openstack-ansible/doc/source/install-guide-revised-draft/configure-creds.rst

Configuring service credentials

Configure credentials for each service in the /etc/openstack_deploy/*_secrets.yml files. Consider using Ansible Vault to increase security by encrypting any files containing credentials.

Adjust permissions on these files to restrict access by non-privileged users.

Note

The following options configure passwords for the web interfaces.

• keystone_auth_admin_password configures the admin tenant

  password for both the OpenStack API and dashboard access.

Note

We recommend using the pw-token-gen.py script to generate random values for the variables in each file that contains service credentials:

# cd /opt/openstack-ansible/scripts
# python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

To regenerate existing passwords, add the --regen flag.

Warning

The playbooks do not currently manage changing passwords in an existing environment. Changing passwords and re-running the playbooks will fail and may break your OpenStack environment.

---