Do not rotate CephX secrets
we do not want the CephX keys to rotate by default, some cannot
be changed at all after the cluster has been deployed
Change-Id: Iefe87eb869e248ea1e98d9ae34cdeeea57aa5426
(cherry picked from commit d1662ad411
)
This commit is contained in:
parent
5e7ca16c12
commit
e15ad2c2c1
|
@ -156,6 +156,10 @@ DO_NOT_ROTATE_LIST = (
|
|||
'KeystoneFernetKey0',
|
||||
'KeystoneFernetKey1',
|
||||
'KeystoneFernetKeys',
|
||||
'CephClientKey',
|
||||
'CephClusterFSID',
|
||||
'CephManilaClientKey',
|
||||
'CephRgwKey',
|
||||
)
|
||||
|
||||
PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'
|
||||
|
|
|
@ -51,13 +51,12 @@ def generate_passwords(stack_env=None,
|
|||
if (stack_env and name in stack_env.get('parameter_defaults', {}) and
|
||||
not rotate_passwords):
|
||||
passwords[name] = stack_env['parameter_defaults'][name]
|
||||
elif name.startswith("Ceph"):
|
||||
if name == "CephClusterFSID":
|
||||
# The FSID must be a UUID
|
||||
passwords[name] = six.text_type(uuid.uuid4())
|
||||
else:
|
||||
# CephX keys aren't random strings
|
||||
passwords[name] = create_cephx_key()
|
||||
elif name in ('CephClientKey', 'CephManilaClientKey', 'CephRgwKey'):
|
||||
# CephX keys aren't random strings
|
||||
passwords[name] = create_cephx_key()
|
||||
elif name == "CephClusterFSID":
|
||||
# The FSID must be a UUID
|
||||
passwords[name] = six.text_type(uuid.uuid4())
|
||||
# Since by default passlib.pwd.genword uses all digits and ascii upper
|
||||
# & lowercase letters, it provides ~5.95 entropy per character.
|
||||
# Make the length of the default authkey 4096 bytes, which should give
|
||||
|
|
Loading…
Reference in New Issue