Browse Source

Merge "Ensure that OctaviaServerCertsKeyPassphrase is 32-byte long" into stable/queens

tags/8.7.1
Zuul 1 month ago
parent
commit
341b3cbb48

+ 5
- 0
releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+fixes:
3
+  - The passphrase for config option 'server_certs_key_passphrase', is used as
4
+    a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now
5
+    auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.

+ 1
- 0
tripleo_common/tests/utils/test_passwords.py View File

@@ -73,6 +73,7 @@ class TestPasswords(base.TestCase):
73 73
 
74 74
         self.assertNotEqual(value['KeystoneCredential0'],
75 75
                             value['KeystoneCredential1'])
76
+        self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)
76 77
 
77 78
     def test_create_ssh_keypair(self):
78 79
 

+ 3
- 0
tripleo_common/utils/passwords.py View File

@@ -90,6 +90,9 @@ def generate_passwords(mistralclient=None, stack_env=None):
90 90
         elif name.startswith("HeatAuthEncryptionKey"):
91 91
             passwords[name] = passutils.generate_password(
92 92
                 size=32)
93
+        elif name.startswith("OctaviaServerCertsKeyPassphrase"):
94
+            passwords[name] = passutils.generate_password(
95
+                size=32)
93 96
         else:
94 97
             passwords[name] = passutils.generate_password(
95 98
                 size=_MIN_PASSWORD_SIZE)

Loading…
Cancel
Save