Ensure that OctaviaServerCertsKeyPassphrase is 32-byte long

Related-Bug: #1833942

Change-Id: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989
(cherry picked from commit de2ab55824)
(cherry picked from commit 94620dd5e6)
This commit is contained in:
Nir Magnezi 2019-06-23 00:54:19 +03:00
parent 3ca07e4900
commit 35913d6266
3 changed files with 8 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
fixes:
- The passphrase for config option 'server_certs_key_passphrase', is used as
a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now
auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.

View File

@ -73,6 +73,7 @@ class TestPasswords(base.TestCase):
self.assertNotEqual(value['KeystoneCredential0'],
value['KeystoneCredential1'])
self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)
def test_create_ssh_keypair(self):

View File

@ -89,6 +89,8 @@ def generate_passwords(mistralclient=None, stack_env=None,
passwords[name] = passlib.pwd.genword(length=10)
elif name.startswith("HeatAuthEncryptionKey"):
passwords[name] = passlib.pwd.genword(length=32)
elif name.startswith("OctaviaServerCertsKeyPassphrase"):
passwords[name] = passlib.pwd.genword(length=32)
elif name.startswith("DesignateRndcKey"):
passwords[name] = create_rndc_key_secret()
else: