mirror
/
docker-osm
kopia lustrzana https://github.com/kartoza/docker-osm
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Fix SSL authentification when PostgreSQL requires ssl connections for clients

pull/114/head
admire 2021-05-29 14:40:34 +02:00
rodzic 770f7bedba
commit 9961432fc5
4 zmienionych plików z 107 dodań i 26 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

9
.env
Wyświetl plik

@ -51,3 +51,12 @@ COMPRESSION_LEVEL=1
BASE_URL=http://planet.openstreetmap.org/replication/ BASE_URL=http://planet.openstreetmap.org/replication/
PGADMIN_DEFAULT_EMAIL=docker@gmail.com PGADMIN_DEFAULT_EMAIL=docker@gmail.com
PGADMIN_DEFAULT_PASSWORD=docker PGADMIN_DEFAULT_PASSWORD=docker
# https://github.com/kartoza/docker-postgis#postgres-ssl-setup
FORCE_SSL=false
# Force client connection to require ssl mode in connecting
SSL_MODE=disable
# Activate these in the osmenrich and imposm if the SSL_MODE is set to verify-full or verify-ca
#SSL_CERT=/etc/certs/cert.pem
#SSL_ROOT_CERT=/etc/certs/root.crt
#SSL_KEY=/etc/certs/key.pem

3
docker-compose.yml
Wyświetl plik

@ -17,6 +17,7 @@ services:
- POSTGRES_PASS=${POSTGRES_PASS} - POSTGRES_PASS=${POSTGRES_PASS}
- POSTGRES_DBNAME=${POSTGRES_DBNAME} - POSTGRES_DBNAME=${POSTGRES_DBNAME}
- ALLOW_IP_RANGE=${ALLOW_IP_RANGE} - ALLOW_IP_RANGE=${ALLOW_IP_RANGE}
- FORCE_SSL=${FORCE_SSL}
volumes: volumes:
- osm-postgis-data:/var/lib/postgresql - osm-postgis-data:/var/lib/postgresql
ports: ports:
@ -55,6 +56,7 @@ services:
- DBSCHEMA_BACKUP=${DBSCHEMA_BACKUP} - DBSCHEMA_BACKUP=${DBSCHEMA_BACKUP}
- QGIS_STYLE=${QGIS_STYLE} - QGIS_STYLE=${QGIS_STYLE}
- CLIP=${CLIP} - CLIP=${CLIP}
- SSL_MODE=${SSL_MODE}
command: bash -c "while [ ! -f /home/settings/country.pbf ] ; do sleep 1; done && python3 -u /home/importer.py" command: bash -c "while [ ! -f /home/settings/country.pbf ] ; do sleep 1; done && python3 -u /home/importer.py"
osmupdate: osmupdate:
@ -104,3 +106,4 @@ services:
- IMPORT_DONE=${IMPORT_DONE} - IMPORT_DONE=${IMPORT_DONE}
- TIME=${TIME} - TIME=${TIME}
- DBSCHEMA_PRODUCTION=${DBSCHEMA_PRODUCTION} - DBSCHEMA_PRODUCTION=${DBSCHEMA_PRODUCTION}
- SSL_MODE=${SSL_MODE}

87
docker-imposm3/importer.py
Wyświetl plik

@ -18,10 +18,9 @@
* * * *
***************************************************************************/ ***************************************************************************/
""" """
import sys
from os import environ, listdir from os import environ, listdir
from os.path import join, exists, abspath, isabs from os.path import join, exists, abspath, isabs
from pathlib import Path
from shutil import move from shutil import move
from subprocess import call from subprocess import call
from sys import exit, stderr from sys import exit, stderr
@ -51,7 +50,11 @@ class Importer(object):
'DBSCHEMA_IMPORT': 'import', 'DBSCHEMA_IMPORT': 'import',
'DBSCHEMA_BACKUP': 'backup', 'DBSCHEMA_BACKUP': 'backup',
'CLIP': 'no', 'CLIP': 'no',
'QGIS_STYLE': 'yes' 'QGIS_STYLE': 'yes',
'SSL_MODE': 'disable',
'SSL_CERT': None,
'SSL_ROOT_CERT': None,
'SSL_KEY': None
} }
self.osm_file = None self.osm_file = None
self.mapping_file = None self.mapping_file = None
@ -191,24 +194,70 @@ class Importer(object):
def check_postgis(self): def check_postgis(self):
"""Test connection to PostGIS and create the URI.""" """Test connection to PostGIS and create the URI."""
if self.default['SSL_MODE'] == 'verify-ca' or self.default['SSL_MODE'] == 'verify-full':
if self.default['SSL_CERT'] is None and self.default['SSL_KEY'] is None and self.default['SSL_ROOT_CERT'] \
is None:
sys.exit()
else:
conn_parameters = "dbname='%s' user='%s' host='%s' port='%s' password='%s'" \
" sslmode='%s' sslcert='%s' sslkey='%s' sslrootcert='%s' " % (
self.default['POSTGRES_DBNAME'],
self.default['POSTGRES_USER'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_PASS'],
self.default['SSL_MODE'],
self.default['SSL_CERT'],
self.default['SSL_KEY'],
self.default['SSL_ROOT_CERT'])
else:
conn_parameters = "dbname='%s' user='%s' host='%s' port='%s' password='%s' sslmode='%s' " % (
self.default['POSTGRES_DBNAME'],
self.default['POSTGRES_USER'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_PASS'],
self.default['SSL_MODE'])
try: try:
connection = connect( connection = connect(conn_parameters)
"dbname='%s' user='%s' host='%s' port='%s' password='%s'" % (
self.default['POSTGRES_DBNAME'],
self.default['POSTGRES_USER'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_PASS']))
self.cursor = connection.cursor() self.cursor = connection.cursor()
except OperationalError as e: except OperationalError as e:
self.error(e) self.error(e)
self.postgis_uri = 'postgis://%s:%s@%s:%s/%s' % ( if self.default['SSL_MODE'] == 'verify-ca' or self.default['SSL_MODE'] == 'verify-full':
self.default['POSTGRES_USER'], if self.default['SSL_CERT'] is None and self.default['SSL_KEY'] is None and self.default['SSL_ROOT_CERT'] \
self.default['POSTGRES_PASS'], is None:
self.default['POSTGRES_HOST'], sys.exit()
self.default['POSTGRES_PORT'], else:
self.default['POSTGRES_DBNAME']) self.postgis_uri = \
'postgis://%s:%s@%s:%s/%s?sslmode=%s&sslcert=%s&sslkey=%s&sslrootcert=%s' % (
self.default['POSTGRES_USER'],
self.default['POSTGRES_PASS'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_DBNAME'],
self.default['SSL_MODE'],
self.default['SSL_CERT'],
self.default['SSL_KEY'],
self.default['SSL_ROOT_CERT'])
elif self.default['SSL_MODE'] == 'require' or self.default['SSL_MODE'] == 'prefer':
self.postgis_uri = 'postgis://%s:%s@%s:%s/%s?sslmode=%s' \
% (
self.default['POSTGRES_USER'],
self.default['POSTGRES_PASS'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_DBNAME'],
self.default['SSL_MODE'])
else:
self.postgis_uri = 'postgis://%s:%s@%s:%s/%s' % (
self.default['POSTGRES_USER'],
self.default['POSTGRES_PASS'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_DBNAME'])
def import_custom_sql(self): def import_custom_sql(self):
"""Import the custom SQL file into the database.""" """Import the custom SQL file into the database."""
@ -240,11 +289,6 @@ class Importer(object):
# noinspection PyUnboundLocalVariable # noinspection PyUnboundLocalVariable
return self.cursor.fetchone()[0] return self.cursor.fetchone()[0]
def lockfile(self):
setup_lockfile = join(self.default['SETTINGS'], 'importer.lock')
if not exists(setup_lockfile):
Path(setup_lockfile).touch()
def run(self): def run(self):
"""First checker.""" """First checker."""
@ -292,7 +336,6 @@ class Importer(object):
self.error(msg) self.error(msg)
else: else:
self.info('Import PBF successful : %s' % self.osm_file) self.info('Import PBF successful : %s' % self.osm_file)
self.lockfile()
if self.post_import_file or self.qgis_style: if self.post_import_file or self.qgis_style:
# Set the password for psql # Set the password for psql

34
docker-osmenrich/enrich.py
Wyświetl plik

@ -19,6 +19,7 @@
***************************************************************************/ ***************************************************************************/
""" """
import sys
import gzip import gzip
from os import environ, listdir, mkdir from os import environ, listdir, mkdir
from os.path import join, exists, getsize from os.path import join, exists, getsize
@ -64,7 +65,11 @@ class Enrich(object):
'CACHE': 'cache', 'CACHE': 'cache',
'MAX_DIFF_FILE_SIZE': 100000000, 'MAX_DIFF_FILE_SIZE': 100000000,
'DBSCHEMA_PRODUCTION': 'public', 'DBSCHEMA_PRODUCTION': 'public',
'CACHE_MODIFY_CHECK': '' 'CACHE_MODIFY_CHECK': '',
'SSL_MODE': 'disable',
'SSL_CERT': None,
'SSL_ROOT_CERT': None,
'SSL_KEY': None
} }
self.mapping_file = None self.mapping_file = None
self.mapping_database_schema = {} self.mapping_database_schema = {}
@ -207,12 +212,33 @@ class Enrich(object):
) )
def create_connection(self): def create_connection(self):
return connect( if self.default['SSL_MODE'] == 'verify-ca' or self.default['SSL_MODE'] == 'verify-full':
"dbname='%s' user='%s' host='%s' password='%s'" % ( if self.default['SSL_CERT'] is None and self.default['SSL_KEY'] is None and self.default['SSL_ROOT_CERT'] \
is None:
sys.exit()
else:
conn_parameters = "dbname='%s' user='%s' host='%s' port='%s' password='%s'" \
" sslmode='%s' sslcert='%s' sslkey='%s' sslrootcert='%s' " % (
self.default['POSTGRES_DBNAME'],
self.default['POSTGRES_USER'],
self.default['POSTGRES_HOST'],
self.default['POSTGRES_PORT'],
self.default['POSTGRES_PASS'],
self.default['SSL_MODE'],
self.default['SSL_CERT'],
self.default['SSL_KEY'],
self.default['SSL_ROOT_CERT'])
else:
conn_parameters = "dbname='%s' user='%s' host='%s' port='%s' password='%s' sslmode='%s' " % (
self.default['POSTGRES_DBNAME'], self.default['POSTGRES_DBNAME'],
self.default['POSTGRES_USER'], self.default['POSTGRES_USER'],
self.default['POSTGRES_HOST'], self.default['POSTGRES_HOST'],
self.default['POSTGRES_PASS'])) self.default['POSTGRES_PORT'],
self.default['POSTGRES_PASS'],
self.default['SSL_MODE'])
return connect(conn_parameters)
def check_database(self): def check_database(self):
"""Test connection to PostGIS and create the URI.""" """Test connection to PostGIS and create the URI."""