summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarco Platania <platania@research.att.com>2018-09-05 14:26:34 -0400
committerMarco Platania <platania@research.att.com>2018-09-05 14:26:34 -0400
commit8c1c99dfc4a42ff8e438a13858c95340a0f677c7 (patch)
treeca41ad656c7c8383faeeb58edd2617a45dc096d8
parent2871669ad9a0db36280fd1bcb7ff9d12066d1369 (diff)
Remove plain OpenStack pwd from Heat
- Replace plain OpenStack password with its encrypted version - Update SO install/init script to skip key encryption (will be done by user) - Provide a script that encrypts the plain OpenStack password Change-Id: Ifb7010ab8720ca92119c65484d05f5cfacf023cb Issue-ID: INT-646 Signed-off-by: Marco Platania <platania@research.att.com>
-rw-r--r--heat/ONAP/cloud-config/so_install.sh6
-rw-r--r--heat/ONAP/cloud-config/so_vm_init.sh3
-rw-r--r--heat/ONAP/onap_openstack.env4
-rw-r--r--heat/ONAP/onap_openstack.yaml8
-rw-r--r--heat/ONAP/onap_openstack_template.env4
-rwxr-xr-xheat/ONAP/openstack_encrypted_key.sh17
6 files changed, 26 insertions, 16 deletions
diff --git a/heat/ONAP/cloud-config/so_install.sh b/heat/ONAP/cloud-config/so_install.sh
index 3a8f3fc2..36c7c8cb 100644
--- a/heat/ONAP/cloud-config/so_install.sh
+++ b/heat/ONAP/cloud-config/so_install.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# Read configuration files
-OPENSTACK_API_KEY=$(cat /opt/config/openstack_api_key.txt)
+#OPENSTACK_API_KEY=$(cat /opt/config/openstack_api_key.txt)
GERRIT_BRANCH=$(cat /opt/config/gerrit_branch.txt)
CODE_REPO=$(cat /opt/config/remote_repo.txt)
HTTP_PROXY=$(cat /opt/config/http_proxy.txt)
@@ -16,7 +16,7 @@ fi
# Clone Gerrit repository and run docker containers.
cd /opt
git clone -b $GERRIT_BRANCH --single-branch $CODE_REPO test_lab
-SO_ENCRYPTION_KEY=$(cat /opt/test_lab/encryption.key)
-echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p > /opt/config/api_key.txt
+#SO_ENCRYPTION_KEY=$(cat /opt/test_lab/encryption.key)
+#echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p > /opt/config/api_key.txt
./so_vm_init.sh
diff --git a/heat/ONAP/cloud-config/so_vm_init.sh b/heat/ONAP/cloud-config/so_vm_init.sh
index fb19d1a3..1acf2eb0 100644
--- a/heat/ONAP/cloud-config/so_vm_init.sh
+++ b/heat/ONAP/cloud-config/so_vm_init.sh
@@ -5,7 +5,8 @@ NEXUS_PASSWD=$(cat /opt/config/nexus_password.txt)
NEXUS_DOCKER_REPO=$(cat /opt/config/nexus_docker_repo.txt)
DMAAP_TOPIC=$(cat /opt/config/dmaap_topic.txt)
OPENSTACK_USERNAME=$(cat /opt/config/openstack_username.txt)
-OPENSTACK_APIKEY=$(cat /opt/config/api_key.txt)
+#OPENSTACK_APIKEY=$(cat /opt/config/api_key.txt)
+OPENSTACK_APIKEY=$(cat /opt/config/openstack_api_key.txt)
export MSO_DOCKER_IMAGE_VERSION=$(cat /opt/config/docker_version.txt)
export MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
diff --git a/heat/ONAP/onap_openstack.env b/heat/ONAP/onap_openstack.env
index b9fc2e6c..c373317d 100644
--- a/heat/ONAP/onap_openstack.env
+++ b/heat/ONAP/onap_openstack.env
@@ -44,9 +44,7 @@ parameters:
openstack_username: PUT YOUR OPENSTACK USERNAME HERE
- openstack_api_key: PUT YOUR OPENSTACK PASSWORD HERE
-
- openstack_auth_method: password
+ openstack_api_key: PUT YOUR ENCRYPTED OPENSTACK PASSWORD HERE
openstack_region: RegionOne
diff --git a/heat/ONAP/onap_openstack.yaml b/heat/ONAP/onap_openstack.yaml
index 65fe4fdc..d836b78e 100644
--- a/heat/ONAP/onap_openstack.yaml
+++ b/heat/ONAP/onap_openstack.yaml
@@ -3,7 +3,7 @@
#==================LICENSE_START==========================================
#
#
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -121,13 +121,9 @@ parameters:
type: string
description: OpenStack username
- openstack_auth_method:
- type: string
- description: OpenStack authentication method (password VS. api-key)
-
openstack_api_key:
type: string
- description: OpenStack password or API Key
+ description: Encrypted OpenStack password
keystone_url:
type: string
diff --git a/heat/ONAP/onap_openstack_template.env b/heat/ONAP/onap_openstack_template.env
index af560124..13ed5071 100644
--- a/heat/ONAP/onap_openstack_template.env
+++ b/heat/ONAP/onap_openstack_template.env
@@ -44,9 +44,7 @@ parameters:
openstack_username: PUT YOUR OPENSTACK USERNAME HERE
- openstack_api_key: PUT YOUR OPENSTACK PASSWORD HERE
-
- openstack_auth_method: password
+ openstack_api_key: PUT YOUR ENCRYPTED OPENSTACK PASSWORD HERE
openstack_region: RegionOne
diff --git a/heat/ONAP/openstack_encrypted_key.sh b/heat/ONAP/openstack_encrypted_key.sh
new file mode 100755
index 00000000..20910fa3
--- /dev/null
+++ b/heat/ONAP/openstack_encrypted_key.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+usage () {
+ echo "Usage:"
+ echo " ./$(basename $0) your_openstack_password"
+ exit 1
+}
+
+if [ "$#" -ne 1 ]; then
+ echo "Wrong number of input parameters"
+ usage
+fi
+
+SO_ENCRYPTION_KEY=aa3871669d893c7fb8abbcda31b88b4f
+OPENSTACK_API_KEY=$1
+
+echo -n "$OPENSTACK_API_KEY" | openssl aes-128-ecb -e -K $SO_ENCRYPTION_KEY -nosalt | xxd -c 256 -p