From 6eb39284d44800a2a482a30101dfd1ccbc3d4f05 Mon Sep 17 00:00:00 2001 From: aticig Date: Thu, 24 Feb 2022 00:34:52 +0300 Subject: [PATCH] Adding secret overlay in Charmed installer Changing hardcoded password in charmed installation. This fix will change the default passwords used in charmed installation for Prometheus, Mariadb and Keystone. Change-Id: I8a722d1afbe460831da91f893dc414a4fbd9c239 Signed-off-by: aticig --- installers/charmed_install.sh | 43 ++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/installers/charmed_install.sh b/installers/charmed_install.sh index d26b9e73..e6b8ffeb 100755 --- a/installers/charmed_install.sh +++ b/installers/charmed_install.sh @@ -23,6 +23,7 @@ KUBECTL="microk8s.kubectl" MICROK8S_VERSION=1.23 OSMCLIENT_VERSION=latest IMAGES_OVERLAY_FILE=~/.osm/images-overlay.yaml +PASSWORD_OVERLAY_FILE=~/.osm/password-overlay.yaml PATH=/snap/bin:${PATH} MODEL_NAME=osm @@ -256,11 +257,14 @@ function deploy_charmed_osm(){ if [ -v OVERLAY ]; then extra_overlay="--overlay $OVERLAY" fi + echo "Creating Password Overlay" + + generate_password_overlay && secret_overlay="--overlay $PASSWORD_OVERLAY_FILE" if [ -v BUNDLE ]; then - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay else - juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay + juju deploy --trust --channel $CHARMHUB_CHANNEL -m $MODEL_NAME $OSM_BUNDLE --overlay ~/.osm/vca-overlay.yaml $images_overlay $extra_overlay $secret_overlay fi if [ ! -v KUBECFG ]; then @@ -313,6 +317,34 @@ function check_osm_deployed() { done } +function generate_password_overlay() { + # prometheus + web_config_password=`openssl rand -base64 16` + # keystone + keystone_db_password=`openssl rand -base64 16` + keystone_admin_password=`openssl rand -base64 16` + keystone_service_password=`openssl rand -base64 16` + # mariadb + mariadb_password=`openssl rand -hex 16` + mariadb_root_password=`openssl rand -hex 16` + cat << EOF > /tmp/password-overlay.yaml +applications: + prometheus: + options: + web_config_password: $web_config_password + keystone: + options: + keystone-db-password: $keystone_db_password + admin-password: $keystone_admin_password + service-password: $keystone_service_password + mariadb: + options: + password: $mariadb_password + root_password: $mariadb_root_password +EOF + mv /tmp/password-overlay.yaml $PASSWORD_OVERLAY_FILE +} + function create_overlay() { sudo snap install jq sudo snap install yq @@ -529,6 +561,7 @@ else deploy_charmed_osm install_osmclient export OSM_HOSTNAME=$(juju config -m $MODEL_NAME nbi site_url | sed "s/http.*\?:\/\///"):443 + export OSM_PASSWORD=$keystone_admin_password sleep 10 add_local_k8scluster if [ -v MICROSTACK ]; then @@ -540,10 +573,14 @@ else echo "1. Create the OSM_HOSTNAME environment variable with the NBI IP" echo echo "export OSM_HOSTNAME=$OSM_HOSTNAME" + echo "export OSM_PASSWORD=$OSM_PASSWORD" echo - echo "2. Add the previous command to your .bashrc for other Shell sessions" + echo "2. Add the previous commands to your .bashrc for other Shell sessions" echo echo "echo \"export OSM_HOSTNAME=$OSM_HOSTNAME\" >> ~/.bashrc" + echo "echo \"export OSM_PASSWORD=$OSM_PASSWORD\" >> ~/.bashrc" + echo + echo "3. Login OSM GUI by using admin password: $OSM_PASSWORD" echo echo "DONE" fi -- 2.25.1