Skip to content
This repository has been archived by the owner on Sep 29, 2023. It is now read-only.

Commit

Permalink
Merge pull request #103 from caktus/develop
Browse files Browse the repository at this point in the history
Release Merge
  • Loading branch information
JeremyGibson authored Aug 30, 2022
2 parents 8877225 + e8232a9 commit 9e7019b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
2 changes: 1 addition & 1 deletion fabulaws/__init__.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "1.0.9"
__version__ = "1.0.10"
18 changes: 14 additions & 4 deletions fabulaws/ubuntu/packages/postgres.py
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,9 @@ def __init__(self, *args, **kwargs):
# Override individual default settings with whatever settings the project has specified.
self.postgresql_settings = self.postgresql_settings.copy()
self.postgresql_settings.update(db_settings.pop("postgresql_settings", {}))

self.pg_pw_encryption = self.postgresql_settings.get(
"password_encryption", default="md5"
)
if db_settings:
# There were keys we did not recognize; complain rather than let the
# user think we're applying setttings that we're not.
Expand Down Expand Up @@ -211,14 +213,19 @@ def pg_set_sysctl_params(self, restart=True):
if restart:
self.pg_cmd("restart")

@uses_fabric
def pg_replace_pw_encryption(self, before="scram-sha-256", after="md5"):
files.sed(self.pg_hba, before=before, after=after, flags="i", use_sudo=True)

@uses_fabric
def pg_allow_from(self, ip_ranges, restart=True):
"""Allow external connections from the given IP range."""

self.pg_set_str("listen_addresses", "*")
files.uncomment(self.pg_hba, "local +replication", use_sudo=True)
for ip_range in ip_ranges:
hostssl_line = "hostssl all all %s md5" % ip_range
hostssl_line = (
f"hostssl all all {ip_range} {self.pg_pw_encryption}"
)
files.append(self.pg_hba, hostssl_line, use_sudo=True)
if restart:
self.pg_cmd("restart")
Expand All @@ -239,7 +246,9 @@ def pg_allow_replication(self, user, password, ip_ranges, restart=True):
self.create_db_user(user, password, replication=True)
files.uncomment(self.pg_hba, "local +replication", use_sudo=True)
for ip_range in ip_ranges:
hostssl_line = "hostssl replication all %s md5" % ip_range
hostssl_line = (
f"hostssl replication all {ip_range} {self.pg_pw_encryption}"
)
files.append(self.pg_hba, hostssl_line, use_sudo=True)
if restart:
sudo("service postgresql restart")
Expand Down Expand Up @@ -302,6 +311,7 @@ def setup(self):
if self.postgresql_tune:
self.pg_tune_config(restart=False)
self.pg_set_sysctl_params(restart=False)
self.pg_replace_pw_encryption()
self.pg_allow_from(self.postgresql_networks, restart=False)
self.pg_update_settings(self.postgresql_settings, restart=False)
self.pg_cmd("restart")
Expand Down

0 comments on commit 9e7019b

Please sign in to comment.