diff options
| author |   Steven Hardy <shardy@redhat.com> | 2015-02-20 12:04:47 -0500 |
|---|---|---|
| committer | Steven Hardy <shardy@redhat.com> | 2015-03-13 06:08:56 -0400 |
| commit | b05137d61ae3a0ab2abcf0e259446183d3f5ddd8 (patch) | |
| tree | be8066061b32cbdd94f6b9f18f94676f021e775a /controller.yaml | |
| parent | 8772095c427c0c90747077271c70d84b16741359 (diff) | |
Make heat auth_encryption_key random
Currently we have a hard-coded default for auth_encryption_key,
which isn't ideal as it's used as a salt for the DB encryption.
Instead, reference an OS::Heat::RandomString resource so we create
a random key for each deployment.
Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
Diffstat (limited to 'controller.yaml')
| -rw-r--r-- | controller.yaml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/controller.yaml b/controller.yaml index a5ebab4f..0f69d23a 100644 --- a/controller.yaml +++ b/controller.yaml @@ -129,6 +129,9 @@ parameters: type: string default: '' hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string Image: type: string default: overcloud-control @@ -457,7 +460,7 @@ resources: admin_password: {get_input: heat_password} admin_tenant_name: service admin_user: heat - auth_encryption_key: unset___________ + auth_encryption_key: {get_input: heat_auth_encryption_key} db: {get_input: heat_dsn} debug: {get_input: debug} stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -690,6 +693,7 @@ resources: - '/glance' heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} heat_dsn: list_join: - '' |