Merge branch 'passwords'

Conflicts:
	README-packages.md
	README-source.md

Overcloud-packages.md

@@ -10,6 +10,11 @@ environment variables. The variables you can set are documented below before
 the calls to the script. For their default values, see the deploy-overcloud
 script itself.
 
+1. You must source the contents of `/root/stackrc` into your shell before running the 
+   instack-* scripts that interact with the undercloud and overcloud. In order to do that
+   you can copy that file to a more convenient location or use sudo to cat the file and copy/paste
+   the lines into your shell environment.
+
 1. Run the prepare-for-overcloud script to get setup. This script will
 re-downloading images if they already exist in the current working directory.
 If you want to force a redownload of the images, delete them first.

README-packages.md

@@ -29,5 +29,10 @@ instack-undercloud via packages
 
         instack-install-undercloud-packages
         
+4. Once the install script has run to completion, you should take note to secure and save the files
+   `/root/stackrc` and `/root/tripleo-undercloud-passwords`. Both these files will be needed to interact
+   with the installed undercloud. You may copy these files to your home directory to make them 
+   easier to source later on, but you should try to keep them as secure and backed up as possible.
+
 That completes the Undercloud install. To proceed with deploying and using the
 Overcloud see [Overcloud-packages](Overcloud-packages.md).

README-source.md

@@ -34,5 +34,10 @@ instack-undercloud via source
 
         instack-install-undercloud
 
+4. Once the install script has run to completion, you should take note to secure and save the files
+   `/root/stackrc` and `/root/tripleo-undercloud-passwords`. Both these files will be needed to interact
+   with the installed undercloud. You may copy these files to your home directory to make them 
+   easier to source later on, but you should try to keep them as secure and backed up as possible.
+
 That completes the Undercloud install. To proceed with deploying and using the
 Overcloud see [Overcloud-packages](Overcloud-packages.md).

elements/undercloud-install/os-refresh-config/configure.d/55-stackrc

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-set -eux
-
-cp /root/stackrc /etc/sysconfig/stackrc
-chmod 644 /etc/sysconfig/stackrc

elements/undercloud-stack-config/config.json.template

@@ -1,13 +1,13 @@
 {
   "OpenStack::Heat::Stack": {
   },
-  "admin-password": "unset",
-  "admin-token": "unset",
-  "db-password": "unset",
+  "admin-password": "{{UNDERCLOUD_ADMIN_PASSWORD}}",
+  "admin-token": "{{UNDERCLOUD_ADMIN_TOKEN}}",
+  "db-password": "{{UNDERCLOUD_DB_PASSWORD}}",
   "local-ipv4": "{{LOCAL_IP}}",
   "keystone": {
     "host": "127.0.0.1",
-    "db": "mysql://keystone:unset@localhost/keystone"
+    "db": "mysql://keystone:{{UNDERCLOUD_DB_PASSWORD}}@localhost/keystone"
   },
   "qpid": {
     "host": "127.0.0.1",
@@ -17,15 +17,15 @@
   "glance": {
     "backend": "file",
     "host": "127.0.0.1",
-    "db": "mysql://glance:unset@localhost/glance",
-    "service-password": "unset",
+    "db": "mysql://glance:{{UNDERCLOUD_DB_PASSWORD}}@localhost/glance",
+    "service-password": "{{UNDERCLOUD_GLANCE_PASSWORD}}",
     "notifier-strategy": "noop",
     "log-file": "''"
   },
   "nova": {
     "compute_hostname": "undercloud",
     "host": "127.0.0.1",
-    "db":    "mysql://nova:unset@localhost/nova",
+    "db":    "mysql://nova:{{UNDERCLOUD_DB_PASSWORD}}@localhost/nova",
     "compute_driver": "baremetal.driver.BareMetalDriver",
     "tuning": {
         "ram_allocation_ratio": "1.0",
@@ -33,7 +33,7 @@
     },
     "baremetal": {
       "arch": "amd64",
-      "db": "mysql://nova:unset@localhost/nova_bm",
+      "db": "mysql://nova:{{UNDERCLOUD_DB_PASSWORD}}@localhost/nova_bm",
       "power_manager": "{{POWER_DRIVER}}",
       "pxe_deploy_timeout": "2400",
       "use_file_injection": "False",
@@ -46,20 +46,20 @@
       }
     },
     "metadata-proxy": "false",
-    "service-password": "unset"
+    "service-password": "{{UNDERCLOUD_NOVA_PASSWORD}}"
   },
   "bootstack": {
     "public_interface_ip": "{{LOCAL_IP}}/24",
     "masquerade_networks": ["{{MASQUERADE_NETWORK}}"]
   },
   "cinder": {
-    "db": "mysql://cinder:unset@localhost/cinder",
+    "db": "mysql://cinder:{{UNDERCLOUD_DB_PASSWORD}}@localhost/cinder",
     "volume_size_mb": "5000",
-    "service-password": "unset"
+    "service-password": "{{UNDERCLOUD_CINDER_PASSWORD}}"
   },
   "neutron": {
     "host": "127.0.0.1",
-    "ovs_db": "mysql://neutron:unset@localhost/ovs_neutron?charset=utf8",
+    "ovs_db": "mysql://neutron:{{UNDERCLOUD_DB_PASSWORD}}@localhost/ovs_neutron?charset=utf8",
     "ovs": {
       "bridge_mappings": "ctlplane:br-ctlplane",
       "dnsmasq_range": ["192.0.2.4", "192.0.2.4"],
@@ -70,27 +70,27 @@
       "public_interface": "{{LOCAL_INTERFACE}}",
       "tenant_network_type": "vlan"
     },
-    "service-password": "unset",
+    "service-password": "{{UNDERCLOUD_NEUTRON_PASSWORD}}",
     "dhcp_start": "{{DHCP_START}}",
     "dhcp_end": "{{DHCP_END}}",
     "network_cidr": "{{NETWORK_CIDR}}",
     "network_gateway": "{{NETWORK_GATEWAY}}"
   },
   "heat": {
-    "db": "mysql://heat:unset@localhost/heat",
+    "db": "mysql://heat:{{UNDERCLOUD_DB_PASSWORD}}@localhost/heat",
     "auth_encryption_key": "unset___________",
     "watch_server_url": "http://{{LOCAL_IP}}:8003",
     "waitcondition_server_url": "http://{{LOCAL_IP}}:8000/v1/waitcondition",
     "metadata_server_url": "http://{{LOCAL_IP}}:8000",
     "admin_tenant_name": "service",
     "admin_user": "heat",
-    "admin_password": "unset"
+    "admin_password": "{{UNDERCLOUD_HEAT_PASSWORD}}"
   },
   "horizon": {
     "secret_key": "unset___________"
   },
   "tuskar": {
-    "db": "mysql://tuskar:unset@localhost/tuskar?charset=utf8",
+    "db": "mysql://tuskar:{{UNDERCLOUD_DB_PASSWORD}}@localhost/tuskar?charset=utf8",
     "heat_keystone": {
       "username": "admin",
       "password": "unset",

elements/undercloud-stack-config/install.d/02-undercloud-stack-heat-metadata

@@ -25,6 +25,13 @@ context = {
     'DHCP_END': os.environ.get('DHCP_END', '192.0.2.24'),
     'NETWORK_CIDR': os.environ.get('NETWORK_CIDR', '192.0.2.0/24'),
     'NETWORK_GATEWAY': os.environ.get('NETWORK_GATEWAY', '192.0.2.1'),
+    'UNDERCLOUD_DB_PASSWORD': os.environ.get('UNDERCLOUD_DB_PASSWORD', 'unset'),
+    'UNDERCLOUD_ADMIN_TOKEN': os.environ.get('UNDERCLOUD_ADMIN_TOKEN', 'unset'),
+    'UNDERCLOUD_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_ADMIN_PASSWORD', 'unset'),
+    'UNDERCLOUD_GLANCE_PASSWORD': os.environ.get('UNDERCLOUD_GLANCE_PASSWORD', 'unset'),
+    'UNDERCLOUD_HEAT_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_PASSWORD', 'unset'),
+    'UNDERCLOUD_NEUTRON_PASSWORD': os.environ.get('UNDERCLOUD_NEUTRON_PASSWORD', 'unset'),
+    'UNDERCLOUD_NOVA_PASSWORD': os.environ.get('UNDERCLOUD_NOVA_PASSWORD', 'unset'),
 }
 
 if "SSH_KEY" in os.environ:

elements/undercloud-stack-config/os-apply-config/root/tripleo-undercloud-passwords

@@ -0,0 +1,7 @@
+UNDERCLOUD_DB_PASSWORD={{db-password}}
+UNDERCLOUD_ADMIN_TOKEN={{admin-token}}
+UNDERCLOUD_ADMIN_PASSWORD={{admin-password}}
+UNDERCLOUD_GLANCE_PASSWORD={{glance.service-password}}
+UNDERCLOUD_HEAT_PASSWORD={{heat.admin_password}}
+UNDERCLOUD_NEUTRON_PASSWORD={{neutron.service-password}}
+UNDERCLOUD_NOVA_PASSWORD={{nova.service-password}}

elements/undercloud-stack-config/os-refresh-config/post-configure.d/98-undercloud-setup

@@ -8,6 +8,7 @@ if [ -f $OK_FILE ]; then
     exit
 fi
 
+source /root/tripleo-undercloud-passwords
 source /root/stackrc
 
 # Add scripts directory from tripleo-incubator to the path.
@@ -46,15 +47,15 @@ sleep 20
 
 export UNDERCLOUD_IP=$(os-apply-config --key local-ipv4 --type netaddress)
 
-tripleo init-keystone -p unset unset \
+tripleo init-keystone -p $UNDERCLOUD_ADMIN_PASSWORD $UNDERCLOUD_ADMIN_TOKEN \
     $UNDERCLOUD_IP admin@example.com root@$UNDERCLOUD_IP
 
 tripleo setup-endpoints \
     $UNDERCLOUD_IP \
-    --glance-password unset \
-    --heat-password unset \
-    --neutron-password unset \
-    --nova-password unset
+    --glance-password $UNDERCLOUD_GLANCE_PASSWORD \
+    --heat-password $UNDERCLOUD_HEAT_PASSWORD \
+    --neutron-password $UNDERCLOUD_NEUTRON_PASSWORD \
+    --nova-password $UNDERCLOUD_NOVA_PASSWORD
 
 keystone role-create --name heat_stack_user
 

instack-baremetal.answers.sample

@@ -38,3 +38,43 @@ NETWORK_CIDR=172.17.0.0/16
 ### NETWORK_GATEWAY ###
 # Network gateway for neturon managed network for Overcloud instances
 NETWORK_GATEWAY=172.17.0.1
+
+### Database password ###
+# Password used for MySQL databases
+# If left unset, one will be automatically generated
+UNDERCLOUD_DB_PASSWORD=
+
+### Admin Token ###
+# Keystone admin token
+# If left unset, one will be automatically generated
+UNDERCLOUD_ADMIN_TOKEN=
+
+### Admin password ###
+# Keystone admin password
+# If left unset, one will be automatically generated
+UNDERCLOUD_ADMIN_PASSWORD=
+
+### Glance password ###
+# Glance service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_GLANCE_PASSWORD=
+
+### Heat password ###
+# Heat service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_HEAT_PASSWORD=
+
+### Neutron password ###
+# Neutron service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_NEUTRON_PASSWORD=
+
+### Nova password ###
+# Nova service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_NOVA_PASSWORD=
+
+### Ironic password ###
+# Ironic service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_IRONIC_PASSWORD=

instack-virt.answers.sample

@@ -58,3 +58,43 @@ NETWORK_CIDR=192.0.2.0/24
 ### NETWORK_GATEWAY ###
 # Network gateway for neturon managed network for Overcloud instances
 NETWORK_GATEWAY=192.0.2.1
+
+### Database password ###
+# Password used for MySQL databases
+# If left unset, one will be automatically generated
+UNDERCLOUD_DB_PASSWORD=
+
+### Admin Token ###
+# Keystone admin token
+# If left unset, one will be automatically generated
+UNDERCLOUD_ADMIN_TOKEN=
+
+### Admin password ###
+# Keystone admin password
+# If left unset, one will be automatically generated
+UNDERCLOUD_ADMIN_PASSWORD=
+
+### Glance password ###
+# Glance service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_GLANCE_PASSWORD=
+
+### Heat password ###
+# Heat service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_HEAT_PASSWORD=
+
+### Neutron password ###
+# Neutron service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_NEUTRON_PASSWORD=
+
+### Nova password ###
+# Nova service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_NOVA_PASSWORD=
+
+### Ironic password ###
+# Ironic service password
+# If left unset, one will be automatically generated
+UNDERCLOUD_IRONIC_PASSWORD=

scripts/instack-deploy-overcloud

@@ -2,7 +2,11 @@
 
 set -eux
 
-source /etc/sysconfig/stackrc
+OS_AUTH_URL=${OS_AUTH_URL:-""}
+if [ -z "$OS_AUTH_URL" ]; then
+    echo "You must source a stackrc file for the Undercloud."
+    exit 1
+fi
 
 # setup-baremetal requires this to be set
 export TRIPLEO_ROOT=.

scripts/instack-deploy-overcloud-tuskarcli

@@ -2,7 +2,11 @@
 
 set -eux
 
-source /etc/sysconfig/stackrc
+OS_AUTH_URL=${OS_AUTH_URL:-""}
+if [ -z "$OS_AUTH_URL" ]; then
+    echo "You must source a stackrc file for the Undercloud."
+    exit 1
+fi
 
 # setup-baremetal requires this to be set
 export TRIPLEO_ROOT=.

scripts/instack-install-undercloud

@@ -58,6 +58,15 @@ export NETWORK_CIDR
 export NETWORK_GATEWAY
 export SSH_KEY
 
+export UNDERCLOUD_DB_PASSWORD=${UNDERCLOUD_DB_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)}
+export UNDERCLOUD_ADMIN_PASSWORD=${UNDERCLOUD_ADMIN_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)}
+
 sudo -E instack \
   -p /usr/share/diskimage-builder/elements/ \
      /usr/share/tripleo-image-elements/ \

scripts/instack-install-undercloud-packages

@@ -51,6 +51,15 @@ export NETWORK_CIDR
 export NETWORK_GATEWAY
 export SSH_KEY
 
+export UNDERCLOUD_DB_PASSWORD=${UNDERCLOUD_DB_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)}
+export UNDERCLOUD_ADMIN_PASSWORD=${UNDERCLOUD_ADMIN_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)}
+export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)}
+
 sudo -E instack \
   -p /usr/share/diskimage-builder/elements/ \
      /usr/share/tripleo-image-elements/ \

scripts/instack-prepare-for-overcloud

@@ -2,7 +2,11 @@
 
 set -eux
 
-source /etc/sysconfig/stackrc
+OS_AUTH_URL=${OS_AUTH_URL:-""}
+if [ -z "$OS_AUTH_URL" ]; then
+    echo "You must source a stackrc file for the Undercloud."
+    exit 1
+fi
 
 # generate ssh authentication keys if they don't exist
 if [ ! -f ~/.ssh/id_rsa ]; then

scripts/instack-test-overcloud

@@ -11,7 +11,11 @@ else
     TRIPLEO_ROOT=/opt/stack/tripleo-incubator
 fi
 
-source /etc/sysconfig/stackrc
+OS_AUTH_URL=${OS_AUTH_URL:-""}
+if [ -z "$OS_AUTH_URL" ]; then
+    echo "You must source a stackrc file for the Undercloud."
+    exit 1
+fi
 
 source tripleo-overcloud-passwords