39e5bec0fe
This key must never be regenerated at re-deploy time, so add it to the tripleo-common list of passwords. The length is set to 4096 bytes as recommended here: - http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html-single/Pacemaker_Remote/#_mile_high_view_of_configuration_steps recommends a 4096 bytes key (32768 bits) - Since we use the passlib generate_password module and it uses the lower/uppercase letters + numbers it provides ~5.95 bits of entropy per byte, in the end we will have ~24000 bits of entropy which should be largely sufficient. We also make sure to test a key of that length (4096) in the unit tests. Change-Id: I581552dfa64160e2f82f6a9b8f2ae521c3d6da8d
100 lines
3.0 KiB
Python
100 lines
3.0 KiB
Python
# Copyright 2015 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
#: The names of the root template in a standard tripleo-heat-template layout.
|
|
OVERCLOUD_YAML_NAME = "overcloud.yaml"
|
|
|
|
#: The name of the overcloud root template in jinja2 format.
|
|
OVERCLOUD_J2_NAME = "overcloud.j2.yaml"
|
|
|
|
#: The name of custom roles data file used when rendering the jinja template.
|
|
OVERCLOUD_J2_ROLES_NAME = "roles_data.yaml"
|
|
|
|
#: The name of custom roles excl file used when rendering the jinja template.
|
|
OVERCLOUD_J2_EXCLUDES = "j2_excludes.yaml"
|
|
|
|
#: The name of the type for resource groups.
|
|
RESOURCE_GROUP_TYPE = 'OS::Heat::ResourceGroup'
|
|
|
|
#: The resource name used for package updates
|
|
UPDATE_RESOURCE_NAME = 'UpdateDeployment'
|
|
|
|
#: The default timeout to pass to Heat stacks
|
|
STACK_TIMEOUT_DEFAULT = 240
|
|
|
|
#: The default name to use for a plan container
|
|
DEFAULT_CONTAINER_NAME = 'overcloud'
|
|
|
|
#: The path to the tripleo heat templates installed on the undercloud
|
|
DEFAULT_TEMPLATES_PATH = '/usr/share/openstack-tripleo-heat-templates/'
|
|
|
|
# The path to the tripleo validations installed on the undercloud
|
|
DEFAULT_VALIDATIONS_PATH = \
|
|
'/usr/share/openstack-tripleo-validations/validations/'
|
|
|
|
# TRIPLEO_META_USAGE_KEY is inserted into metadata for containers created in
|
|
# Swift via SwiftPlanStorageBackend to identify them from other containers
|
|
TRIPLEO_META_USAGE_KEY = 'x-container-meta-usage-tripleo'
|
|
|
|
#: List of names of parameters that contain passwords
|
|
PASSWORD_PARAMETER_NAMES = (
|
|
'AdminPassword',
|
|
'AdminToken',
|
|
'AodhPassword',
|
|
'BarbicanPassword',
|
|
'CeilometerMeteringSecret',
|
|
'CeilometerPassword',
|
|
'CephAdminKey',
|
|
'CephClientKey',
|
|
'CephClusterFSID',
|
|
'CephMdsKey',
|
|
'CephManilaClientKey',
|
|
'CephMonKey',
|
|
'CephRgwKey',
|
|
'CinderPassword',
|
|
'Ec2ApiPassword',
|
|
'GlancePassword',
|
|
'GnocchiPassword',
|
|
'HAProxyStatsPassword',
|
|
'HeatPassword',
|
|
'HeatStackDomainAdminPassword',
|
|
'IronicPassword',
|
|
'KeystoneCredential0',
|
|
'KeystoneCredential1',
|
|
'KeystoneFernetKey0',
|
|
'KeystoneFernetKey1',
|
|
'ManilaPassword',
|
|
'MistralPassword',
|
|
'MysqlClustercheckPassword',
|
|
'NeutronMetadataProxySharedSecret',
|
|
'NeutronPassword',
|
|
'NovaPassword',
|
|
'OctaviaHeartbeatKey',
|
|
'OctaviaPassword',
|
|
'PacemakerRemoteAuthkey',
|
|
'PankoPassword',
|
|
'RabbitPassword',
|
|
'RedisPassword',
|
|
'SaharaPassword',
|
|
'SnmpdReadonlyUserPassword',
|
|
'SwiftHashSuffix',
|
|
'SwiftPassword',
|
|
'TrovePassword',
|
|
'ZaqarPassword',
|
|
)
|
|
|
|
PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'
|