From b05137d61ae3a0ab2abcf0e259446183d3f5ddd8 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Fri, 20 Feb 2015 12:04:47 -0500
Subject: Make heat auth_encryption_key random

Currently we have a hard-coded default for auth_encryption_key,
which isn't ideal as it's used as a salt for the DB encryption.

Instead, reference an OS::Heat::RandomString resource so we create
a random key for each deployment.

Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
---
 deprecated/overcloud-source.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'deprecated')

diff --git a/deprecated/overcloud-source.yaml b/deprecated/overcloud-source.yaml
index 91b6b7fd..82fe6755 100644
--- a/deprecated/overcloud-source.yaml
+++ b/deprecated/overcloud-source.yaml
@@ -475,6 +475,8 @@ resources:
     SubKey: resources.NovaCompute0PassthroughSpecific
     parameters:
         passthrough_config_specific: {get_param: NovaComputeExtraConfig}
+  HeatAuthEncryptionKey:
+    type: OS::Heat::RandomString
   controllerConfig:
     type: OS::Heat::StructuredConfig
     properties:
@@ -561,7 +563,8 @@ resources:
             get_param: HeatPassword
           admin_tenant_name: service
           admin_user: heat
-          auth_encryption_key: unset___________
+          auth_encryption_key:
+            get_resource: HeatAuthEncryptionKey
           db:
             Fn::Join:
               - ''
-- 
cgit 1.2.3-korg