From 7342c6b3288b087db88dd114c092b8f583fa5945 Mon Sep 17 00:00:00 2001 From: Marco Mariani <marco.mariani@nexedi.com> Date: Wed, 26 Sep 2012 16:04:34 +0200 Subject: [PATCH] added some docs; fixed pw encryption --- slapos/recipe/maarch/configuration.py | 17 ++++++++++++++ slapos/recipe/postgres/__init__.py | 33 ++++++++++++++++++++------- stack/lapp/README.txt | 16 +++++++++++++ 3 files changed, 58 insertions(+), 8 deletions(-) create mode 100644 stack/lapp/README.txt diff --git a/slapos/recipe/maarch/configuration.py b/slapos/recipe/maarch/configuration.py index 6d7cfe06b..c202f2c64 100644 --- a/slapos/recipe/maarch/configuration.py +++ b/slapos/recipe/maarch/configuration.py @@ -33,6 +33,13 @@ import os import lxml + +# TODO: remove the hack below, used to reach psycopg2 +# XXX: When run inside webrunner, Postgres refuses connection. +# TODO: make the recipe work inside webrunner + + + def temporary_hack(): # XXX TODO provide psycopg to sys.path by other means import sys @@ -53,6 +60,16 @@ def xpath_set(xml, settings): class Recipe(GenericBaseRecipe): + """\ + This recipe configures a maarch instance to be ready to run, + without going through the initial wizard: + + - creation of two xml files from the provided defaults + - php.ini as required by Maarch + - database setup. + + The superuser password will be the same as the Postgres one. + """ def install(self): apps_config_xml = self.create_apps_config_xml() diff --git a/slapos/recipe/postgres/__init__.py b/slapos/recipe/postgres/__init__.py index 85e2f522a..df9d53806 100644 --- a/slapos/recipe/postgres/__init__.py +++ b/slapos/recipe/postgres/__init__.py @@ -34,7 +34,22 @@ from zc.buildout import UserError from slapos.recipe.librecipe import GenericBaseRecipe +# TODO: read ipv6 host without calling loads() in createConfig() + + class Recipe(GenericBaseRecipe): + """\ + This recipe creates: + + - a Postgres cluster + - configuration to allow connections from IPV6 only (or unix socket) + - a superuser with provided name and generated password + - a database with provided name + - a foreground start script in the services directory + + then adds the connection URL to the options. + The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe. + """ def _options(self, options): options['password'] = self.generatePassword() @@ -52,7 +67,7 @@ class Recipe(GenericBaseRecipe): self.createRunScript() return [ - # XXX what to return here? + # XXX should we really return something here? # os.path.join(pgdata, 'postgresql.conf') ] @@ -74,9 +89,10 @@ class Recipe(GenericBaseRecipe): def createConfig(self): from zc.buildout import buildout - pgdata = self.options['pgdata-directory'] host = buildout.loads(self.options['ipv6_host']).pop() # XXX ugly hack + pgdata = self.options['pgdata-directory'] + with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg: cfg.write(textwrap.dedent("""\ listen_addresses = '%s' @@ -115,14 +131,16 @@ class Recipe(GenericBaseRecipe): """ Creates a Postgres superuser - other than "slapuser#" for use by the application. """ - user = self.options['user'] - password = 'insecure' - # XXX should send it encrypted, didn't work # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html - # enc_password = 'md5' + md5.md5(password+user).hexdigest() - self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password)) + user = self.options['user'] + password = self.options['password'] + + # encrypt the password to avoid storing in the logs + enc_password = 'md5' + md5.md5(password+user).hexdigest() + + self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password)) def runPostgresCommand(self, cmd): @@ -141,7 +159,6 @@ class Recipe(GenericBaseRecipe): p = subprocess.Popen([postgres_binary, '--single', '-D', pgdata, - '-d', '1', # debug level, do not output commands 'postgres', ], stdin=subprocess.PIPE) diff --git a/stack/lapp/README.txt b/stack/lapp/README.txt new file mode 100644 index 000000000..043bac8c6 --- /dev/null +++ b/stack/lapp/README.txt @@ -0,0 +1,16 @@ + +LAPP stack +========== + +This fork of the LAMP stack provides: + + - a Postgres instance, with an empty database and a 'postgres' superuser. + Log rotation is handled by Postgres itself. + + - symlinks to all the postgres binaries, usable through unix socket + with no further authentication, or through ipv6 + + - a psycopg2 (postgres driver) egg + + - configuration for a maarch instance (this part should be brought outside the stack) + -- 2.30.9