Commit 8801f42d authored by Thomas Goirand's avatar Thomas Goirand

Correctly use a a real random key for heat's encryption key.

parent a3a571dd
......@@ -24,6 +24,7 @@ openstack-cluster-installer (21) UNRELEASED; urgency=medium
* Make sure python-keystonemiddleware is installed on swift-proxy nodes.
* Firewall swift's container, account and object servers.
* Correctly set the erlang_cookie for rabbitmq as a random value.
* Correctly use a a real random key for heat's encryption key.
[ Oliver Chaze ]
* swift: do not log in syslog general logs
......
......@@ -100,6 +100,7 @@ class oci::controller(
$pass_neutron_db = undef,
$pass_neutron_messaging = undef,
$pass_neutron_authtoken = undef,
$pass_heat_encryptkey = undef,
$pass_heat_db = undef,
$pass_heat_messaging = undef,
$pass_heat_authtoken = undef,
......@@ -1984,7 +1985,7 @@ test -e \$mon_data/done
service_name => 'heat-api',
}
class { '::heat::engine':
auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12',
auth_encryption_key => $pass_heat_encryptkey[0,32],
# heat_metadata_server_url => "${base_url}:8000/orchestration-cfn",
# heat_waitcondition_server_url => "${base_url}:8000/orchestration-cfn/v1/waitcondition",
}
......
......@@ -718,6 +718,10 @@ function api_actions($con,$conf){
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_cinder_authtoken: " . $json["data"] . "\n";
$json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'encryptkey');
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_heat_encryptkey: " . $json["data"] . "\n";
$json = get_cluster_password($con, $conf, $cluster_id, 'heat', 'db');
if($json["status"] != "success"){ return $json; }
$enc_file .= " pass_heat_db: " . $json["data"] . "\n";
......
......@@ -223,6 +223,7 @@ function new_cluster($con, $conf, $cluster_name, $cluster_domain){
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'db');
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'messaging');
insert_cluster_pass($con, $conf, $cluster_id, 'neutron', 'authtoken');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'encryptkey');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'db');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'messaging');
insert_cluster_pass($con, $conf, $cluster_id, 'heat', 'authtoken');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment