aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-07-26 13:40:23 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-07-26 13:54:18 +0200
commit9cf6f59f7a8993b1dd9402d6e96d863196b29b0a (patch)
tree7afdf08a2cb8473039b4b1e1b5407ca42dfb1d58
parent34e5932d0db1d3aeeed962df176d3b635018e641 (diff)
k8s: Remove hardcoded password for 'vagrant' user
Password for 'vagrant' user is now passed through exported environmental variable. This patch also: * removes the assumption of having 'vagrant' user on cluster nodes (for future scripts reuse), * removes mixed string interpolation and passing shell variables, * replaces '~' with '$HOME' for proper substitiution. Issue-ID: SECCOM-235 Change-Id: Id9e7b6acccd902de4c414cd8a0f095ac135fee5a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r--test/security/k8s/vagrant/dublin/Vagrantfile25
1 files changed, 19 insertions, 6 deletions
diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
index e7fe6b1ec..d91a8228c 100644
--- a/test/security/k8s/vagrant/dublin/Vagrantfile
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -2,7 +2,9 @@
# -*- coding: utf-8 -*-
host_ip = "192.168.121.1"
-operator_key = "~/.ssh/onap-key"
+operator_key = "${HOME}/.ssh/onap-key"
+vagrant_user = "vagrant"
+vagrant_password = "vagrant"
vm_memory = 2 * 1024
vm_cpus = 1
@@ -16,6 +18,16 @@ cluster = [
all = cluster.dup << operation
+$deploy_key = <<-SCRIPT
+ KEY="$1"
+ USER="$2"
+ PASS="$PASSWORD"
+ IPS="$3"
+ for ip in $IPS; do
+ sshpass -p "$PASS" ssh-copy-id -o StrictHostKeyChecking=no -i "$KEY" "${USER}@${ip}"
+ done
+SCRIPT
+
$link_dotfiles = <<-SCRIPT
for rc in /vagrant/dot_*; do
ln -sf "$rc" "${HOME}/.${rc##*dot_}"
@@ -73,11 +85,12 @@ Vagrant.configure('2') do |config|
ips = ""
cluster.each { |node| ips << node[:ip] << " " }
- config.vm.provision :shell, privileged: false, inline: <<-SHELL
- for ip in #{ips}; do
- sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip"
- done
- SHELL
+ config.vm.provision :shell do |s|
+ s.privileged = false
+ s.inline = $deploy_key
+ s.args = [operator_key, vagrant_user, ips]
+ s.env = {'PASSWORD': vagrant_password}
+ end
end
end
end