Browse Source

Merge "Do not rotate CephX secrets" into stable/ussuri

changes/11/735111/1
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
eff7e961ab
2 changed files with 10 additions and 7 deletions
  1. +4
    -0
      tripleo_common/constants.py
  2. +6
    -7
      tripleo_common/utils/passwords.py

+ 4
- 0
tripleo_common/constants.py View File

@@ -153,6 +153,10 @@ DO_NOT_ROTATE_LIST = (
'KeystoneFernetKey0',
'KeystoneFernetKey1',
'KeystoneFernetKeys',
'CephClientKey',
'CephClusterFSID',
'CephManilaClientKey',
'CephRgwKey',
)

PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'


+ 6
- 7
tripleo_common/utils/passwords.py View File

@@ -51,13 +51,12 @@ def generate_passwords(stack_env=None,
if (stack_env and name in stack_env.get('parameter_defaults', {}) and
not rotate_passwords):
passwords[name] = stack_env['parameter_defaults'][name]
elif name.startswith("Ceph"):
if name == "CephClusterFSID":
# The FSID must be a UUID
passwords[name] = six.text_type(uuid.uuid4())
else:
# CephX keys aren't random strings
passwords[name] = create_cephx_key()
elif name in ('CephClientKey', 'CephManilaClientKey', 'CephRgwKey'):
# CephX keys aren't random strings
passwords[name] = create_cephx_key()
elif name == "CephClusterFSID":
# The FSID must be a UUID
passwords[name] = six.text_type(uuid.uuid4())
# Since by default passlib.pwd.genword uses all digits and ascii upper
# & lowercase letters, it provides ~5.95 entropy per character.
# Make the length of the default authkey 4096 bytes, which should give


Loading…
Cancel
Save