Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos-mynij-dev
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Mynij
slapos-mynij-dev
Commits
54283870
Commit
54283870
authored
Feb 05, 2014
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
erp5.mariadb: Provide a way to enable SSL support.
parent
8cffc02a
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
68 additions
and
3 deletions
+68
-3
software/erp5/instance-mariadb-input-schema.json
software/erp5/instance-mariadb-input-schema.json
+19
-0
stack/erp5/buildout.cfg
stack/erp5/buildout.cfg
+2
-2
stack/erp5/instance-mariadb.cfg.in
stack/erp5/instance-mariadb.cfg.in
+39
-1
stack/erp5/my.cnf.in
stack/erp5/my.cnf.in
+8
-0
No files found.
software/erp5/instance-mariadb-input-schema.json
View file @
54283870
...
...
@@ -90,6 +90,25 @@
"description"
:
"When enabled, sets innodb_flush_log_at_trx_commit = 0, innodb_flush_method = nosync, innodb_doublewrite = 0 and sync_frm = 0 - RTFM, those options are dangerous"
,
"default"
:
false
,
"type"
:
"boolean"
},
"ssl"
:
{
"description"
:
"Enable and define SSL support for network connections"
,
"default"
:
{},
"properties"
:
{
"ca-crt"
:
{
"description"
:
"Certificate Authority's certificate, in PEM format"
,
"type"
:
"string"
,
},
"crt"
:
{
"description"
:
"Server's certificate, in PEM format (mandatory to enable SSL support)"
,
"type"
:
"string"
},
"key"
:
{
"description"
:
"Server's key, in PEM format (mandatory to enable SSL support)"
,
"type"
:
"string"
}
},
"type"
:
"object"
}
}
}
stack/erp5/buildout.cfg
View file @
54283870
...
...
@@ -174,7 +174,7 @@ context =
[template-mariadb]
< = download-base
filename = instance-mariadb.cfg.in
md5sum =
d51a5ad6cfa76b7bc20519694e88df80
md5sum =
31e49ad3abb6926f21f29c53cda49ebb
link-binary =
${coreutils:location}/bin/basename
${coreutils:location}/bin/cat
...
...
@@ -205,7 +205,7 @@ md5sum = b54344ee94519f7e95e270664ba3dc99
[template-my-cnf]
< = download-base
filename = my.cnf.in
md5sum =
774b0e5d167b75a0ad8ead45fa2eadf6
md5sum =
21d1e74c964a4882f33c360e9c8a3d44
[template-mariadb-initial-setup]
< = download-base
...
...
stack/erp5/instance-mariadb.cfg.in
View file @
54283870
...
...
@@ -29,6 +29,40 @@ recipe = slapos.cookbook:publish.serialised
database-list = {{ render_database_list(database_list) }}
test-database-list = {{ render_database_list(test_database_list) }}
[simplefile]
recipe = slapos.recipe.template:jinja2
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section(section_name) }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{content_section_name}}:content
mode = {{ mode }}
{%- endmacro %}
{% set ssl_dict = {} -%}
{% macro sslfile(key, content, mode='644') -%}
{% set path = '${directory:mariadb-ssl}/' ~ key ~ '.pem' -%}
{% do ssl_dict.__setitem__(key, path) -%}
{{ simplefile('ssl-file-' ~ key, path, content, mode) }}
{%- endmacro %}
{% set ssl_parameter_dict = slapparameter_dict.get('ssl') -%}
{% if ssl_parameter_dict -%}
{% set base_directory = '${directory:mariadb-ssl}/' -%}
{# Note: The key content will be stored in .installed.cfg, and this template's
rendering, so the only point of mode is to avoid risking mariadb complaining
about laxist file mode. -#}
{{ sslfile('key', ssl_parameter_dict['key'], mode='600') }}
{{ sslfile('crt', ssl_parameter_dict['crt']) }}
{% if 'ca-crt' in ssl_parameter_dict -%}
{{ sslfile('ca-crt', ssl_parameter_dict['ca-crt']) }}
{% endif -%}
{%- endif %}
{% if full_backup_retention_days > -1 -%}
[{{ section('cron-entry-mariadb-backup') }}]
<= cron
...
...
@@ -75,7 +109,10 @@ binlog-path = ${directory:mariadb-backup-incremental}/binlog
binlog-expire-days = {{ incremental_backup_retention_days }}
{% else %}
binlog-path =
{% endif -%}
{%- endif %}
{%- for key, value in ssl_dict.items() -%}
ssl-{{ key }} = {{ value }}
{% endfor %}
[my-cnf]
recipe = slapos.recipe.template:jinja2
...
...
@@ -206,6 +243,7 @@ mariadb-backup-full = ${:backup}/mariadb-full
mariadb-backup-incremental = ${:backup}/mariadb-incremental
logrotate-backup = ${:backup}/logrotate
mariadb-data = ${:srv}/mariadb
mariadb-ssl = ${:etc}/mariadb-ssl
var = ${buildout:directory}/var
log = ${:var}/log
run = ${:var}/run
...
...
stack/erp5/my.cnf.in
View file @
54283870
...
...
@@ -70,6 +70,14 @@ collation_server = utf8_unicode_ci
character_set_server = utf8
skip_character_set_client_handshake
{% if 'ssl-key' in parameter_dict -%}
ssl_cert = {{ parameter_dict['ssl-crt'] }}
ssl_key = {{ parameter_dict['ssl-key'] }}
{% if 'ssl-ca-crt' in parameter_dict -%}
ssl_ca = {{ parameter_dict['ssl-ca-crt'] }}
{%- endif %}
{%- endif %}
[client]
socket = {{ socket }}
user = root
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment