Generate rndc key in password list

We need this to be the same across all nodes in an ha environment, so it has to be generated on the undercloud and passed in to the deployment. Change-Id: I469722466b93dfb97262211bb6f039cd78caa311
2018-07-12 20:25:03 +00:00 · 2018-07-12 20:25:03 +00:00 · 03f660ca81
parent dd3b27fcb7
commit 03f660ca81
3 changed files with 15 additions and 0 deletions
--- a/tripleo_common/constants.py
+++ b/tripleo_common/constants.py
@ -83,6 +83,7 @@ PASSWORD_PARAMETER_NAMES = (
    'CinderPassword',
    'CongressPassword',
    'DesignatePassword',
+    'DesignateRndcKey',
    'Ec2ApiPassword',
    'EtcdInitialClusterToken',
    'GlancePassword',
--- a/tripleo_common/tests/actions/test_parameters.py
+++ b/tripleo_common/tests/actions/test_parameters.py
@ -73,6 +73,7 @@ _EXISTING_PASSWORDS = {
    'CephClientKey': b'AQCQXtlXAAAAABAAKyc+8St8i9onHyu2mPk+vg==',
    'NeutronPassword': 'ZxAjdU2UXCV4GM3WyPKrzAZXD',
    'DesignatePassword': 'wHYj7rftFzHMpJKnGxbjjR9CW',
+    'DesignateRndcKey': 'hB8XaZRd2Tf00jKsyoXpyw==',
    'KeystoneCredential0': 'ftJNQ_XlDUK7Lgvv1kdWf3SyqVsrvNDgoNV4kJg3yzw=',
    'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
    'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
--- a/tripleo_common/utils/passwords.py
+++ b/tripleo_common/utils/passwords.py
@ -13,6 +13,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 import base64
+import hashlib
+import hmac
 import logging
 import os
 import paramiko
@ -87,6 +89,8 @@ def generate_passwords(mistralclient=None, stack_env=None,
            passwords[name] = passlib.pwd.genword(length=10)
        elif name.startswith("HeatAuthEncryptionKey"):
            passwords[name] = passlib.pwd.genword(length=32)
+        elif name.startswith("DesignateRndcKey"):
+            passwords[name] = create_rndc_key_secret()
        else:
            passwords[name] = passlib.pwd.genword(length=_MIN_PASSWORD_SIZE)
    return passwords
@ -135,3 +139,12 @@ def create_ssh_keypair(comment=None, bits=2048):
        'private_key': private_key,
        'public_key': public_key,
    }
+
+
+def create_rndc_key_secret():
+    # The rndc key secret is a base64-encoded hmac-sha256 value
+    h = hmac.new(
+        passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
+        msg=passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
+        digestmod=hashlib.sha256)
+    return base64.b64encode(h.digest())