diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-07-26 13:40:23 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-07-26 13:54:18 +0200 |
commit | 9cf6f59f7a8993b1dd9402d6e96d863196b29b0a (patch) | |
tree | 7afdf08a2cb8473039b4b1e1b5407ca42dfb1d58 | |
parent | 34e5932d0db1d3aeeed962df176d3b635018e641 (diff) |
k8s: Remove hardcoded password for 'vagrant' user
Password for 'vagrant' user is now passed through exported environmental
variable.
This patch also:
* removes the assumption of having 'vagrant' user on cluster nodes (for
future scripts reuse),
* removes mixed string interpolation and passing shell variables,
* replaces '~' with '$HOME' for proper substitiution.
Issue-ID: SECCOM-235
Change-Id: Id9e7b6acccd902de4c414cd8a0f095ac135fee5a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r-- | test/security/k8s/vagrant/dublin/Vagrantfile | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile index e7fe6b1ec..d91a8228c 100644 --- a/test/security/k8s/vagrant/dublin/Vagrantfile +++ b/test/security/k8s/vagrant/dublin/Vagrantfile @@ -2,7 +2,9 @@ # -*- coding: utf-8 -*- host_ip = "192.168.121.1" -operator_key = "~/.ssh/onap-key" +operator_key = "${HOME}/.ssh/onap-key" +vagrant_user = "vagrant" +vagrant_password = "vagrant" vm_memory = 2 * 1024 vm_cpus = 1 @@ -16,6 +18,16 @@ cluster = [ all = cluster.dup << operation +$deploy_key = <<-SCRIPT + KEY="$1" + USER="$2" + PASS="$PASSWORD" + IPS="$3" + for ip in $IPS; do + sshpass -p "$PASS" ssh-copy-id -o StrictHostKeyChecking=no -i "$KEY" "${USER}@${ip}" + done +SCRIPT + $link_dotfiles = <<-SCRIPT for rc in /vagrant/dot_*; do ln -sf "$rc" "${HOME}/.${rc##*dot_}" @@ -73,11 +85,12 @@ Vagrant.configure('2') do |config| ips = "" cluster.each { |node| ips << node[:ip] << " " } - config.vm.provision :shell, privileged: false, inline: <<-SHELL - for ip in #{ips}; do - sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip" - done - SHELL + config.vm.provision :shell do |s| + s.privileged = false + s.inline = $deploy_key + s.args = [operator_key, vagrant_user, ips] + s.env = {'PASSWORD': vagrant_password} + end end end end |