From 7a549f40f5ce17dbee0274f2e9adc664394b0ab5 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 12 Oct 2011 07:13:13 +0000 Subject: [PATCH] Prompt users for passwords, and write those passwords to localrc --- stack.sh | 76 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 19 deletions(-) diff --git a/stack.sh b/stack.sh index f6bf534..cdeb8a0 100755 --- a/stack.sh +++ b/stack.sh @@ -91,14 +91,14 @@ set -o xtrace # This script is customizable through setting environment variables. If you # want to override a setting you can either:: # -# export MYSQL_PASS=anothersecret +# export MYSQL_PASSWORD=anothersecret # ./stack.sh # -# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh`` +# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh`` # # Additionally, you can put any local variables into a ``localrc`` file, like:: # -# MYSQL_PASS=anothersecret +# MYSQL_PASSWORD=anothersecret # MYSQL_USER=hellaroot # # We try to have sensible defaults, so you should be able to run ``./stack.sh`` @@ -111,7 +111,7 @@ set -o xtrace # # If ``localrc`` exists, then ``stackrc`` will load those settings. This is # useful for changing a branch or repostiory to test other versions. Also you -# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead +# can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead # of letting devstack generate random ones for you. source ./stackrc @@ -146,6 +146,43 @@ if [ ! -n "$HOST_IP" ]; then HOST_IP=`LC_ALL=C /sbin/ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'` fi +# Generic helper to configure passwords +function read_password { + set +o xtrace + var=$1; msg=$2 + pw=${!var} + + # If the password is not defined yet, proceed to prompt user for a password. + if [ ! $pw ]; then + # If there is no localrc file, create one + if [ ! -e localrc ]; then + touch localrc + fi + + # Presumably if we got this far it can only be that our localrc is missing + # the required password. Prompt user for a password and write to localrc. + if ! grep -q $1 localrc; then + echo '' + echo '################################################################################' + echo $msg + echo '################################################################################' + echo "This value will be written to your localrc file." + echo "It is probably best to avoid spaces and weird characters." + echo "If you leave this blank, a random default value will be used." + echo "Enter a password now:" + read $var + pw=${!var} + if [ ! $pw ]; then + pw=`openssl rand -hex 10` + fi + eval "$var=$pw" + echo "$var=$pw" >> localrc + fi + fi + set -o xtrace +} + + # Nova Network Configuration # -------------------------- @@ -194,31 +231,32 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0} # By default this script will install and configure MySQL. If you want to # use an existing server, you can pass in the user/password/host parameters. -# You will need to send the same ``MYSQL_PASS`` to every host if you are doing +# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing # a multi-node devstack installation. MYSQL_USER=${MYSQL_USER:-root} -MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`} +read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL." MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services -BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST} +BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST} # Rabbit connection info RABBIT_HOST=${RABBIT_HOST:-localhost} RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`} +read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT." # Glance connection info. Note the port must be specified. GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292} + # Keystone # -------- # Service Token - Openstack components need to have an admin token # to validate user tokens. -SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`} +read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN." # Dash currently truncates usernames and passwords at 20 characters -# so use 10 bytes -ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`} +read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)." # Install Packages @@ -301,15 +339,15 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then # Seed configuration with mysql password so that apt-get install doesn't # prompt us for a password upon install. cat <