From 5e2c2063e803520d74af52dd4ee86da046b99403 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Mon, 2 Feb 2015 20:45:53 +0100 Subject: [PATCH] Make the used password configurable Change-Id: I8cd1a30bba00e8262d1f75831e15489eb9b1c710 --- config.yaml.sample | 1 + doc/source/configuration.rst | 11 +++++++ files/packstack.answers.j2 | 64 ++++++++++++++++++------------------ 3 files changed, 44 insertions(+), 32 deletions(-) diff --git a/config.yaml.sample b/config.yaml.sample index 0d20f60..d8a08f6 100644 --- a/config.yaml.sample +++ b/config.yaml.sample @@ -8,6 +8,7 @@ bridge_external: tap1 network_agent: openvswitch network_type: gre netmask_internal: 255.255.0.0 +secret: password proxy: address: 'http://proxy.company.site:3128' install: false diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index d0a3266..f04b3b1 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -188,3 +188,14 @@ For example to enable the component ``trove`` set ``trove`` to ``true``. swift: true tempest: false trove: false + +Passwords and tokens +-------------------- + +For simplification ``packstack-vagrant`` uses the same secret for all used +passwords and tokens. By default this secret is ``password``. To change the +secret change the value of the parameter ``secret``. + +:: + + secret: password diff --git a/files/packstack.answers.j2 b/files/packstack.answers.j2 index 3c8b27f..8a121a8 100644 --- a/files/packstack.answers.j2 +++ b/files/packstack.answers.j2 @@ -9,7 +9,7 @@ CONFIG_SSH_KEY=/home/vagrant/.ssh/id_packstack.pub # Set a default password everywhere. The default password will be # overriden by whatever password is set for each individual service or # user. -CONFIG_DEFAULT_PASSWORD=password +CONFIG_DEFAULT_PASSWORD={{ secret }} # Set to 'y' if you would like Packstack to install MariaDB CONFIG_MARIADB_INSTALL=y @@ -221,7 +221,7 @@ CONFIG_AMQP_SSL_SELF_SIGNED=y CONFIG_AMQP_AUTH_USER=amqp_user # Password for user authentication -CONFIG_AMQP_AUTH_PASSWORD=password +CONFIG_AMQP_AUTH_PASSWORD={{ secret }} # The IP address of the server on which to install MariaDB or IP # address of DB server to use if MariaDB installation was not selected @@ -231,22 +231,22 @@ CONFIG_MARIADB_HOST={{ address.controller }} CONFIG_MARIADB_USER=root # Password for the MariaDB admin user -CONFIG_MARIADB_PW=password +CONFIG_MARIADB_PW={{ secret }} # The password to use for the Keystone to access DB -CONFIG_KEYSTONE_DB_PW=password +CONFIG_KEYSTONE_DB_PW={{ secret }} # Region name CONFIG_KEYSTONE_REGION=RegionOne # The token to use for the Keystone service api -CONFIG_KEYSTONE_ADMIN_TOKEN=password +CONFIG_KEYSTONE_ADMIN_TOKEN={{ secret }} # The password to use for the Keystone admin user -CONFIG_KEYSTONE_ADMIN_PW=password +CONFIG_KEYSTONE_ADMIN_PW={{ secret }} # The password to use for the Keystone demo user -CONFIG_KEYSTONE_DEMO_PW=password +CONFIG_KEYSTONE_DEMO_PW={{ secret }} # Kestone token format. Use either UUID or PKI CONFIG_KEYSTONE_TOKEN_FORMAT=UUID @@ -255,10 +255,10 @@ CONFIG_KEYSTONE_TOKEN_FORMAT=UUID CONFIG_KEYSTONE_SERVICE_NAME=keystone # The password to use for the Glance to access DB -CONFIG_GLANCE_DB_PW=password +CONFIG_GLANCE_DB_PW={{ secret }} # The password to use for the Glance to authenticate with Keystone -CONFIG_GLANCE_KS_PW=password +CONFIG_GLANCE_KS_PW={{ secret }} # Glance storage backend controls how Glance stores disk images. # Supported values: file, swift. Note that Swift installation have to @@ -267,10 +267,10 @@ CONFIG_GLANCE_KS_PW=password CONFIG_GLANCE_BACKEND=file # The password to use for the Cinder to access DB -CONFIG_CINDER_DB_PW=password +CONFIG_CINDER_DB_PW={{ secret }} # The password to use for the Cinder to authenticate with Keystone -CONFIG_CINDER_KS_PW=password +CONFIG_CINDER_KS_PW={{ secret }} # The Cinder backend to use, valid options are: lvm, gluster, nfs, # netapp @@ -409,16 +409,16 @@ CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2 # ''. CONFIG_CINDER_NETAPP_STORAGE_POOLS= -CONFIG_IRONIC_DB_PW=password +CONFIG_IRONIC_DB_PW={{ secret }} # The password to use for Ironic to authenticate with Keystone -CONFIG_IRONIC_KS_PW=password +CONFIG_IRONIC_KS_PW={{ secret }} # The password to use for the Nova to access DB -CONFIG_NOVA_DB_PW=password +CONFIG_NOVA_DB_PW={{ secret }} # The password to use for the Nova to authenticate with Keystone -CONFIG_NOVA_KS_PW=password +CONFIG_NOVA_KS_PW={{ secret }} # The overcommitment ratio for virtual to physical CPUs. Set to 1.0 # to disable CPU overcommitment @@ -469,10 +469,10 @@ CONFIG_NOVA_NETWORK_NUMBER=1 CONFIG_NOVA_NETWORK_SIZE=255 # The password to use for Neutron to authenticate with Keystone -CONFIG_NEUTRON_KS_PW=password +CONFIG_NEUTRON_KS_PW={{ secret }} # The password to use for Neutron to access DB -CONFIG_NEUTRON_DB_PW=password +CONFIG_NEUTRON_DB_PW={{ secret }} # The name of the bridge that the Neutron L3 agent will use for # external traffic, or 'provider' if using provider networks @@ -483,7 +483,7 @@ CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex CONFIG_NEUTRON_L2_PLUGIN=ml2 # Neutron metadata agent password -CONFIG_NEUTRON_METADATA_PW=password +CONFIG_NEUTRON_METADATA_PW={{ secret }} # Set to 'y' if you would like Packstack to install Neutron LBaaS CONFIG_LBAAS_INSTALL=y @@ -597,7 +597,7 @@ CONFIG_SSL_KEY= CONFIG_SSL_CACHAIN= # The password to use for the Swift to authenticate with Keystone -CONFIG_SWIFT_KS_PW=password +CONFIG_SWIFT_KS_PW={{ secret }} # A comma separated list of devices which to use as Swift Storage # device. Each entry should take the format /path/to/dev, for example @@ -618,7 +618,7 @@ CONFIG_SWIFT_STORAGE_REPLICAS=2 CONFIG_SWIFT_STORAGE_FSTYPE=xfs # Shared secret for Swift -CONFIG_SWIFT_HASH=password +CONFIG_SWIFT_HASH={{ secret }} # Size of the swift loopback file storage device CONFIG_SWIFT_STORAGE_SIZE=2G @@ -635,7 +635,7 @@ CONFIG_PROVISION_TEMPEST={{ 'y' if components.tempest == true else 'n' }} CONFIG_PROVISION_TEMPEST_USER= # The password to use for the Tempest Provisioning user -CONFIG_PROVISION_TEMPEST_USER_PW=password +CONFIG_PROVISION_TEMPEST_USER_PW={{ secret }} # The CIDR network address for the floating IP subnet CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28 @@ -651,13 +651,13 @@ CONFIG_PROVISION_TEMPEST_REPO_REVISION=master CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=n # The password used by Heat user to authenticate against MySQL -CONFIG_HEAT_DB_PW=password +CONFIG_HEAT_DB_PW={{ secret }} # The encryption key to use for authentication info in database # CONFIG_HEAT_AUTH_ENC_KEY= # The password to use for the Heat to authenticate with Keystone -CONFIG_HEAT_KS_PW=password +CONFIG_HEAT_KS_PW={{ secret }} # Set to 'y' if you would like Packstack to install Heat CloudWatch # API @@ -679,19 +679,19 @@ CONFIG_HEAT_DOMAIN=heat CONFIG_HEAT_DOMAIN_ADMIN=heat_admin # Password for Keystone domain admin user for Heat -CONFIG_HEAT_DOMAIN_PASSWORD=password +CONFIG_HEAT_DOMAIN_PASSWORD={{ secret }} # The password to use for the Sahara DB access -CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER +CONFIG_SAHARA_DB_PW={{ secret }} # The password to use for Sahara to authenticate with Keystone -CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER +CONFIG_SAHARA_KS_PW={{ secret }} # The password to use for the Trove DB access -CONFIG_TROVE_DB_PW=password +CONFIG_TROVE_DB_PW={{ secret }} # The password to use for Trove to authenticate with Keystone -CONFIG_TROVE_KS_PW=password +CONFIG_TROVE_KS_PW={{ secret }} # The user to use when Trove connects to Nova CONFIG_TROVE_NOVA_USER=admin @@ -700,16 +700,16 @@ CONFIG_TROVE_NOVA_USER=admin CONFIG_TROVE_NOVA_TENANT=services # The password to use when Trove connects to Nova -CONFIG_TROVE_NOVA_PW=password +CONFIG_TROVE_NOVA_PW={{ secret }} # Secret key for signing metering messages -CONFIG_CEILOMETER_SECRET=password +CONFIG_CEILOMETER_SECRET={{ secret }} # The password to use for Ceilometer to authenticate with Keystone -CONFIG_CEILOMETER_KS_PW=password +CONFIG_CEILOMETER_KS_PW={{ secret }} # The IP address of the server on which to install MongoDB CONFIG_MONGODB_HOST={{ address.controller }} # The password of the nagiosadmin user on the Nagios server -CONFIG_NAGIOS_PW=password +CONFIG_NAGIOS_PW={{ secret }}