diff options
author | Steven Hardy <shardy@redhat.com> | 2015-12-09 18:23:08 +0000 |
---|---|---|
committer | Steven Hardy <shardy@redhat.com> | 2015-12-09 18:26:03 +0000 |
commit | 293f19b2a41386e1eea47a9e6add24b006c69c42 (patch) | |
tree | b51c3a2dfd32638d97585c7ca5ac4021dafa6f21 /puppet/compute.yaml | |
parent | 99bd9970d6bedee8228a6c8ff3d6f45aa1380e22 (diff) |
Remove unsafe "unset" defaults
All of our sensitive parameters are defaulted to easily predictable
values, which is very bad from a security perspective because we don't
force clients to make sane choices thus risk deploying with the
predictable default values. tripleoclient supports generating random
values for all of these, so remove the defaults, for non-tripleoclient
usage we can create a developer-only environment with defaults.
Related-Bug: #1516027
Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c
Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
Diffstat (limited to 'puppet/compute.yaml')
-rw-r--r-- | puppet/compute.yaml | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 42c6e276..6082a522 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -5,7 +5,6 @@ description: > parameters: AdminPassword: - default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true @@ -16,12 +15,10 @@ parameters: constraints: - allowed_values: ['', Present] CeilometerMeteringSecret: - default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: - default: unset description: The password for the ceilometer service account. type: string hidden: true @@ -110,7 +107,6 @@ parameters: VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronPassword: - default: unset description: The password for the neutron service account, used by neutron agents. type: string hidden: true @@ -147,7 +143,6 @@ parameters: default: 'False' type: string NeutronMetadataProxySharedSecret: - default: 'unset' description: Shared secret to prevent spoofing type: string hidden: true @@ -212,7 +207,6 @@ parameters: description: Whether to enable or not the Rbd backend for Nova type: boolean NovaPassword: - default: unset description: The password for the nova service account, used by nova-api. type: string hidden: true @@ -258,7 +252,6 @@ parameters: description: The user name for SNMPd with readonly rights running on all Overcloud nodes type: string SnmpdReadonlyUserPassword: - default: unset description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true |