From ec15341ccd0491b44cda1c4579faacfd2ea4e6e7 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Fri, 29 Sep 2017 19:01:49 +0000 Subject: [PATCH] Generate a standalone stackrc Previously the stackrc file made a hiera call to get the admin password. The problem with this is that it makes the stackrc file non-portable to any system except the undercloud. Writing the actual password into stackrc will allow it to work on any system that has network connectivity to the undercloud. Note that this does not have any negative impact on the security of the stackrc file since previously the user sourcing it would have had to have sudo access to read the password from hiera anyway. If anything this is more secure because it does not require allowing root access to any user of stackrc. Depends-On: I6ccb832b52a476b5fa659a9a8f09e38ae41d324b Change-Id: I7a6b665cf9d40889e8e72475887c7ce166e77a40 --- elements/undercloud-install/os-apply-config/root/stackrc | 2 +- templates/config.json.template | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/elements/undercloud-install/os-apply-config/root/stackrc b/elements/undercloud-install/os-apply-config/root/stackrc index f774fdd0c..4e51fa6a9 100644 --- a/elements/undercloud-install/os-apply-config/root/stackrc +++ b/elements/undercloud-install/os-apply-config/root/stackrc @@ -2,7 +2,7 @@ for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done NOVA_VERSION=1.1 export NOVA_VERSION -OS_PASSWORD=$(sudo hiera admin_password) +OS_PASSWORD={{admin_password}} export OS_PASSWORD OS_AUTH_TYPE=password export OS_AUTH_TYPE diff --git a/templates/config.json.template b/templates/config.json.template index 1e108bf1e..dff2bf509 100644 --- a/templates/config.json.template +++ b/templates/config.json.template @@ -13,6 +13,7 @@ "masquerade_networks": ["{{MASQUERADE_NETWORK}}"], "service_certificate": "{{UNDERCLOUD_SERVICE_CERTIFICATE}}", "public_host": "{{UNDERCLOUD_PUBLIC_HOST}}", + "admin_password": "{{UNDERCLOUD_ADMIN_PASSWORD}}", "neutron": { "dhcp_start": "{{DHCP_START}}", "dhcp_end": "{{DHCP_END}}",