Add metadata proxy shared secret for Nova and Neutron

Override default "metadata_proxy_shared_secret" parameter.
This secret is used by Neutron to sign instance-id headers
to prevent spoofing when proxying metadata requests.

Change-Id: I771d7f818a18b82d55bf781d71fc95114ac7e78c
This commit is contained in:
Evgeny 2019-02-25 11:49:00 -08:00 committed by Evgeny L
parent 2ed2a37124
commit 6514b2f77f
5 changed files with 45 additions and 0 deletions

View File

@ -169,6 +169,12 @@ metadata:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
- dest:
path: .values.conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret
src:
schema: deckhand/Passphrase/v1
name: osh_nova_metadata_proxy_shared_secret
path: .
# Interfaces for neutron configuration
- src:

View File

@ -269,6 +269,12 @@ metadata:
schema: deckhand/Passphrase/v1
name: osh_oslo_cache_secret_key
path: .
- dest:
path: .values.conf.nova.neutron.metadata_proxy_shared_secret
src:
schema: deckhand/Passphrase/v1
name: osh_nova_metadata_proxy_shared_secret
path: .
data:
chart_name: nova
release: nova

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

View File

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...