Generate rndc key in password list
We need this to be the same across all nodes in an ha environment, so it has to be generated on the undercloud and passed in to the deployment. Change-Id: I469722466b93dfb97262211bb6f039cd78caa311
This commit is contained in:
Ben Nemec
@@ -83,6 +83,7 @@ PASSWORD_PARAMETER_NAMES = (
|
|||||||
'CinderPassword',
|
'CinderPassword',
|
||||||
'CongressPassword',
|
'CongressPassword',
|
||||||
'DesignatePassword',
|
'DesignatePassword',
|
||||||
|
'DesignateRndcKey',
|
||||||
'Ec2ApiPassword',
|
'Ec2ApiPassword',
|
||||||
'EtcdInitialClusterToken',
|
'EtcdInitialClusterToken',
|
||||||
'GlancePassword',
|
'GlancePassword',
|
||||||
|
|||||||
@@ -73,6 +73,7 @@ _EXISTING_PASSWORDS = {
|
|||||||
'CephClientKey': b'AQCQXtlXAAAAABAAKyc+8St8i9onHyu2mPk+vg==',
|
'CephClientKey': b'AQCQXtlXAAAAABAAKyc+8St8i9onHyu2mPk+vg==',
|
||||||
'NeutronPassword': 'ZxAjdU2UXCV4GM3WyPKrzAZXD',
|
'NeutronPassword': 'ZxAjdU2UXCV4GM3WyPKrzAZXD',
|
||||||
'DesignatePassword': 'wHYj7rftFzHMpJKnGxbjjR9CW',
|
'DesignatePassword': 'wHYj7rftFzHMpJKnGxbjjR9CW',
|
||||||
|
'DesignateRndcKey': 'hB8XaZRd2Tf00jKsyoXpyw==',
|
||||||
'KeystoneCredential0': 'ftJNQ_XlDUK7Lgvv1kdWf3SyqVsrvNDgoNV4kJg3yzw=',
|
'KeystoneCredential0': 'ftJNQ_XlDUK7Lgvv1kdWf3SyqVsrvNDgoNV4kJg3yzw=',
|
||||||
'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
|
'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
|
||||||
'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
|
'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
|
||||||
|
|||||||
@@ -13,6 +13,8 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
import base64
|
import base64
|
||||||
|
import hashlib
|
||||||
|
import hmac
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import paramiko
|
import paramiko
|
||||||
@@ -87,6 +89,8 @@ def generate_passwords(mistralclient=None, stack_env=None,
|
|||||||
passwords[name] = passlib.pwd.genword(length=10)
|
passwords[name] = passlib.pwd.genword(length=10)
|
||||||
elif name.startswith("HeatAuthEncryptionKey"):
|
elif name.startswith("HeatAuthEncryptionKey"):
|
||||||
passwords[name] = passlib.pwd.genword(length=32)
|
passwords[name] = passlib.pwd.genword(length=32)
|
||||||
|
elif name.startswith("DesignateRndcKey"):
|
||||||
|
passwords[name] = create_rndc_key_secret()
|
||||||
else:
|
else:
|
||||||
passwords[name] = passlib.pwd.genword(length=_MIN_PASSWORD_SIZE)
|
passwords[name] = passlib.pwd.genword(length=_MIN_PASSWORD_SIZE)
|
||||||
return passwords
|
return passwords
|
||||||
@@ -135,3 +139,12 @@ def create_ssh_keypair(comment=None, bits=2048):
|
|||||||
'private_key': private_key,
|
'private_key': private_key,
|
||||||
'public_key': public_key,
|
'public_key': public_key,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def create_rndc_key_secret():
|
||||||
|
# The rndc key secret is a base64-encoded hmac-sha256 value
|
||||||
|
h = hmac.new(
|
||||||
|
passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
|
||||||
|
msg=passlib.pwd.genword(length=_MIN_PASSWORD_SIZE).encode('utf-8'),
|
||||||
|
digestmod=hashlib.sha256)
|
||||||
|
return base64.b64encode(h.digest())
|
||||||
|
|||||||
Reference in New Issue
Block a user