DCN extraction should exclude Ceph variables

Without this additional step you may run into RHBZ 1762360

Change-Id: Ie08f540bdfa2292f14d0958f06b441960caa58de

deploy-guide/source/features/distributed_compute_node.rst

@@ -344,7 +344,7 @@ deployment with the following command:
 .. code-block:: bash
 
   openstack object save overcloud plan-environment.yaml
-  python -c "import yaml; data=yaml.safe_load(open('plan-environment.yaml').read()); print yaml.dump(dict(parameter_defaults=data['passwords']))" > passwords.yaml
+  python -c "import yaml; data=yaml.safe_load(open('plan-environment.yaml').read()); print yaml.dump(dict(parameter_defaults=data['passwords']))" | grep -vi ceph > passwords.yaml
 
 Use the passwords.yaml enviornment file generated by the previous command, or
 reuse the environment file used to set the values for the control plane stack.
@@ -353,7 +353,13 @@ reuse the environment file used to set the values for the control plane stack.
 
   The `passwords.yaml` generated in the previous command contains sensitive
   security data such as passwords and TLS certificates that are used in the
-  overcloud deployment.
+  overcloud deployment. Some passwords in the file may be removed if
+  they are not needed by the DCN. For example, the passwords for
+  RabbitMQ, MySQL, Keystone, Nova and Neutron should be sufficient to
+  launch an instance. In the example above the Ceph passwords are
+  excluded so that DCN deployments which include Ceph do not reuse the
+  same Ceph password and instead new ones are generated per DCN
+  deployment.
 
   Care should be taken to keep the file as secured as possible.