aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Higgins <derekh@redhat.com>2015-04-30 14:50:15 +0100
committerDerek Higgins <derekh@redhat.com>2015-05-01 17:06:49 +0100
commit1db5013abd4b9ab14b254690f2a27d7299957b75 (patch)
treea45ec3cc82b50623d09161c4afe136c4dec422b9
parentd3ad26e0ecf6634d0437235abd89f9f0d282d020 (diff)
Reuse the various service passwords as db passwords.
We need to stop using "unset" as the password for all databases. Ideally we would add a "XxxxDSN" parameter (e.g. KeystoneDSN) but this wont work because we don't know the VirtualIP to pass in. Until we can come up with a better solution we should at least get rid of the "unset" passwords. Change-Id: I31f45912fa9c116ccdee010a2c5d91ea43a25671 Depends-On: I8ffe1eb481f615b0fbe127cd8107f1e70794c839
-rw-r--r--cinder-storage.yaml7
-rw-r--r--controller.yaml42
-rw-r--r--overcloud-without-mergepy.yaml1
-rw-r--r--puppet/cinder-storage-puppet.yaml7
-rw-r--r--puppet/controller-puppet.yaml38
5 files changed, 66 insertions, 29 deletions
diff --git a/cinder-storage.yaml b/cinder-storage.yaml
index f26ef3e2..98123b83 100644
--- a/cinder-storage.yaml
+++ b/cinder-storage.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
VirtualIP:
default: ''
type: string
@@ -127,7 +132,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
controller_virtual_ip: {get_param: VirtualIP}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
signal_transport: NO_SIGNAL
diff --git a/controller.yaml b/controller.yaml
index b578a252..9044ade3 100644
--- a/controller.yaml
+++ b/controller.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerMeteringSecret:
@@ -21,7 +21,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -42,7 +42,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -133,7 +133,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -146,7 +146,7 @@ parameters:
type: string
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -272,7 +272,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -309,7 +309,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -709,7 +709,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -720,7 +722,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -729,7 +733,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -740,7 +746,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
@@ -770,7 +778,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
@@ -778,7 +788,9 @@ resources:
ceilometer_dsn:
list_join:
- ''
- - - 'mysql://ceilometer:unset@'
+ - - 'mysql://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
@@ -787,7 +799,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
rabbit_username: {get_param: RabbitUserName}
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 142e502e..1a629b8a 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -687,6 +687,7 @@ resources:
CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
# Purpose of the dedicated BlockStorage nodes should be to use their local LVM
CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
+ CinderPassword: {get_param: CinderPassword}
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudBlockStorageFlavor}
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index de96809a..ab7bb8a8 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -139,7 +144,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
debug: {get_param: Debug}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
cinder_lvm_loop_device_size:
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 4e04eb0e..3014df9b 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerMeteringSecret:
@@ -21,7 +21,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -42,7 +42,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -133,7 +133,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -146,7 +146,7 @@ parameters:
type: string
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -276,7 +276,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -313,7 +313,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -485,7 +485,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -497,7 +499,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -505,7 +509,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -516,7 +522,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
keystone_identity_uri:
@@ -562,7 +570,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
neutron_url:
@@ -585,7 +595,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
pcsd_password: {get_param: PcsdPassword}