The KEK is used in a fernet.Fernet encryptor so it needs to be a
32 byte base64 encoded string - just like the keystone Fernet
credentials.
Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
Change-Id: I192e9bc30d808d9d9b664f8d0d33966f98f5768b
This will eventually be used instead of KeystoneFernetKey0 and 1, and
will allow us to do rotations with mistral.
bp keystone-fernet-rotation
Change-Id: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
This reuses the existing password generation mistral action to generate an ssh
keypair to be used for nova cold migration
Paramiko is used to generate the ssh key, based on the existing approach in the
nova keypair api.
Also update validation ssh key generation to reuse the same method.
Change-Id: I9e7a1862911312ad942233ac8fc828f4e1be1dcf
Update the generate_overcloud_passwords function so
that it no longer explicitly requires mistralclient.
This is useful to the python-tripleoclient undercloud
installer which would like to re-use this function
and does not currently run mistral.
This patch also renames the function so that it is more
clear these passwords would get used by both the
undercloud and overcloud installers.
Change-Id: I87fe5b3c2237d2f5a9b3b4b97216b87c548cf78d
Openstack common has a wrapper for generating uuids. We should
use that function when generating uuids for consistency.
Change-Id: Ifa6fb2d81d36be4e0c17083010eb202fccc42363
Closes-Bug: #1082248
Manage two Keys for signing Fernet tokens,
using the same approach as was used for
Keystone Credentials signing.
Change-Id: Ic070d160b519b8637997dbde165dbf15275e0dfe
The snmpd readonly password is stored in a Mistral environment by
instack so it can be accessed by Mistral as the Hiera approach wasn't
working. This updates the password action to use the new password
source.
Closes-Bug: #1631279
Depends-On: I71edae4a4dee2204edf32e3b2800f075d221b856
Change-Id: I94428d1deb000c65a1c0266d01f660b76d4a3ee5
At the moment the CLI generates various passwords, this logic is
then not available to the GUI. We should move this to further
standardise the process.
This patch ports the necessary utility methods and adds an action
to generate and store passwords in a mistral environment or retrieve
previously generated passwords from the mistral environment. The action
will generate and replace any missing passwords. The passwords are
stored in parameter_defaults and are used in any subsequent calls to heat
(e.g. Parameters and Stack Creation).
The order of the merge of parameter_defaults and passwords allows
a user to override a password value.
The action is added to workflows in the plan_management workbook.
Closes-Bug: #1621097
Change-Id: Ic476a09f7981d4e6ee12e05b333a18cda5b4626b