From b05137d61ae3a0ab2abcf0e259446183d3f5ddd8 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Fri, 20 Feb 2015 12:04:47 -0500
Subject: Make heat auth_encryption_key random

Currently we have a hard-coded default for auth_encryption_key,
which isn't ideal as it's used as a salt for the DB encryption.

Instead, reference an OS::Heat::RandomString resource so we create
a random key for each deployment.

Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
---
 overcloud-without-mergepy.yaml | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'overcloud-without-mergepy.yaml')

diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index c311a479..10a8a7fa 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -496,6 +496,9 @@ parameters:
 
 resources:
 
+  HeatAuthEncryptionKey:
+    type: OS::Heat::RandomString
+
   Controller:
     type: OS::Heat::ResourceGroup
     properties:
@@ -522,6 +525,7 @@ resources:
           GlanceLogFile: {get_param: GlanceLogFile}
           HeatPassword: {get_param: HeatPassword}
           HeatStackDomainAdminPassword: {get_param: HeatStackDomainAdminPassword}
+          HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
           Image: {get_param: controllerImage}
           ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
           KeyName: {get_param: KeyName}
-- 
cgit 1.2.3-korg