added some docs; fixed pw encryption

7342c6b3 · Marco Mariani · 3195461b · 7342c6b3 · 7342c6b3 · 7342c6b3
Commit 7342c6b3 authored Sep 26, 2012 by Marco Mariani
Showing with 58 additions and 8 deletions

slapos/recipe/maarch/configuration.py slapos/recipe/maarch/configuration.py +17 -0

slapos/recipe/postgres/__init__.py slapos/recipe/postgres/__init__.py +25 -8

stack/lapp/README.txt stack/lapp/README.txt +16 -0

No files found.
--- a/slapos/recipe/maarch/configuration.py
+++ b/slapos/recipe/maarch/configuration.py
@@ -33,6 +33,13 @@ import os

 import lxml

+
+# TODO: remove the hack below, used to reach psycopg2
+# XXX: When run inside webrunner, Postgres refuses connection.
+# TODO: make the recipe work inside webrunner
+
+
+
 def temporary_hack():
    # XXX TODO provide psycopg to sys.path by other means
    import sys
@@ -53,6 +60,16 @@ def xpath_set(xml, settings):


 class Recipe(GenericBaseRecipe):
+    """\
+    This recipe configures a maarch instance to be ready to run,
+    without going through the initial wizard:
+
+     - creation of two xml files from the provided defaults
+     - php.ini as required by Maarch
+     - database setup.
+
+     The superuser password will be the same as the Postgres one.
+    """

    def install(self):
        apps_config_xml = self.create_apps_config_xml()

--- a/slapos/recipe/postgres/__init__.py
+++ b/slapos/recipe/postgres/__init__.py
@@ -34,7 +34,22 @@ from zc.buildout import UserError
 from slapos.recipe.librecipe import GenericBaseRecipe


+# TODO: read ipv6 host without calling loads() in createConfig()
+
+
 class Recipe(GenericBaseRecipe):
+    """\
+    This recipe creates:
+
+        - a Postgres cluster
+        - configuration to allow connections from IPV6 only (or unix socket)
+        - a superuser with provided name and generated password
+        - a database with provided name
+        - a foreground start script in the services directory
+
+    then adds the connection URL to the options.
+    The URL can be used as-is (ie. in sqlalchemy) or by the _urlparse.py recipe.
+    """

    def _options(self, options):
        options['password'] = self.generatePassword()
@@ -52,7 +67,7 @@ class Recipe(GenericBaseRecipe):
            self.createRunScript()

        return [
-                # XXX what to return here?
+                # XXX should we really return something here?
                # os.path.join(pgdata, 'postgresql.conf')
                ]

@@ -74,9 +89,10 @@ class Recipe(GenericBaseRecipe):

    def createConfig(self):
        from zc.buildout import buildout
-        pgdata = self.options['pgdata-directory']
        host = buildout.loads(self.options['ipv6_host']).pop()      # XXX ugly hack

+        pgdata = self.options['pgdata-directory']
+
        with open(os.path.join(pgdata, 'postgresql.conf'), 'wb') as cfg:
            cfg.write(textwrap.dedent("""\
                    listen_addresses = '%s'
@@ -115,14 +131,16 @@ class Recipe(GenericBaseRecipe):
        """
        Creates a Postgres superuser - other than "slapuser#" for use by the application.
        """
-        user = self.options['user']
-        password = 'insecure'

-        # XXX should send it encrypted, didn't work
        # http://postgresql.1045698.n5.nabble.com/Algorithm-for-generating-md5-encrypted-password-not-found-in-documentation-td4919082.html
-        # enc_password = 'md5' + md5.md5(password+user).hexdigest()

-        self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, password))
+        user = self.options['user']
+        password = self.options['password']
+
+        # encrypt the password to avoid storing in the logs
+        enc_password = 'md5' + md5.md5(password+user).hexdigest()
+
+        self.runPostgresCommand(cmd="""CREATE USER "%s" ENCRYPTED PASSWORD '%s' SUPERUSER""" % (user, enc_password))


    def runPostgresCommand(self, cmd):
@@ -141,7 +159,6 @@ class Recipe(GenericBaseRecipe):
            p = subprocess.Popen([postgres_binary,
                                  '--single',
                                  '-D', pgdata,
-                                  '-d', '1',        # debug level, do not output commands
                                  'postgres',
                                  ], stdin=subprocess.PIPE)


--- a/stack/lapp/README.txt
+++ b/stack/lapp/README.txt
+
+LAPP stack
+==========
+
+This fork of the LAMP stack provides:
+
+ - a Postgres instance, with an empty database and a 'postgres' superuser.
+   Log rotation is handled by Postgres itself.
+
+ - symlinks to all the postgres binaries, usable through unix socket
+   with no further authentication, or through ipv6
+
+ - a psycopg2 (postgres driver) egg
+
+ - configuration for a maarch instance (this part should be brought outside the stack)
+