Browse Source

Add metadata proxy shared secret for Nova and Neutron

Override default "metadata_proxy_shared_secret" parameter.
This secret is used by Neutron to sign instance-id headers
to prevent spoofing when proxying metadata requests.

Change-Id: I771d7f818a18b82d55bf781d71fc95114ac7e78c
changes/83/639183/7
Evgeny 2 years ago
committed by Evgeny L
parent
commit
6514b2f77f
  1. 6
      global/software/charts/osh/openstack-compute-kit/neutron.yaml
  2. 6
      global/software/charts/osh/openstack-compute-kit/nova.yaml
  3. 11
      site/airship-seaworthy/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  4. 11
      site/airskiff/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  5. 11
      site/airsloop/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml

6
global/software/charts/osh/openstack-compute-kit/neutron.yaml

@ -169,6 +169,12 @@ metadata:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
- dest:
path: .values.conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret
src:
schema: deckhand/Passphrase/v1
name: osh_nova_metadata_proxy_shared_secret
path: .
# Interfaces for neutron configuration
- src:

6
global/software/charts/osh/openstack-compute-kit/nova.yaml

@ -269,6 +269,12 @@ metadata:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
- dest:
path: .values.conf.nova.neutron.metadata_proxy_shared_secret
src:
schema: deckhand/Passphrase/v1
name: osh_nova_metadata_proxy_shared_secret
path: .
data:
chart_name: nova
release: nova

11
site/airship-seaworthy/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/airskiff/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/airsloop/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...
Loading…
Cancel
Save