summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster
diff options
context:
space:
mode:
authorGuillermo Herrero <guillermo.herrero@enea.com>2018-09-24 14:02:04 +0200
committerGuillermo Herrero <guillermo.herrero@enea.com>2018-09-25 11:10:37 +0200
commitc0de0902fdb9c15033ae830b31bfcade8eb1c3ec (patch)
treee56024b103e771bccbc07cbd83d662f339e398da /mcp/reclass/classes/cluster
parentd7bf560e12151853c3121ba39ad9bf6bd47befcf (diff)
[reclass] Consolidate all passwords
JIRA: FUEL-378 Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
Diffstat (limited to 'mcp/reclass/classes/cluster')
-rw-r--r--mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j22
-rw-r--r--mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml63
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j244
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j237
-rw-r--r--mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml2
-rw-r--r--mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml2
9 files changed, 66 insertions, 87 deletions
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
index c26d4a9f6..9d5115844 100644
--- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
@@ -25,8 +25,6 @@ parameters:
pxe_admin_interface_mtu: 1500
linux_system_codename: xenial
maas_admin_username: opnfv
- maas_admin_password: opnfv_secret
- maas_db_password: opnfv_secret
dns_server01: '{{ nm.dns_public[0] }}'
single_address: ${_param:infra_maas_node01_deploy_address}
hwe_kernel: 'hwe-16.04'
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2
index 17cf92549..84c82b738 100644
--- a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2
@@ -9,6 +9,7 @@
classes:
- system.linux.system.single
- cluster.all-mcp-arch-common.opnfv
+ - cluster.all-mcp-arch-common.passwords
parameters:
_param:
openstack_version: queens
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml
new file mode 100644
index 000000000..0c6d274b4
--- /dev/null
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml
@@ -0,0 +1,63 @@
+##############################################################################
+# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+parameters:
+ _param:
+ opnfv_main_password: opnfv_secret
+
+ maas_admin_password: ${_param:opnfv_main_password}
+ maas_db_password: ${_param:opnfv_main_password}
+ infra_maas_database_password: ${_param:opnfv_main_password}
+
+ galera_server_maintenance_password: ${_param:opnfv_main_password}
+ galera_server_admin_password: ${_param:opnfv_main_password}
+ rabbitmq_secret_key: ${_param:opnfv_main_password}
+ rabbitmq_admin_password: ${_param:opnfv_main_password}
+ rabbitmq_openstack_password: ${_param:opnfv_main_password}
+ rabbitmq_cold_password: ${_param:opnfv_main_password}
+ mysql_admin_password: ${_param:opnfv_main_password}
+ mysql_cinder_password: ${_param:opnfv_main_password}
+ mysql_ceilometer_password: ${_param:opnfv_main_password}
+ mysql_glance_password: ${_param:opnfv_main_password}
+ mysql_grafana_password: ${_param:opnfv_main_password}
+ mysql_heat_password: ${_param:opnfv_main_password}
+ mysql_keystone_password: ${_param:opnfv_main_password}
+ mysql_neutron_password: ${_param:opnfv_main_password}
+ mysql_nova_password: ${_param:opnfv_main_password}
+ mysql_aodh_password: ${_param:opnfv_main_password}
+ mysql_designate_password: ${_param:opnfv_main_password}
+ keystone_aodh_password: ${_param:opnfv_main_password}
+ keystone_service_token: ${_param:opnfv_main_password}
+ keystone_admin_password: ${_param:opnfv_main_password}
+ keystone_ceilometer_password: ${_param:opnfv_main_password}
+ keystone_cinder_password: ${_param:opnfv_main_password}
+ keystone_glance_password: ${_param:opnfv_main_password}
+ keystone_heat_password: ${_param:opnfv_main_password}
+ keystone_keystone_password: ${_param:opnfv_main_password}
+ keystone_neutron_password: ${_param:opnfv_main_password}
+ keystone_nova_password: ${_param:opnfv_main_password}
+ keystone_designate_password: ${_param:opnfv_main_password}
+ mysql_barbican_password: ${_param:opnfv_main_password}
+ keystone_barbican_password: ${_param:opnfv_main_password}
+ metadata_password: ${_param:opnfv_main_password}
+ openstack_telemetry_keepalived_password: ${_param:opnfv_main_password}
+ mysql_panko_password: ${_param:opnfv_main_password}
+ keystone_panko_password: ${_param:opnfv_main_password}
+ mysql_gnocchi_password: ${_param:opnfv_main_password}
+ keystone_gnocchi_password: ${_param:opnfv_main_password}
+ mysql_tacker_password: ${_param:opnfv_main_password}
+ keystone_tacker_password: ${_param:opnfv_main_password}
+ heat_domain_admin_password: ${_param:opnfv_main_password}
+ ceilometer_influxdb_password: ${_param:opnfv_main_password}
+ ceilometer_secret_key: ${_param:opnfv_main_password}
+
+ opendaylight_password: admin
+
+ barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
+ horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e
+ designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw==
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2
index 05b96e40b..2f4686767 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2
@@ -19,7 +19,6 @@ parameters:
reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address}
cluster_public_host: ${_param:openstack_proxy_address}
infra_config_hostname: cfg01
- infra_maas_database_password: opnfv_secret
# infra service addresses
infra_config_address: ${_param:opnfv_infra_config_address}
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2
index 042a12557..b08837876 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2
@@ -133,23 +133,16 @@ parameters:
neutron_compute_agent_mode: legacy
neutron_compute_external_access: 'True'
galera_server_cluster_name: openstack_cluster
- galera_server_maintenance_password: opnfv_secret
- galera_server_admin_password: opnfv_secret
- rabbitmq_secret_key: opnfv_secret
- rabbitmq_admin_password: opnfv_secret
- rabbitmq_openstack_password: opnfv_secret
glance_version: ${_param:openstack_version}
glance_service_host: ${_param:openstack_control_address}
keystone_version: ${_param:openstack_version}
keystone_service_host: ${_param:openstack_control_address}
heat_version: ${_param:openstack_version}
heat_service_host: ${_param:openstack_control_address}
- heat_domain_admin_password: opnfv_secret
cinder_version: ${_param:openstack_version}
cinder_service_host: ${_param:openstack_control_address}
ceilometer_version: ${_param:openstack_version}
ceilometer_service_host: ${_param:openstack_telemetry_address}
- ceilometer_influxdb_password: opnfv_secret
nova_version: ${_param:openstack_version}
nova_service_host: ${_param:openstack_control_address}
neutron_version: ${_param:openstack_version}
@@ -160,59 +153,22 @@ parameters:
glusterfs_service_host: ${_param:openstack_control_address}
{%- endif %}
mysql_admin_user: root
- mysql_admin_password: opnfv_secret
- mysql_cinder_password: opnfv_secret
- mysql_ceilometer_password: opnfv_secret
- mysql_glance_password: opnfv_secret
- mysql_grafana_password: opnfv_secret
- mysql_heat_password: opnfv_secret
- mysql_keystone_password: opnfv_secret
- mysql_neutron_password: opnfv_secret
- mysql_nova_password: opnfv_secret
- mysql_aodh_password: opnfv_secret
- mysql_designate_password: opnfv_secret
- aodh_version: ${_param:openstack_version}
- keystone_aodh_password: opnfv_secret
- keystone_service_token: opnfv_secret
- keystone_admin_password: opnfv_secret
- keystone_ceilometer_password: opnfv_secret
- keystone_cinder_password: opnfv_secret
- keystone_glance_password: opnfv_secret
- keystone_heat_password: opnfv_secret
- keystone_keystone_password: opnfv_secret
- keystone_neutron_password: opnfv_secret
- keystone_nova_password: opnfv_secret
- keystone_designate_password: opnfv_secret
-
barbican_version: ${_param:openstack_version}
barbican_service_host: ${_param:openstack_control_address}
- mysql_barbican_password: opnfv_secret
- keystone_barbican_password: opnfv_secret
- barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
barbican_integration_enabled: true
-
- ceilometer_secret_key: opnfv_secret
horizon_version: ${_param:openstack_version}
- horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e
horizon_identity_host: ${_param:openstack_control_address}
horizon_identity_encryption: none
horizon_identity_version: 3
- metadata_password: opnfv_secret
- openstack_telemetry_keepalived_password: opnfv_secret
aodh_service_host: ${_param:openstack_telemetry_address}
gnocchi_version: 4.2
gnocchi_service_host: ${_param:openstack_telemetry_address}
- mysql_gnocchi_password: opnfv_secret
- keystone_gnocchi_password: opnfv_secret
panko_version: ${_param:openstack_version}
panko_service_host: ${_param:openstack_telemetry_address}
- mysql_panko_password: opnfv_secret
- keystone_panko_password: opnfv_secret
ceilometer_agent_default_polling_interval: 180
ceilometer_agent_default_polling_meters:
- "*"
designate_service_host: ${_param:openstack_control_address}
- designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw==
designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
designate_pool_ns_records:
- hostname: 'ns1.example.org.'
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2
index 339d81889..e1e62981f 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2
@@ -12,7 +12,6 @@ classes:
parameters:
_param:
cluster_domain: ${_param:cluster_name}.local
- infra_maas_database_password: opnfv_secret
reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address}
infra_maas_node01_hostname: mas01
infra_maas_node01_address: ${_param:opnfv_infra_maas_node01_address}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
index 26a4bac73..c4542d32c 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2
@@ -26,8 +26,6 @@ parameters:
neutron_compute_agent_mode: legacy
neutron_compute_external_access: 'False'
galera_server_cluster_name: openstack_cluster
- galera_server_maintenance_password: opnfv_secret
- galera_server_admin_password: opnfv_secret
cluster_vip_address: ${_param:cluster_public_host}
cluster_local_address: ${_param:openstack_control_address}
cluster_node01_hostname: ctl01
@@ -36,17 +34,12 @@ parameters:
cluster_node02_address: ${_param:opnfv_openstack_control_node02_address}
cluster_node03_hostname: ctl03
cluster_node03_address: ${_param:opnfv_openstack_control_node03_address}
- rabbitmq_secret_key: opnfv_secret
- rabbitmq_admin_password: opnfv_secret
- rabbitmq_openstack_password: opnfv_secret
- rabbitmq_cold_password: opnfv_secret
glance_version: ${_param:openstack_version}
glance_service_host: ${_param:cluster_local_address}
keystone_version: ${_param:openstack_version}
keystone_service_host: ${_param:cluster_local_address}
heat_version: ${_param:openstack_version}
heat_service_host: ${_param:cluster_local_address}
- heat_domain_admin_password: opnfv_secret
ceilometer_version: ${_param:openstack_version}
ceilometer_service_host: ${_param:cluster_local_address}
ceilometer_database_host: ${_param:cluster_local_address}
@@ -58,27 +51,6 @@ parameters:
neutron_version: ${_param:openstack_version}
neutron_service_host: ${_param:cluster_local_address}
mysql_admin_user: root
- mysql_admin_password: opnfv_secret
- mysql_cinder_password: opnfv_secret
- mysql_ceilometer_password: opnfv_secret
- mysql_glance_password: opnfv_secret
- mysql_grafana_password: opnfv_secret
- mysql_heat_password: opnfv_secret
- mysql_keystone_password: opnfv_secret
- mysql_neutron_password: opnfv_secret
- mysql_nova_password: opnfv_secret
- mysql_aodh_password: opnfv_secret
- keystone_service_token: opnfv_secret
- keystone_admin_password: opnfv_secret
- keystone_ceilometer_password: opnfv_secret
- keystone_cinder_password: opnfv_secret
- keystone_glance_password: opnfv_secret
- keystone_heat_password: opnfv_secret
- keystone_keystone_password: opnfv_secret
- keystone_neutron_password: opnfv_secret
- keystone_nova_password: opnfv_secret
- ceilometer_secret_key: opnfv_secret
- metadata_password: opnfv_secret
horizon_version: ${_param:openstack_version}
horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e
horizon_identity_host: ${_param:cluster_vip_address}
@@ -88,28 +60,19 @@ parameters:
barbican_version: ${_param:openstack_version}
barbican_service_host: ${_param:cluster_local_address}
apache_barbican_api_address: ${_param:single_address}
- mysql_barbican_password: opnfv_secret
- keystone_barbican_password: opnfv_secret
barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
barbican_integration_enabled: true
{%- if '-sfc-' in conf.MCP_DEPLOY_SCENARIO %}
tacker_service_host: ${_param:cluster_local_address}
- keystone_tacker_password: opnfv_secret
- mysql_tacker_password: opnfv_secret
{%- endif %}
aodh_version: ${_param:openstack_version}
- keystone_aodh_password: opnfv_secret
aodh_service_host: ${_param:cluster_local_address}
gnocchi_version: 4.2
gnocchi_service_host: ${_param:cluster_local_address}
- mysql_gnocchi_password: opnfv_secret
- keystone_gnocchi_password: opnfv_secret
panko_version: ${_param:openstack_version}
panko_service_host: ${_param:cluster_local_address}
- mysql_panko_password: opnfv_secret
- keystone_panko_password: opnfv_secret
ceilometer_agent_default_polling_interval: 180
ceilometer_agent_default_polling_meters:
- "*"
diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml
index e2912fa3b..cd0d498f3 100644
--- a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml
@@ -18,6 +18,6 @@ parameters:
# For HA, all public services are available through nginx on prx
sdn_controller_ip: ${_param:cluster_public_host}
sdn_controller_user: admin # Hardcoded to default ODL values for now
- sdn_controller_password: admin
+ sdn_controller_password: ${_param:opendaylight_password}
sdn_controller_webport: ${_param:opendaylight_rest_port}
sdn_controller_restconfport: ${_param:opendaylight_rest_port}
diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml
index 03bd1efd4..a41a8b220 100644
--- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml
@@ -31,6 +31,6 @@ parameters:
# For noHA, all public services are available through haproxy on ctl
sdn_controller_ip: ${_param:cluster_vip_address}
sdn_controller_user: admin # Hardcoded to default ODL values for now
- sdn_controller_password: admin
+ sdn_controller_password: ${_param:opendaylight_password}
sdn_controller_webport: ${_param:opendaylight_rest_port}
sdn_controller_restconfport: ${_param:opendaylight_rest_port}