tripleo-common/tripleo_common/constants.py
Michele Baldessari 39e5bec0fe Add a PacemakerRemoteAuthkey to the default passwords
This key must never be regenerated at re-deploy time, so add it to the
tripleo-common list of passwords. The length is set to 4096 bytes
as recommended here:

- http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html-single/Pacemaker_Remote/#_mile_high_view_of_configuration_steps
  recommends a 4096 bytes key (32768 bits)

- Since we use the passlib generate_password module and it uses the
  lower/uppercase letters + numbers it provides ~5.95 bits of entropy per
  byte, in the end we will have ~24000 bits of entropy which should be
  largely sufficient.

We also make sure to test a key of that length (4096) in the unit tests.

Change-Id: I581552dfa64160e2f82f6a9b8f2ae521c3d6da8d
2017-01-19 15:51:02 +01:00

100 lines
3.0 KiB
Python

# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#: The names of the root template in a standard tripleo-heat-template layout.
OVERCLOUD_YAML_NAME = "overcloud.yaml"
#: The name of the overcloud root template in jinja2 format.
OVERCLOUD_J2_NAME = "overcloud.j2.yaml"
#: The name of custom roles data file used when rendering the jinja template.
OVERCLOUD_J2_ROLES_NAME = "roles_data.yaml"
#: The name of custom roles excl file used when rendering the jinja template.
OVERCLOUD_J2_EXCLUDES = "j2_excludes.yaml"
#: The name of the type for resource groups.
RESOURCE_GROUP_TYPE = 'OS::Heat::ResourceGroup'
#: The resource name used for package updates
UPDATE_RESOURCE_NAME = 'UpdateDeployment'
#: The default timeout to pass to Heat stacks
STACK_TIMEOUT_DEFAULT = 240
#: The default name to use for a plan container
DEFAULT_CONTAINER_NAME = 'overcloud'
#: The path to the tripleo heat templates installed on the undercloud
DEFAULT_TEMPLATES_PATH = '/usr/share/openstack-tripleo-heat-templates/'
# The path to the tripleo validations installed on the undercloud
DEFAULT_VALIDATIONS_PATH = \
'/usr/share/openstack-tripleo-validations/validations/'
# TRIPLEO_META_USAGE_KEY is inserted into metadata for containers created in
# Swift via SwiftPlanStorageBackend to identify them from other containers
TRIPLEO_META_USAGE_KEY = 'x-container-meta-usage-tripleo'
#: List of names of parameters that contain passwords
PASSWORD_PARAMETER_NAMES = (
'AdminPassword',
'AdminToken',
'AodhPassword',
'BarbicanPassword',
'CeilometerMeteringSecret',
'CeilometerPassword',
'CephAdminKey',
'CephClientKey',
'CephClusterFSID',
'CephMdsKey',
'CephManilaClientKey',
'CephMonKey',
'CephRgwKey',
'CinderPassword',
'Ec2ApiPassword',
'GlancePassword',
'GnocchiPassword',
'HAProxyStatsPassword',
'HeatPassword',
'HeatStackDomainAdminPassword',
'IronicPassword',
'KeystoneCredential0',
'KeystoneCredential1',
'KeystoneFernetKey0',
'KeystoneFernetKey1',
'ManilaPassword',
'MistralPassword',
'MysqlClustercheckPassword',
'NeutronMetadataProxySharedSecret',
'NeutronPassword',
'NovaPassword',
'OctaviaHeartbeatKey',
'OctaviaPassword',
'PacemakerRemoteAuthkey',
'PankoPassword',
'RabbitPassword',
'RedisPassword',
'SaharaPassword',
'SnmpdReadonlyUserPassword',
'SwiftHashSuffix',
'SwiftPassword',
'TrovePassword',
'ZaqarPassword',
)
PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'