(xml, settings): ...@@ -53,6 +60,16 @@ def xpath_set(xml, settings):
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
"""\
This recipe configures a maarch instance to be ready to run,
without going through the initial wizard:
- creation of two xml files from the provided defaults
- php.ini as required by Maarch
- database setup.
The superuser password will be the same as the Postgres one.
"""
def install(self): def install(self):
apps_config_xml = self.create_apps_config_xml() apps_config_xml = self.create_apps_config_xml()
......
...@@ -34,7 +34,22 @@ from zc.buildout import UserError ...@@ -34,7 +34,22 @@ from zc.buildout import UserError
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
# TODO: read ipv6 host without calling loads() in createConfig()
class Recipe(GenericBaseRecipe): class Recipe(GenericBaseRecipe):
"""\
This recipe creates:
- a Postgres cluster
- configuration to allow connections from IPV6 only (or unix socket)
- a superuser with provided name and generated password
- a database with provided name
- a foreground start script in the services directory
then adds the connection URL to the options.
The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe.
"""
def _options(self, options): def _options(self, options):
options['password'] = self.generatePassword() options['password'] = self.generatePassword()
...@@ -52,7 +67,7 @@ class Recipe(GenericBaseRecipe): ...@@ -52,7 +67,7 @@ class Recipe(GenericBaseRecipe):
self.createRunScript() self.createRunScript()
return [ return [
# XXX what to return here? # XXX should we really return something here?
# os.path.join(pgdata, 'postgresql.conf') # os.path.join(pgdata, 'postgresql.conf')
] ]
...@@ -74,9 +89,10 @@ class Recipe(GenericBaseRecipe): ...@@ -74,9 +89,10 @@ class Recipe(GenericBaseRecipe):
def createConfig(self): def createConfig(self):
from zc.buildout import buildout from zc.buildout import buildout
pgdata = self.options['pgdata-directory']
host = buildout.loads(self.options['ipv6_host']).pop() # XXX ugly hack host = buildout.loads(self.options['ipv6_host']).pop() # XXX ugly hack
pgdata = self.options['pgdata-directory']
with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg: with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
cfg.write(textwrap.dedent("""\ cfg.write(textwrap.dedent("""\
listen_addresses = '%s' listen_addresses = '%s'
...@@ -115,14 +131,16 @@ class Recipe(GenericBaseRecipe): ...@@ -115,14 +131,16 @@ class Recipe(GenericBaseRecipe):
""" """
Creates a Postgres superuser - other than "slapuser#" for use by the application. Creates a Postgres superuser - other than "slapuser#" for use by the application.
""" """
user = self.options['user']
password = 'insecure'
# XXX should send it encrypted, didn't work
# http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
# enc_password = 'md5' + md5.md5(password+user).hexdigest()
self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password)) user = self.options['user']
password = self.options['password']
# encrypt the password to avoid storing in the logs
enc_password = 'md5' + md5.md5(password+user).hexdigest()
self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password))
def runPostgresCommand(self, cmd): def runPostgresCommand(self, cmd):
...@@ -141,7 +159,6 @@ class Recipe(GenericBaseRecipe): ...@@ -141,7 +159,6 @@ class Recipe(GenericBaseRecipe):
p = subprocess.Popen([postgres_binary, p = subprocess.Popen([postgres_binary,
'--single', '--single',
'-D', pgdata, '-D', pgdata,
'-d', '1', # debug level, do not output commands
'postgres', 'postgres',
], stdin=subprocess.PIPE) ], stdin=subprocess.PIPE)
......
LAPP stack
==========
This fork of the LAMP stack provides:
- a Postgres instance, with an empty database and a 'postgres' superuser.
Log rotation is handled by Postgres itself.
- symlinks to all the postgres binaries, usable through unix socket
with no further authentication, or through ipv6
- a psycopg2 (postgres driver) egg
- configuration for a maarch instance (this part should be brought outside the stack)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment