Generate rndc key in password list
We need this to be the same across all nodes in an ha environment, so it has to be generated on the undercloud and passed in to the deployment. Change-Id: I469722466b93dfb97262211bb6f039cd78caa311
This commit is contained in:
parent
dd3b27fcb7
commit
03f660ca81
|
@ -83,6 +83,7 @@ PASSWORD_PARAMETER_NAMES = (
|
|||
'CinderPassword',
|
||||
'CongressPassword',
|
||||
'DesignatePassword',
|
||||
'DesignateRndcKey',
|
||||
'Ec2ApiPassword',
|
||||
'EtcdInitialClusterToken',
|
||||
'GlancePassword',
|
||||
|
|
|
@ -73,6 +73,7 @@ _EXISTING_PASSWORDS = {
|
|||
'CephClientKey': b'AQCQXtlXAAAAABAAKyc+8St8i9onHyu2mPk+vg==',
|
||||
'NeutronPassword': 'ZxAjdU2UXCV4GM3WyPKrzAZXD',
|
||||
'DesignatePassword': 'wHYj7rftFzHMpJKnGxbjjR9CW',
|
||||
'DesignateRndcKey': 'hB8XaZRd2Tf00jKsyoXpyw==',
|
||||
'KeystoneCredential0': 'ftJNQ_XlDUK7Lgvv1kdWf3SyqVsrvNDgoNV4kJg3yzw=',
|
||||
'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
|
||||
'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
import base64
|
||||
import hashlib
|
||||
import hmac
|
||||
import logging
|
||||
import os
|
||||
import paramiko
|
||||
|
@ -87,6 +89,8 @@ def generate_passwords(mistralclient=None, stack_env=None,
|
|||
passwords[name] = passlib.pwd.genword(length=10)
|
||||
elif name.startswith("HeatAuthEncryptionKey"):
|
||||
passwords[name] = passlib.pwd.genword(length=32)
|
||||
elif name.startswith("DesignateRndcKey"):
|
||||
passwords[name] = create_rndc_key_secret()
|
||||
else:
|
||||
passwords[name] = passlib.pwd.genword(length=_MIN_PASSWORD_SIZE)
|
||||
return passwords
|
||||
|
@ -135,3 +139,12 @@ def create_ssh_keypair(comment=None, bits=2048):
|
|||
'private_key': private_key,
|
||||
'public_key': public_key,
|
||||
}
|
||||
|
||||
|
||||
def create_rndc_key_secret():
|
||||
# The rndc key secret is a base64-encoded hmac-sha256 value
|
||||
h = hmac.new(
|
||||
passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
|
||||
msg=passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
|
||||
digestmod=hashlib.sha256)
|
||||
return base64.b64encode(h.digest())
|
||||
|
|
Loading…
Reference in New Issue