Merge changes from topic 'set-passwords'
* changes: Use uuid4 instead of uuid1 as a base for passwords Set the heat auth_encryption_key to a random string
This commit is contained in:
commit
1edad24dc1
|
@ -39,6 +39,7 @@ context = {
|
|||
'UNDERCLOUD_SWIFT_HASH_SUFFIX': os.environ.get('UNDERCLOUD_SWIFT_HASH_SUFFIX', 'unset'),
|
||||
'UNDERCLOUD_SWIFT_PASSWORD': os.environ.get('UNDERCLOUD_SWIFT_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_GLANCE_PASSWORD': os.environ.get('UNDERCLOUD_GLANCE_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HEAT_ENCRYPTION_KEY': os.environ.get('UNDERCLOUD_HEAT_ENCRYPTION_KEY', 'unset___________'),
|
||||
'UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HEAT_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HORIZON_SECRET_KEY': os.environ.get('UNDERCLOUD_HORIZON_SECRET_KEY', 'unset'),
|
||||
|
|
|
@ -72,7 +72,7 @@ heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
|
|||
heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
|
||||
heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
|
||||
heat::engine::trusts_delegated_roles: []
|
||||
heat::engine::auth_encryption_key: unset___________
|
||||
heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
|
||||
heat::instance_user: heat-admin
|
||||
heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
|
|
|
@ -6,6 +6,7 @@ UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=$(hiera snmpd_readonly_user_password)
|
|||
UNDERCLOUD_CEILOMETER_SNMPD_USER=$(hiera snmpd_readonly_user_name)
|
||||
UNDERCLOUD_DB_PASSWORD=$(hiera admin_password)
|
||||
UNDERCLOUD_GLANCE_PASSWORD=$(hiera glance::api::keystone_password)
|
||||
UNDERCLOUD_HEAT_ENCRYPTION_KEY=$(hiera heat::engine::auth_encryption_key)
|
||||
UNDERCLOUD_HEAT_PASSWORD=$(hiera heat::keystone_password)
|
||||
UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(hiera heat_stack_domain_admin_password)
|
||||
UNDERCLOUD_HORIZON_SECRET_KEY=$(hiera horizon_secret_key)
|
||||
|
|
|
@ -164,6 +164,10 @@ _auth_opts = [
|
|||
help=('Glance service password. '
|
||||
'If left unset, one will be automatically generated.')
|
||||
),
|
||||
cfg.StrOpt('undercloud_heat_encryption_key',
|
||||
help=('Heat db encryption key(must be 8,16 or 32 characters. '
|
||||
'If left unset, one will be automatically generated.')
|
||||
),
|
||||
cfg.StrOpt('undercloud_heat_password',
|
||||
help=('Heat service password. '
|
||||
'If left unset, one will be automatically generated.')
|
||||
|
@ -317,14 +321,14 @@ def _check_hostname():
|
|||
raise RuntimeError('Static hostname not set in /etc/hosts')
|
||||
|
||||
|
||||
def _generate_password():
|
||||
def _generate_password(length=40):
|
||||
"""Create a random password
|
||||
|
||||
Copied from rdomanager-oscplugin. This should eventually live in
|
||||
tripleo-common.
|
||||
"""
|
||||
uuid_str = six.text_type(uuid.uuid1()).encode("UTF-8")
|
||||
return hashlib.sha1(uuid_str).hexdigest()
|
||||
uuid_str = six.text_type(uuid.uuid4()).encode("UTF-8")
|
||||
return hashlib.sha1(uuid_str).hexdigest()[:length]
|
||||
|
||||
|
||||
def _generate_environment(instack_root):
|
||||
|
@ -421,7 +425,11 @@ def _generate_environment(instack_root):
|
|||
else:
|
||||
value = CONF.auth[opt.name]
|
||||
if not value:
|
||||
value = _generate_password()
|
||||
# Heat requires this encryption key to be a specific length
|
||||
if env_name == 'UNDERCLOUD_HEAT_ENCRYPTION_KEY':
|
||||
value = _generate_password(32)
|
||||
else:
|
||||
value = _generate_password()
|
||||
LOG.info('Generated new password for %s', opt.name)
|
||||
instack_env[env_name] = value
|
||||
password_file.write('%s=%s\n' % (opt.name, value))
|
||||
|
|
|
@ -86,6 +86,10 @@
|
|||
# generated. (string value)
|
||||
#undercloud_glance_password = <None>
|
||||
|
||||
# Heat db encryption key(must be 8,16 or 32 characters. If left unset,
|
||||
# one will be automatically generated. (string value)
|
||||
#undercloud_heat_encryption_key = <None>
|
||||
|
||||
# Heat service password. If left unset, one will be automatically
|
||||
# generated. (string value)
|
||||
#undercloud_heat_password = <None>
|
||||
|
|
Loading…
Reference in New Issue