Move configuration of SQL parameters to [myrpki] section, so that

users can ignore the entire rest of the file if they so desire.

svn path=/myrpki.rototill/examples/myrpki.conf; revision=3102

2 files changed, 55 insertions, 17 deletions

diff --git a/myrpki.rototill/examples/myrpki.conf b/myrpki.rototill/examples/myrpki.conf
index a2ea7302..1bf48869 100644
--- a/myrpki.rototill/examples/myrpki.conf
+++ b/myrpki.rototill/examples/myrpki.conf
@@ -114,6 +114,34 @@ publication_rsync_module	= rpki
 
 publication_rsync_server	= ${myrpki::pubd_server_host}
 
+# SQL configuration.  You can ignore this if you're not running any of
+# the daemons yourself.
+
+# If you're comfortable with having all of the databases use the same
+# MySQL username and password, set those values here.  It's ok to
+# leave the default username alone, but you should use a locally
+# generated password either here or in the individual settings below.
+
+shared_sql_username		= rpki
+shared_sql_password		= fnord
+
+# If you want different usernames and passwords for the separate SQL
+# databases, enter those settings here; the shared_sql_* settings are
+# only referenced here, so you can remove them entirely if you're
+# setting everything in this block.
+
+rpkid_sql_database		= rpkid
+rpkid_sql_username		= ${myrpki::shared_sql_username}
+rpkid_sql_password		= ${myrpki::shared_sql_password}
+
+irdbd_sql_database		= irdbd
+irdbd_sql_username		= ${myrpki::shared_sql_username}
+irdbd_sql_password		= ${myrpki::shared_sql_password}
+
+pubd_sql_database		= pubd
+pubd_sql_username		= ${myrpki::shared_sql_username}
+pubd_sql_password		= ${myrpki::shared_sql_password}
+
 # Name of OpenSSL binary.  You might need to change this if you have
 # no system copy installed, or if the system copy doesn't support CMS.
 # The copy of openssl built by this package should suffice.
@@ -127,9 +155,9 @@ openssl				= openssl
 # MySQL database name, user name, and password for rpkid to use to
 # store its data.  You need  to configure these.
 
-sql-database			= rpki
-sql-username			= rpki
-sql-password    		= fnord
+sql-database			= ${myrpki::rpkid_sql_database}
+sql-username			= ${myrpki::rpkid_sql_username}
+sql-password    		= ${myrpki::rpkid_sql_password}
 
 # Host and port on which rpkid should listen for HTTPS service
 # requests.
@@ -160,9 +188,9 @@ irbe-cert       		= ${myrpki::bpki_servers_directory}/irbe.cer
 # MySQL database name, user name, and password for irdbd to use to
 # store its data.  You need to configure these.
 
-sql-database    		= irdb
-sql-username    		= irdb
-sql-password    		= fnord
+sql-database			= ${myrpki::irdbd_sql_database}
+sql-username			= ${myrpki::irdbd_sql_username}
+sql-password    		= ${myrpki::irdbd_sql_password}
 
 # HTTP service URL irdbd should listen on.  This should match the
 # irdb-url parameter in the [rpkid] section; see comments there.
@@ -185,9 +213,9 @@ irdbd-key       		= ${myrpki::bpki_servers_directory}/irdbd.key
 # MySQL database name, user name, and password for pubd to use to
 # store (some of) its data.  You need to configure these.
 
-sql-database            	= pubd
-sql-username            	= pubd
-sql-password            	= fnord
+sql-database			= ${myrpki::pubd_sql_database}
+sql-username			= ${myrpki::pubd_sql_username}
+sql-password    		= ${myrpki::pubd_sql_password}
 
 # Root of directory tree where pubd should write out published data.
 # You need to configure this, and the configuration should match up
diff --git a/myrpki.rototill/yamltest.py b/myrpki.rototill/yamltest.py
index 8a6890a1..344ce6dc 100644
--- a/myrpki.rototill/yamltest.py
+++ b/myrpki.rototill/yamltest.py
@@ -385,8 +385,8 @@ class allocation(object):
           ("myrpki", "openssl")   : prog_openssl }
 
     if not self.is_hosted():
-      r["irdbd", "sql-database"] = "irdb%d" % self.engine
-      r["rpkid", "sql-database"] = "rpki%d" % self.engine
+      r["myrpki", "irdbd_sql_database"] = "irdb%d" % self.engine
+      r["myrpki", "rpkid_sql_database"] = "rpki%d" % self.engine
       r["myrpki", "rpkid_server_host"] = "localhost"
       r["myrpki", "rpkid_server_port"] = str(self.rpkid_port)
       r["myrpki", "irdbd_server_host"] = "localhost"
@@ -396,7 +396,7 @@ class allocation(object):
       r["myrpki", "rootd_server_port"] = str(self.rootd_port)
 
     if self.runs_pubd():
-      r["pubd", "sql-database"] = "pubd%d" % self.engine
+      r["myrpki", "pubd_sql_database"] = "pubd%d" % self.engine
 
     s = self.find_pubd()
     r["myrpki", "pubd_server_host"] = "localhost"
@@ -404,13 +404,17 @@ class allocation(object):
     r["myrpki", "publication_rsync_server"] = "localhost:%s" % s.rsync_port
 
     if rpkid_password:
-      r["rpkid", "sql-password"] = rpkid_password
-
+      r["myrpki", "rpkid_sql_password"] = rpkid_password
+    if rpkid_username:
+      r["myrpki", "rpkid_sql_username"] = rpkid_username
     if irdbd_password:
-      r["irdbd", "sql-password"] = irdbd_password
-
+      r["myrpki", "irdbd_sql_password"] = irdbd_password
+    if irdbd_username:
+      r["myrpki", "irdbd_sql_username"] = irdbd_username
     if pubd_password:
-      r["pubd", "sql-password"]  = pubd_password
+      r["myrpki", "pubd_sql_password"]  = pubd_password
+    if pubd_username:
+      r["myrpki", "pubd_sql_username"]  = pubd_username
 
     f = open(self.path(fn), "w")
     f.write("# Automatically generated, do not edit\n")
@@ -575,9 +579,15 @@ try:
     rpkid_password = cfg.get("rpkid_db_pass")
     irdbd_password = cfg.get("irdbd_db_pass")
     pubd_password  = cfg.get("pubd_db_pass")
+    rpkid_username = cfg.get("rpkid_db_user")
+    irdbd_username = cfg.get("irdbd_db_user")
+    pubd_username  = cfg.get("pubd_db_user")
     only_one_pubd  = cfg.getboolean("only_one_pubd", True)
     prog_openssl   = cfg.get("openssl", prog_openssl)
   except:
+    rpkid_username = None
+    irdbd_username = None
+    pubd_username  = None
     rpkid_password = None
     irdbd_password = None
     pubd_password  = None