Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Xavier Thompson
slapos
Commits
c147f794
Commit
c147f794
authored
Nov 08, 2021
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/metabase: generate proper passwords
parent
46c9fd3e
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
50 additions
and
13 deletions
+50
-13
software/metabase/README.md
software/metabase/README.md
+2
-2
software/metabase/buildout.hash.cfg
software/metabase/buildout.hash.cfg
+1
-1
software/metabase/instance.cfg.in
software/metabase/instance.cfg.in
+47
-10
No files found.
software/metabase/README.md
View file @
c147f794
# Metabae
# Metaba
s
e
https://www.metabase.com/
https://www.metabase.com/
## TODO:
## TODO:
*
export backups for resilience
*
export backups for resilience
*
security (
proper passwords,
verifiable certificate, study metabase encryption option)
*
security (verifiable certificate, study metabase encryption option)
software/metabase/buildout.hash.cfg
View file @
c147f794
[instance-profile]
[instance-profile]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
d611a567cdd2bb919b0263a44b8bb754
md5sum =
10bfacf784241b080d3e8b22cf2b5359
software/metabase/instance.cfg.in
View file @
c147f794
...
@@ -49,19 +49,56 @@ promise = check_url_available
...
@@ -49,19 +49,56 @@ promise = check_url_available
name = $${:_buildout_section_name_}.py
name = $${:_buildout_section_name_}.py
config-url= $${metabase-instance:url}/api/session/properties
config-url= $${metabase-instance:url}/api/session/properties
[metabase-keystore-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[metabase-keystore]
[metabase-keystore]
recipe = plone.recipe.command
recipe = plone.recipe.command
stop-on-error = true
command =
command =
${java:location}/bin/keytool \
if [ -f $${:file} ]
-genkeypair \
then
-alias "metabase" \
# XXX password used to be "insecure", but we changed to proper password.
-keyalg RSA \
# We try to list the store with the new password and if it fail we change
-keypass "$${:password}" \
# the keystore password.
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
if ! ${java:location}/bin/keytool \
-keystore "$${:file}" \
-list \
-storepass "$${:password}"
-keystore "$${:file}" \
-storepass "$${:password}"
then
echo "Migrating keystore password" && \
${java:location}/bin/keytool \
-storepasswd \
-keystore "$${:file}" \
-storepass insecure \
-new "$${:password}" && \
echo "Migrating certificate key password" && \
${java:location}/bin/keytool \
-keypasswd \
-alias "$${:alias}" \
-keypass insecure \
-new "$${:password}" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
else
${java:location}/bin/keytool \
-genkeypair \
-alias "$${:alias}" \
-keyalg RSA \
-keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
file = $${directory:etc}/.metabase_keystore
file = $${directory:etc}/.metabase_keystore
password = insecure
password = $${metabase-keystore-password:passwd}
alias = metabase
[postgresql-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[postgresql]
[postgresql]
recipe = slapos.cookbook:postgres
recipe = slapos.cookbook:postgres
...
@@ -69,7 +106,7 @@ bin = ${postgresql10:location}/bin/
...
@@ -69,7 +106,7 @@ bin = ${postgresql10:location}/bin/
services = $${directory:service}
services = $${directory:service}
dbname = metabase_db
dbname = metabase_db
superuser = metabase-psql
superuser = metabase-psql
password =
insecure
password =
$${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql
pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random}
ipv4 = $${instance-parameter:ipv4-random}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment