From b05137d61ae3a0ab2abcf0e259446183d3f5ddd8 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Fri, 20 Feb 2015 12:04:47 -0500
Subject: Make heat auth_encryption_key random

Currently we have a hard-coded default for auth_encryption_key,
which isn't ideal as it's used as a salt for the DB encryption.

Instead, reference an OS::Heat::RandomString resource so we create
a random key for each deployment.

Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
---
 controller.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'controller.yaml')

diff --git a/controller.yaml b/controller.yaml
index a5ebab4f..0f69d23a 100644
--- a/controller.yaml
+++ b/controller.yaml
@@ -129,6 +129,9 @@ parameters:
     type: string
     default: ''
     hidden: true
+  HeatAuthEncryptionKey:
+    description: Auth encryption key for heat-engine
+    type: string
   Image:
     type: string
     default: overcloud-control
@@ -457,7 +460,7 @@ resources:
           admin_password: {get_input: heat_password}
           admin_tenant_name: service
           admin_user: heat
-          auth_encryption_key: unset___________
+          auth_encryption_key: {get_input: heat_auth_encryption_key}
           db: {get_input: heat_dsn}
           debug: {get_input: debug}
           stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -690,6 +693,7 @@ resources:
               - '/glance'
         heat_password: {get_param: HeatPassword}
         heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
+        heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
         heat_dsn:
           list_join:
             - ''
-- 
cgit 1.2.3-korg