Commit 44ecb8db authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis

deploy: Use passwords found in conf files

The following passwords and secrets are needed for each deployment:

db, rapi, mq, vnc, cyclades, oa2, webproject, stats, and collectd.

Provide all of them in synnefo.conf file. Components can get them
via the config module e.g., config.synnefo_db_passwd,
config.cyclades_secret, etc.
Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
parent 0b1e9572
......@@ -5,11 +5,16 @@ synnefo_db_passwd = example_passw0rd
synnefo_rapi_passwd = example_rapi_passw0rd
synnefo_rabbitmq_passwd = example_rabbitmq_passw0rd
synnefo_vnc_passwd = example_vnc_passw0rd
cyclades_secret = example_cyclades_secret
oa2_secret = example_oa2_secret
webproject_secret = example_webproject_secret
stats_secret = example_stats_secret
collectd_secret = example_collectd_secret
user_email = user@synnefo.org
user_name = John
user_lastname = Doe
user_passwd = 12345
oa2_secret = 12345
pithos_dir = /srv/pithos
image_dir = /srv/images
......
......@@ -70,6 +70,10 @@ stack.
If the following ends without errors, you have successfully installed Synnefo.
NOTE: All the passwords and secrets used during installation are
hardcoded in `/etc/snf-deploy/synnefo.conf`. You can change them before
starting the installation process.
.. _access-synnefo:
Accessing the Synnefo installation
......
......@@ -5,11 +5,16 @@ synnefo_db_passwd = example_passw0rd
synnefo_rapi_passwd = example_rapi_passw0rd
synnefo_rabbitmq_passwd = example_rabbitmq_passw0rd
synnefo_vnc_passwd = example_vnc_passw0rd
cyclades_secret = example_cyclades_secret
oa2_secret = example_oa2_secret
webproject_secret = example_webproject_secret
stats_secret = example_stats_secret
collectd_secret = example_collectd_secret
user_email = user@synnefo.org
user_name = John
user_lastname = Doe
user_passwd = 12345
oa2_secret = 12345
pithos_dir = /srv/pithos
image_dir = /srv/images
......
......@@ -14,7 +14,7 @@ LoadPlugin network
<Server "%STATS%" "25826">
SecurityLevel "Encrypt"
Username "user"
Password "secret"
Password "%COLLECTD_SECRET%"
</Server>
TimeToLive 128
ReportStats false
......
......@@ -22,7 +22,7 @@ GANETI_DISK_TEMPLATES = ('blockdev', 'diskless', 'drbd', 'file', 'plain',
'rbd', 'sharedfile', 'ext')
ASTAKOS_AUTH_URL = 'https://%ACCOUNTS%/astakos/identity/v2.0'
SECRET_ENCRYPTION_KEY= "oEs0pt7Di1mkxA0P6FiK"
SECRET_ENCRYPTION_KEY= "%CYCLADES_SECRET%"
GANETI_CREATEINSTANCE_KWARGS = {
'os': 'snf-image+default',
......@@ -87,7 +87,7 @@ CYCLADES_VNCAUTHPROXY_OPTS = {
'auth_password': '%SYNNEFO_VNC_PASSWD%',
}
CYCLADES_STATS_SECRET_KEY = "random"
CYCLADES_STATS_SECRET_KEY = "%STATS_SECRET%"
# IP and not fqdn because java VncViewer class used for machine's console
# has an issue with self-signed certificates
......
STATS_BASE_URL = "https://%STATS%/stats/"
STATS_SECRET_KEY = "random"
STATS_SECRET_KEY = "%STATS_SECRET%"
......@@ -23,7 +23,7 @@ DATABASES = {
}
}
SECRET_KEY = 'ly6)mw6a7x%n)-e#zzk4jo6f2=uqu!1o%)2-(7lo+f9yd^k^bg'
SECRET_KEY = '%WEBPROJECT_SECRET%'
USE_X_FORWARDED_HOST = True
SESSION_COOKIE_DOMAIN = "%DOMAIN%"
......@@ -918,6 +918,7 @@ class WEB(base.Component):
"synnefo_db_passwd": config.synnefo_db_passwd,
"db_node": self.ctx.db.cname,
"domain": self.node.domain,
"webproject_secret": config.webproject_secret,
}
return [
("/etc/synnefo/webproject.conf", r1, {}),
......@@ -1443,9 +1444,11 @@ snf-manage network-create --subnet6={0} \
"domain": self.node.domain,
"CYCLADES_SERVICE_TOKEN": context.service_token,
"STATS": self.ctx.stats.cname,
"STATS_SECRET": config.stats_secret,
"SYNNEFO_VNC_PASSWD": config.synnefo_vnc_passwd,
# TODO: fix java issue with no signed jar
"CYCLADES_NODE_IP": self.ctx.cyclades.ip
"CYCLADES_NODE_IP": self.ctx.cyclades.ip,
"CYCLADES_SECRET": config.cyclades_secret,
}
return [
("/etc/synnefo/cyclades.conf", r1, {}),
......@@ -1646,6 +1649,7 @@ class Stats(base.Component):
def _configure(self):
r1 = {
"STATS": self.ctx.stats.cname,
"STATS_SECRET": config.stats_secret,
}
return [
("/etc/synnefo/stats.conf", r1, {}),
......@@ -1664,6 +1668,7 @@ class GanetiCollectd(base.Component):
def _configure(self):
r1 = {
"STATS": self.ctx.stats.cname,
"COLLECTD_SECRET": config.collectd_secret,
}
return [
("/etc/collectd/passwd", {}, {}),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment