From 1db5013abd4b9ab14b254690f2a27d7299957b75 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Thu, 30 Apr 2015 14:50:15 +0100 Subject: Reuse the various service passwords as db passwords. We need to stop using "unset" as the password for all databases. Ideally we would add a "XxxxDSN" parameter (e.g. KeystoneDSN) but this wont work because we don't know the VirtualIP to pass in. Until we can come up with a better solution we should at least get rid of the "unset" passwords. Change-Id: I31f45912fa9c116ccdee010a2c5d91ea43a25671 Depends-On: I8ffe1eb481f615b0fbe127cd8107f1e70794c839 --- puppet/cinder-storage-puppet.yaml | 7 ++++++- puppet/controller-puppet.yaml | 38 +++++++++++++++++++++++++------------- 2 files changed, 31 insertions(+), 14 deletions(-) (limited to 'puppet') diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index de96809a..ab7bb8a8 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true Debug: default: '' description: Set to True to enable debugging on all services. @@ -139,7 +144,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 4e04eb0e..3014df9b 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerMeteringSecret: @@ -21,7 +21,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -42,7 +42,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -133,7 +133,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -146,7 +146,7 @@ parameters: type: string HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -276,7 +276,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -313,7 +313,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -485,7 +485,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -497,7 +499,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -505,7 +509,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -516,7 +522,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' keystone_identity_uri: @@ -562,7 +570,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' neutron_url: @@ -585,7 +595,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' pcsd_password: {get_param: PcsdPassword} -- cgit 1.2.3-korg