diff options
author | Robert H. Hyerle <hyerle@hp.com> | 2013-04-28 19:04:24 +0200 |
---|---|---|
committer | Robert H. Hyerle <hyerle@hp.com> | 2013-05-16 16:56:52 +0200 |
commit | 76ee689d09de6c93de447ade626c94137c778865 (patch) | |
tree | 86f270267eec02eed6dd206802cf5ff4f835db6b /tools | |
parent | cb0ddabff3609e408ef30ccb55842cb4e724e329 (diff) | |
download | keystone-76ee689d09de6c93de447ade626c94137c778865.tar.gz |
Accept env variables to override default passwords
Preserves the default passwords corresponding to the OpenStack Install
and Deploy Manual while allowing environment variables to specify user
provided passwords. As well, a single common password for all the service
users can be specified using the SERVICE_PASSWORD environment variable.
This fix restores compatibility with the version of this script released
in Folsom where the environment variables could override default passwords.
It also preserves compatibility with the fix for bug 1073291 that brought
the script into line with the docs (but unfortunately broke backwards
compatibility).
There is no warning emited if the user does not override the default
passwords as was present in Folsom, but not in Grizzly. This makes the
fix output compatible with Grizzly only. Note that the logic for warnings
pre-Grizzly was unclear. The script is, however, clearly named "sample"
and warnings are present in the comments.
Change-Id: I927fcddf04dcb87e5c9252f0874939b17f3c4809
Fixes: bug #1166182
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/sample_data.sh | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/tools/sample_data.sh b/tools/sample_data.sh index 08a1dba5d..3ad819b31 100755 --- a/tools/sample_data.sh +++ b/tools/sample_data.sh @@ -37,6 +37,17 @@ # service ec2 admin # service swift admin +# By default, passwords used are those in the OpenStack Install and Deploy Manual. +# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate +# environment variables. A common default password for all the services can be used by +# setting the "SERVICE_PASSWORD" environment variable. + +ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} +NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}} +GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}} +EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}} +SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}} + CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost} CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost} CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost} @@ -80,7 +91,7 @@ DEMO_TENANT=$(get_id keystone tenant-create --name=demo \ --description "Default Tenant") ADMIN_USER=$(get_id keystone user-create --name=admin \ - --pass=secrete) + --pass="${ADMIN_PASSWORD}") ADMIN_ROLE=$(get_id keystone role-create --name=admin) @@ -95,14 +106,14 @@ SERVICE_TENANT=$(get_id keystone tenant-create --name=service \ --description "Service Tenant") GLANCE_USER=$(get_id keystone user-create --name=glance \ - --pass=glance) + --pass="${GLANCE_PASSWORD}") keystone user-role-add --user-id $GLANCE_USER \ --role-id $ADMIN_ROLE \ --tenant-id $SERVICE_TENANT NOVA_USER=$(get_id keystone user-create --name=nova \ - --pass=nova \ + --pass="${NOVA_PASSWORD}" \ --tenant-id $SERVICE_TENANT) keystone user-role-add --user-id $NOVA_USER \ @@ -110,7 +121,7 @@ keystone user-role-add --user-id $NOVA_USER \ --tenant-id $SERVICE_TENANT EC2_USER=$(get_id keystone user-create --name=ec2 \ - --pass=ec2 \ + --pass="${EC2_PASSWORD}" \ --tenant-id $SERVICE_TENANT) keystone user-role-add --user-id $EC2_USER \ @@ -118,7 +129,7 @@ keystone user-role-add --user-id $EC2_USER \ --tenant-id $SERVICE_TENANT SWIFT_USER=$(get_id keystone user-create --name=swift \ - --pass=swiftpass \ + --pass="${SWIFT_PASSWORD}" \ --tenant-id $SERVICE_TENANT) keystone user-role-add --user-id $SWIFT_USER \ |