From 1db5013abd4b9ab14b254690f2a27d7299957b75 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Thu, 30 Apr 2015 14:50:15 +0100 Subject: [PATCH 1/1] Reuse the various service passwords as db passwords. We need to stop using "unset" as the password for all databases. Ideally we would add a "XxxxDSN" parameter (e.g. KeystoneDSN) but this wont work because we don't know the VirtualIP to pass in. Until we can come up with a better solution we should at least get rid of the "unset" passwords. Change-Id: I31f45912fa9c116ccdee010a2c5d91ea43a25671 Depends-On: I8ffe1eb481f615b0fbe127cd8107f1e70794c839 --- cinder-storage.yaml | 7 ++++++- controller.yaml | 42 ++++++++++++++++++++++++++------------- overcloud-without-mergepy.yaml | 1 + puppet/cinder-storage-puppet.yaml | 7 ++++++- puppet/controller-puppet.yaml | 38 +++++++++++++++++++++++------------ 5 files changed, 66 insertions(+), 29 deletions(-) diff --git a/cinder-storage.yaml b/cinder-storage.yaml index f26ef3e2..98123b83 100644 --- a/cinder-storage.yaml +++ b/cinder-storage.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true VirtualIP: default: '' type: string @@ -127,7 +132,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: controller_virtual_ip: {get_param: VirtualIP} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} signal_transport: NO_SIGNAL diff --git a/controller.yaml b/controller.yaml index b578a252..9044ade3 100644 --- a/controller.yaml +++ b/controller.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerMeteringSecret: @@ -21,7 +21,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -42,7 +42,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -133,7 +133,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -146,7 +146,7 @@ parameters: type: string HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -272,7 +272,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -309,7 +309,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -709,7 +709,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -720,7 +722,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -729,7 +733,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -740,7 +746,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} @@ -770,7 +778,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -778,7 +788,9 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: VirtualIP} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} @@ -787,7 +799,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' rabbit_username: {get_param: RabbitUserName} diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 142e502e..1a629b8a 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -687,6 +687,7 @@ resources: CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} # Purpose of the dedicated BlockStorage nodes should be to use their local LVM CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} + CinderPassword: {get_param: CinderPassword} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudBlockStorageFlavor} diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index de96809a..ab7bb8a8 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true Debug: default: '' description: Set to True to enable debugging on all services. @@ -139,7 +144,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 4e04eb0e..3014df9b 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerMeteringSecret: @@ -21,7 +21,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -42,7 +42,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -133,7 +133,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -146,7 +146,7 @@ parameters: type: string HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -276,7 +276,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -313,7 +313,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -485,7 +485,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -497,7 +499,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -505,7 +509,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -516,7 +522,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' keystone_identity_uri: @@ -562,7 +570,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' neutron_url: @@ -585,7 +595,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' pcsd_password: {get_param: PcsdPassword} -- 2.16.6