Make heat auth_encryption_key random
Currently we have a hard-coded default for auth_encryption_key, which isn't ideal as it's used as a salt for the DB encryption. Instead, reference an OS::Heat::RandomString resource so we create a random key for each deployment. Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
This commit is contained in:
parent
8772095c42
commit
b05137d61a
@ -129,6 +129,9 @@ parameters:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
HeatAuthEncryptionKey:
|
||||
description: Auth encryption key for heat-engine
|
||||
type: string
|
||||
Image:
|
||||
type: string
|
||||
default: overcloud-control
|
||||
@ -457,7 +460,7 @@ resources:
|
||||
admin_password: {get_input: heat_password}
|
||||
admin_tenant_name: service
|
||||
admin_user: heat
|
||||
auth_encryption_key: unset___________
|
||||
auth_encryption_key: {get_input: heat_auth_encryption_key}
|
||||
db: {get_input: heat_dsn}
|
||||
debug: {get_input: debug}
|
||||
stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
|
||||
@ -690,6 +693,7 @@ resources:
|
||||
- '/glance'
|
||||
heat_password: {get_param: HeatPassword}
|
||||
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
|
||||
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
|
||||
heat_dsn:
|
||||
list_join:
|
||||
- ''
|
||||
|
@ -475,6 +475,8 @@ resources:
|
||||
SubKey: resources.NovaCompute0PassthroughSpecific
|
||||
parameters:
|
||||
passthrough_config_specific: {get_param: NovaComputeExtraConfig}
|
||||
HeatAuthEncryptionKey:
|
||||
type: OS::Heat::RandomString
|
||||
controllerConfig:
|
||||
type: OS::Heat::StructuredConfig
|
||||
properties:
|
||||
@ -561,7 +563,8 @@ resources:
|
||||
get_param: HeatPassword
|
||||
admin_tenant_name: service
|
||||
admin_user: heat
|
||||
auth_encryption_key: unset___________
|
||||
auth_encryption_key:
|
||||
get_resource: HeatAuthEncryptionKey
|
||||
db:
|
||||
Fn::Join:
|
||||
- ''
|
||||
|
@ -496,6 +496,9 @@ parameters:
|
||||
|
||||
resources:
|
||||
|
||||
HeatAuthEncryptionKey:
|
||||
type: OS::Heat::RandomString
|
||||
|
||||
Controller:
|
||||
type: OS::Heat::ResourceGroup
|
||||
properties:
|
||||
@ -522,6 +525,7 @@ resources:
|
||||
GlanceLogFile: {get_param: GlanceLogFile}
|
||||
HeatPassword: {get_param: HeatPassword}
|
||||
HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
|
||||
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
|
||||
Image: {get_param: controllerImage}
|
||||
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
|
||||
KeyName: {get_param: KeyName}
|
||||
|
@ -129,6 +129,9 @@ parameters:
|
||||
type: string
|
||||
default: ''
|
||||
hidden: true
|
||||
HeatAuthEncryptionKey:
|
||||
description: Auth encryption key for heat-engine
|
||||
type: string
|
||||
Image:
|
||||
type: string
|
||||
default: overcloud-control
|
||||
@ -433,6 +436,7 @@ resources:
|
||||
- - 'http://'
|
||||
- {get_param: VirtualIP}
|
||||
- ':8000/v1/waitcondition'
|
||||
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
|
||||
admin_password: {get_param: AdminPassword}
|
||||
admin_token: {get_param: AdminToken}
|
||||
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
|
||||
@ -636,7 +640,7 @@ resources:
|
||||
heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
|
||||
heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url}
|
||||
heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url}
|
||||
heat::engine::auth_encryption_key: unset___________
|
||||
heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
|
||||
heat::rabbit_userid: {get_input: rabbit_username}
|
||||
heat::rabbit_password: {get_input: rabbit_password}
|
||||
heat::rabbit_host: {get_input: controller_virtual_ip}
|
||||
|
Loading…
x
Reference in New Issue
Block a user