Merge "Add generate_passwords.py to generate passwords"
This commit is contained in:
commit
892dc09c81
@ -165,6 +165,7 @@ function configure_operator {
|
||||
|
||||
tox -c ${KOLLA_PATH}/tox.ini -e genconfig
|
||||
cp -r ${KOLLA_PATH}/etc/kolla/ /etc/kolla
|
||||
${KOLLA_PATH}/tools/generate_passwords.py
|
||||
mkdir -p /usr/share/kolla
|
||||
chown -R vagrant: /etc/kolla /usr/share/kolla
|
||||
|
||||
|
@ -390,6 +390,15 @@ the Ansible inventory file can be found in the Ansible `inventory introduction
|
||||
All variables for the environment can be specified in the files:
|
||||
"/etc/kolla/globals.yml" and "/etc/kolla/passwords.yml"
|
||||
|
||||
Generate passwords for /etc/kolla/passwords.yml using the provided
|
||||
kolla-genpwd tool. The tool will populate all empty fields in the
|
||||
"/etc/kolla/passwords.yml" file using randomly generated values to secure the
|
||||
deployment. Optionally, the passwords may be populate in the file by hand.
|
||||
|
||||
::
|
||||
|
||||
kolla-genpwd
|
||||
|
||||
Start by editing /etc/kolla/globals.yml. Check and edit, if needed, these
|
||||
parameters: kolla_base_distro, kolla_install_type.
|
||||
|
||||
|
@ -1,66 +1,62 @@
|
||||
---
|
||||
# TODO(SamYaple): This file should have generated values by default. Propose
|
||||
# Ansible vault for locking down the secrets properly.
|
||||
|
||||
|
||||
###################
|
||||
# Ceph options
|
||||
####################
|
||||
ceph_cluster_fsid: "5fba2fbc-551d-11e5-a8ce-01ef4c5cf93c"
|
||||
rbd_secret_uuid: "bbc5b4d5-6fca-407d-807d-06a4f4a7bccb"
|
||||
|
||||
# These options must be UUID4 values in string format
|
||||
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
|
||||
ceph_cluster_fsid:
|
||||
rbd_secret_uuid:
|
||||
|
||||
###################
|
||||
# Database options
|
||||
####################
|
||||
database_password: "password"
|
||||
|
||||
database_password:
|
||||
|
||||
####################
|
||||
# Docker options
|
||||
####################
|
||||
# This should only be set if you require a password for your Docker registry
|
||||
docker_registry_password:
|
||||
|
||||
|
||||
####################
|
||||
# OpenStack options
|
||||
####################
|
||||
keystone_admin_password: "password"
|
||||
keystone_database_password: "password"
|
||||
keystone_admin_password:
|
||||
keystone_database_password:
|
||||
|
||||
glance_database_password: "password"
|
||||
glance_keystone_password: "password"
|
||||
glance_database_password:
|
||||
glance_keystone_password:
|
||||
|
||||
nova_database_password: "password"
|
||||
nova_api_database_password: "password"
|
||||
nova_keystone_password: "password"
|
||||
nova_database_password:
|
||||
nova_api_database_password:
|
||||
nova_keystone_password:
|
||||
|
||||
neutron_database_password: "password"
|
||||
neutron_keystone_password: "password"
|
||||
metadata_secret: "password"
|
||||
neutron_database_password:
|
||||
neutron_keystone_password:
|
||||
metadata_secret:
|
||||
|
||||
cinder_database_password: "password"
|
||||
cinder_keystone_password: "password"
|
||||
cinder_database_password:
|
||||
cinder_keystone_password:
|
||||
|
||||
swift_keystone_password: "password"
|
||||
swift_hash_path_suffix: "kolla"
|
||||
swift_hash_path_prefix: "kolla"
|
||||
swift_keystone_password:
|
||||
swift_hash_path_suffix:
|
||||
swift_hash_path_prefix:
|
||||
|
||||
heat_database_password: "password"
|
||||
heat_keystone_password: "password"
|
||||
heat_domain_admin_password: "password"
|
||||
heat_database_password:
|
||||
heat_keystone_password:
|
||||
heat_domain_admin_password:
|
||||
|
||||
murano_database_password: "password"
|
||||
murano_keystone_password: "password"
|
||||
murano_database_password:
|
||||
murano_keystone_password:
|
||||
|
||||
ironic_database_password: "password"
|
||||
ironic_keystone_password: "password"
|
||||
ironic_database_password:
|
||||
ironic_keystone_password:
|
||||
|
||||
magnum_database_password: "password"
|
||||
magnum_keystone_password: "password"
|
||||
magnum_database_password:
|
||||
magnum_keystone_password:
|
||||
|
||||
mistral_database_password: "password"
|
||||
mistral_keystone_password: "password"
|
||||
mistral_database_password:
|
||||
mistral_keystone_password:
|
||||
|
||||
horizon_secret_key: "password"
|
||||
|
||||
@ -72,12 +68,11 @@ memcache_secret_key: "password"
|
||||
####################
|
||||
# RabbitMQ options
|
||||
####################
|
||||
rabbitmq_password: "password"
|
||||
rabbitmq_cluster_cookie: "password"
|
||||
|
||||
rabbitmq_password:
|
||||
rabbitmq_cluster_cookie:
|
||||
|
||||
####################
|
||||
# HAProxy options
|
||||
####################
|
||||
haproxy_password: "password"
|
||||
keepalived_password: "password"
|
||||
haproxy_password:
|
||||
keepalived_password:
|
||||
|
51
kolla/cmd/genpwd.py
Executable file
51
kolla/cmd/genpwd.py
Executable file
@ -0,0 +1,51 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import random
|
||||
import string
|
||||
import uuid
|
||||
import yaml
|
||||
|
||||
|
||||
def main():
|
||||
# These keys should be random uuids
|
||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
|
||||
|
||||
# If these keys are None, leave them as None
|
||||
blank_keys = ['docker_registry_password']
|
||||
|
||||
# length of password
|
||||
length = 40
|
||||
|
||||
with open('/etc/kolla/passwords.yml', 'r') as f:
|
||||
passwords = yaml.load(f.read())
|
||||
|
||||
for k, v in passwords.items():
|
||||
if v is None:
|
||||
if k in blank_keys and v is None:
|
||||
continue
|
||||
if k in uuid_keys:
|
||||
passwords[k] = str(uuid.uuid4())
|
||||
else:
|
||||
passwords[k] = ''.join([
|
||||
random.SystemRandom().choice(
|
||||
string.ascii_letters + string.digits)
|
||||
for n in range(length)
|
||||
])
|
||||
|
||||
with open('/etc/kolla/passwords.yml', 'w') as f:
|
||||
f.write(yaml.dump(passwords, default_flow_style=False))
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
@ -35,6 +35,7 @@ scripts =
|
||||
[entry_points]
|
||||
console_scripts =
|
||||
kolla-build = kolla.cmd.build:main
|
||||
kolla-genpwd = kolla.cmd.genpwd:main
|
||||
oslo.config.opts =
|
||||
kolla = kolla.opts:list_opts
|
||||
|
||||
|
1
tools/generate_passwords.py
Symbolic link
1
tools/generate_passwords.py
Symbolic link
@ -0,0 +1 @@
|
||||
../kolla/cmd/genpwd.py
|
@ -21,6 +21,8 @@ function setup_config {
|
||||
tox -e genconfig
|
||||
# Copy configs
|
||||
sudo cp -a etc/kolla /etc/
|
||||
# Generate passwords
|
||||
sudo tools/generate_passwords.py
|
||||
|
||||
# Use Infra provided pypi
|
||||
echo "RUN echo $(base64 -w0 /etc/pip.conf) | base64 -d > /etc/pip.conf" | sudo tee /etc/kolla/header
|
||||
|
Loading…
x
Reference in New Issue
Block a user