From c726247ce212b5694f71aad960f2972465317a6f Mon Sep 17 00:00:00 2001 From: JJ Asghar Date: Thu, 9 Jul 2015 15:09:24 -0500 Subject: [PATCH] Updated the Databags.md We've had some people ask how to change the password from `mypass` these are the steps to make that happen. Change-Id: I5804186277b154c7120e9390dedfb328d78482a3 --- doc/databags.md | 131 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 124 insertions(+), 7 deletions(-) diff --git a/doc/databags.md b/doc/databags.md index f41e338..919c78b 100644 --- a/doc/databags.md +++ b/doc/databags.md @@ -31,15 +31,132 @@ id: ceilometer # Update contents of data bag item # set EDITOR env var to your editor. For powershell, I used nano + + $ chef exec knife data bag edit secrets dispersion_auth_user -z ``` -## data bag default values -db_passwords are set to "mypass" -secrets are set to "_token" -service_passwords are set to "mypass" -user_passwords are set to "mypass" +| data bag default values | +| ----------------------- | +| db_passwords are set to "mypass" | +| secrets are set to "_token" | +| service_passwords are set to "mypass" | +| user_passwords are set to "mypass" | ## Encrypted data bag secret -The default secret is stored here .chef/encrypted_data_bag_secret -and referenced by .chef/knife.rb. +The default secret is stored here `.chef/encrypted_data_bag_secret` +and referenced by `.chef/knife.rb`. + +## Creating "new data_bags" + +If you would like to create a new set of data_bags, first you need to update your `encrypted_data_bag_secret` with something like the following: + +``` +openssl rand -base64 512 | tr -d '\r\n' > encrypted_data_bag_secret +``` + +### Database passwords + +Then you need to create new data_bags for each of the databases you'll want to use, such as: + +An example json: +```json +{ + "id": "ceilometer", + "ceilometer": "SOME_PASSWORD" +} +``` + +``` +chef exec knife data bag create db_passwords ceilometer --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords cinder --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords dash --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords glance --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords heat --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords horizon --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords ironic --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords keystone --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords neutron --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create db_passwords nova --secret-file .chef/encrypted_data_bag_secret +``` + +### Swift secrets + +If you're using swift, you'll need to update the attributes from [data_bags/secrets](data_bags/secrets), and the changes are [here](https://github.com/openstack/cookbook-openstack-object-storage/blob/master/README.md#attributes). + +These are for anything after Juno's release. If you're doing something before Juno, please check that attributes.rb + +```json +{ + "id": "swift_hash_path_prefix", + "swift_hash_path_prefix": "SOME_PREFIX" +} +``` + +``` +chef exec knife data bag create secrets swift_hash_path_prefix --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create secrets swift_hash_path_suffix --secret-file .chef/encrypted_data_bag_secret +``` + +You'll want to create a new authkey, and dispersion keys: + +``` +chef exec knife data bag create secrets swift_authkey --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create secrets dispersion_auth_user --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create secrets dispersion_auth_key --secret-file .chef/encrypted_data_bag_secret +``` + +### Neutron secrets + +Next you'll want to update your neutron metadata secret: + +``` +chef exec knife data bag create secrets neutron_metadata_secret --secret-file .chef/encrypted_data_bag_secret +``` + +### Keystone secrets + +You'll want to update your keystone identity bootstrap token: + +``` +chef exec knife data bag create secrets openstack_idenitity_bootstrap_token --secret-file .chef/encrypted_data_bag_secret +``` + +### Service passwords + +How to update the service passwords: + +```json +{ + "id": "openstack-compute", + "openstack-compute": "SOME_PASSWORD" +} +``` + +``` +chef exec knife data bag create service_passwords openstack-bare-metal --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-block-storage --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-compute --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-image --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-network --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-object-storage --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords openstack-orchestration --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create service_passwords rbd --secret-file .chef/encrypted_data_bag_secret +``` + +### User passwords + +If you would like to change the user passwords from `mypass`: + +```json +{ + "id": "guest", + "guest": "SOME_PASSWORD" +} +``` + +``` +chef exec knife data bag create user_passwords admin --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create user_passwords guest --secret-file .chef/encrypted_data_bag_secret +chef exec knife data bag create user_passwords mysqlroot --secret-file .chef/encrypted_data_bag_secret +```