From 7a549f40f5ce17dbee0274f2e9adc664394b0ab5 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Wed, 12 Oct 2011 07:13:13 +0000
Subject: [PATCH] Prompt users for passwords, and write those passwords to
 localrc

---
 stack.sh | 76 ++++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 57 insertions(+), 19 deletions(-)

diff --git a/stack.sh b/stack.sh
index f6bf534..cdeb8a0 100755
--- a/stack.sh
+++ b/stack.sh
@@ -91,14 +91,14 @@ set -o xtrace
 # This script is customizable through setting environment variables.  If you
 # want to override a setting you can either::
 #
-#     export MYSQL_PASS=anothersecret
+#     export MYSQL_PASSWORD=anothersecret
 #     ./stack.sh
 #
-# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh``
+# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh``
 #
 # Additionally, you can put any local variables into a ``localrc`` file, like::
 #
-#     MYSQL_PASS=anothersecret
+#     MYSQL_PASSWORD=anothersecret
 #     MYSQL_USER=hellaroot
 #
 # We try to have sensible defaults, so you should be able to run ``./stack.sh``
@@ -111,7 +111,7 @@ set -o xtrace
 #
 # If ``localrc`` exists, then ``stackrc`` will load those settings.  This is 
 # useful for changing a branch or repostiory to test other versions.  Also you
-# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead
+# can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead
 # of letting devstack generate random ones for you.
 source ./stackrc
 
@@ -146,6 +146,43 @@ if [ ! -n "$HOST_IP" ]; then
     HOST_IP=`LC_ALL=C /sbin/ifconfig  | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`
 fi
 
+# Generic helper to configure passwords
+function read_password {
+    set +o xtrace
+    var=$1; msg=$2
+    pw=${!var}
+
+    # If the password is not defined yet, proceed to prompt user for a password.
+    if [ ! $pw ]; then
+        # If there is no localrc file, create one
+        if [ ! -e localrc ]; then
+            touch localrc
+        fi
+
+        # Presumably if we got this far it can only be that our localrc is missing 
+        # the required password.  Prompt user for a password and write to localrc.
+        if ! grep -q $1 localrc; then
+            echo ''
+            echo '################################################################################'
+            echo $msg
+            echo '################################################################################'
+            echo "This value will be written to your localrc file."
+            echo "It is probably best to avoid spaces and weird characters."
+            echo "If you leave this blank, a random default value will be used."
+            echo "Enter a password now:"
+            read $var
+            pw=${!var}
+            if [ ! $pw ]; then
+                pw=`openssl rand -hex 10`
+            fi
+            eval "$var=$pw"
+            echo "$var=$pw" >> localrc
+        fi
+    fi
+    set -o xtrace
+}
+
+
 # Nova Network Configuration
 # --------------------------
 
@@ -194,31 +231,32 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}
 
 # By default this script will install and configure MySQL.  If you want to 
 # use an existing server, you can pass in the user/password/host parameters.
-# You will need to send the same ``MYSQL_PASS`` to every host if you are doing
+# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing
 # a multi-node devstack installation.
 MYSQL_USER=${MYSQL_USER:-root}
-MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`}
+read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL."
 MYSQL_HOST=${MYSQL_HOST:-localhost}
 
 # don't specify /db in this string, so we can use it for multiple services
-BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST}
+BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST}
 
 # Rabbit connection info
 RABBIT_HOST=${RABBIT_HOST:-localhost}
 RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`}
+read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
 
 # Glance connection info.  Note the port must be specified.
 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
 
+
 # Keystone
 # --------
 
 # Service Token - Openstack components need to have an admin token
 # to validate user tokens.
-SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`}
+read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
 # Dash currently truncates usernames and passwords at 20 characters
-# so use 10 bytes
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`}
+read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)."
 
 
 # Install Packages
@@ -301,15 +339,15 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
     # Seed configuration with mysql password so that apt-get install doesn't
     # prompt us for a password upon install.
     cat <<MYSQL_PRESEED | sudo debconf-set-selections
-mysql-server-5.1 mysql-server/root_password password $MYSQL_PASS
-mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASS
+mysql-server-5.1 mysql-server/root_password password $MYSQL_PASSWORD
+mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASSWORD
 mysql-server-5.1 mysql-server/start_on_boot boolean true
 MYSQL_PRESEED
 
     # Install and start mysql-server
     sudo apt-get -y -q install mysql-server
     # Update the DB to give user ‘$MYSQL_USER’@’%’ full control of the all databases:
-    sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASS';"
+    sudo mysql -uroot -p$MYSQL_PASSWORD -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"
 
     # Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:
     sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
@@ -360,8 +398,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
     mkdir -p $GLANCE_IMAGE_DIR
 
     # (re)create glance database
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS glance;'
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE glance;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS glance;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance;'
     # Copy over our glance-registry.conf
     GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
     cp $FILES/glance-registry.conf $GLANCE_CONF
@@ -490,8 +528,8 @@ fi
 
 if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
     # (re)create nova database
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS nova;'
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE nova;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS nova;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE nova;'
 
     # (re)create nova database
     $NOVA_DIR/bin/nova-manage db sync
@@ -509,8 +547,8 @@ fi
 
 if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
     # (re)create keystone database
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS keystone;'
-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE keystone;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'
 
     # FIXME (anthony) keystone should use keystone.conf.example
     KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf