Secure permissions on /etc/puppet/hieradata and
/etc/puppet/hieradata/puppet-stack-config.yaml Change-Id: I7cd014914db998d583f79328ed82270d3a280ff5 Resolves: rhbz#1234962
This commit is contained in:
parent
11827e002e
commit
047e3c11f1
@ -73,3 +73,7 @@ if not os.path.exists(os.path.dirname(puppet_stack_config_yaml_path)):
|
|||||||
os.makedirs(os.path.dirname(puppet_stack_config_yaml_path))
|
os.makedirs(os.path.dirname(puppet_stack_config_yaml_path))
|
||||||
with open(puppet_stack_config_yaml_path, 'w') as f:
|
with open(puppet_stack_config_yaml_path, 'w') as f:
|
||||||
f.write(puppet_stack_config_yaml)
|
f.write(puppet_stack_config_yaml)
|
||||||
|
|
||||||
|
# Secure permissions
|
||||||
|
os.chmod(os.path.dirname(puppet_stack_config_yaml_path), 0750)
|
||||||
|
os.chmod(puppet_stack_config_yaml_path, 0600)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
export NOVA_VERSION=1.1
|
export NOVA_VERSION=1.1
|
||||||
export OS_PASSWORD=$(hiera admin_password)
|
export OS_PASSWORD=$(sudo hiera admin_password)
|
||||||
export OS_AUTH_URL=http://{{local-ip}}:5000/v2.0
|
export OS_AUTH_URL=http://{{local-ip}}:5000/v2.0
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
export OS_TENANT_NAME=admin
|
export OS_TENANT_NAME=admin
|
||||||
|
@ -1,21 +1,21 @@
|
|||||||
UNDERCLOUD_ADMIN_PASSWORD=$(hiera admin_password)
|
UNDERCLOUD_ADMIN_PASSWORD=$(sudo hiera admin_password)
|
||||||
UNDERCLOUD_ADMIN_TOKEN=$(hiera keystone::admin_token)
|
UNDERCLOUD_ADMIN_TOKEN=$(sudo hiera keystone::admin_token)
|
||||||
UNDERCLOUD_CEILOMETER_METERING_SECRET=$(hiera ceilometer::metering_secret)
|
UNDERCLOUD_CEILOMETER_METERING_SECRET=$(sudo hiera ceilometer::metering_secret)
|
||||||
UNDERCLOUD_CEILOMETER_PASSWORD=$(hiera ceilometer::api::keystone_password)
|
UNDERCLOUD_CEILOMETER_PASSWORD=$(sudo hiera ceilometer::api::keystone_password)
|
||||||
UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=$(hiera snmpd_readonly_user_password)
|
UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=$(sudo hiera snmpd_readonly_user_password)
|
||||||
UNDERCLOUD_CEILOMETER_SNMPD_USER=$(hiera snmpd_readonly_user_name)
|
UNDERCLOUD_CEILOMETER_SNMPD_USER=$(sudo hiera snmpd_readonly_user_name)
|
||||||
UNDERCLOUD_DB_PASSWORD=$(hiera admin_password)
|
UNDERCLOUD_DB_PASSWORD=$(sudo hiera admin_password)
|
||||||
UNDERCLOUD_GLANCE_PASSWORD=$(hiera glance::api::keystone_password)
|
UNDERCLOUD_GLANCE_PASSWORD=$(sudo hiera glance::api::keystone_password)
|
||||||
UNDERCLOUD_HEAT_ENCRYPTION_KEY=$(hiera heat::engine::auth_encryption_key)
|
UNDERCLOUD_HEAT_ENCRYPTION_KEY=$(sudo hiera heat::engine::auth_encryption_key)
|
||||||
UNDERCLOUD_HEAT_PASSWORD=$(hiera heat::keystone_password)
|
UNDERCLOUD_HEAT_PASSWORD=$(sudo hiera heat::keystone_password)
|
||||||
UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(hiera heat_stack_domain_admin_password)
|
UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(sudo hiera heat_stack_domain_admin_password)
|
||||||
UNDERCLOUD_HORIZON_SECRET_KEY=$(hiera horizon_secret_key)
|
UNDERCLOUD_HORIZON_SECRET_KEY=$(sudo hiera horizon_secret_key)
|
||||||
UNDERCLOUD_IRONIC_PASSWORD=$(hiera ironic::api::admin_password)
|
UNDERCLOUD_IRONIC_PASSWORD=$(sudo hiera ironic::api::admin_password)
|
||||||
UNDERCLOUD_NEUTRON_PASSWORD=$(hiera neutron::server::auth_password)
|
UNDERCLOUD_NEUTRON_PASSWORD=$(sudo hiera neutron::server::auth_password)
|
||||||
UNDERCLOUD_NOVA_PASSWORD=$(hiera nova::api::admin_password)
|
UNDERCLOUD_NOVA_PASSWORD=$(sudo hiera nova::api::admin_password)
|
||||||
UNDERCLOUD_RABBIT_COOKIE=$(hiera rabbit_cookie)
|
UNDERCLOUD_RABBIT_COOKIE=$(sudo hiera rabbit_cookie)
|
||||||
UNDERCLOUD_RABBIT_PASSWORD=$(hiera rabbit_password)
|
UNDERCLOUD_RABBIT_PASSWORD=$(sudo hiera rabbit_password)
|
||||||
UNDERCLOUD_RABBIT_USERNAME=$(hiera rabbit_username)
|
UNDERCLOUD_RABBIT_USERNAME=$(sudo hiera rabbit_username)
|
||||||
UNDERCLOUD_SWIFT_HASH_SUFFIX=$(hiera swift::swift_hash_suffix)
|
UNDERCLOUD_SWIFT_HASH_SUFFIX=$(sudo hiera swift::swift_hash_suffix)
|
||||||
UNDERCLOUD_SWIFT_PASSWORD=$(hiera swift::proxy::authtoken::admin_password)
|
UNDERCLOUD_SWIFT_PASSWORD=$(sudo hiera swift::proxy::authtoken::admin_password)
|
||||||
UNDERCLOUD_TUSKAR_PASSWORD={{tuskar.service-password}}
|
UNDERCLOUD_TUSKAR_PASSWORD={{tuskar.service-password}}
|
||||||
|
@ -474,7 +474,7 @@ def _configure_ssh_keys():
|
|||||||
args = ['sudo', 'chown', getpass.getuser() + ':',
|
args = ['sudo', 'chown', getpass.getuser() + ':',
|
||||||
os.path.expanduser('~/stackrc')]
|
os.path.expanduser('~/stackrc')]
|
||||||
_run_command(args, name='Chown stackrc')
|
_run_command(args, name='Chown stackrc')
|
||||||
password = _run_command(['hiera', 'admin_password']).rstrip()
|
password = _run_command(['sudo', 'hiera', 'admin_password']).rstrip()
|
||||||
user = _extract_from_stackrc('OS_USERNAME')
|
user = _extract_from_stackrc('OS_USERNAME')
|
||||||
auth_url = _extract_from_stackrc('OS_AUTH_URL')
|
auth_url = _extract_from_stackrc('OS_AUTH_URL')
|
||||||
tenant = _extract_from_stackrc('OS_TENANT')
|
tenant = _extract_from_stackrc('OS_TENANT')
|
||||||
|
Loading…
Reference in New Issue
Block a user