Prompt users for passwords, and write those passwords to localrc

This commit is contained in:
Anthony Young 2011-10-12 07:13:13 +00:00
parent 94c889ac15
commit 7a549f40f5

View file

@ -91,14 +91,14 @@ set -o xtrace
# This script is customizable through setting environment variables. If you # This script is customizable through setting environment variables. If you
# want to override a setting you can either:: # want to override a setting you can either::
# #
# export MYSQL_PASS=anothersecret # export MYSQL_PASSWORD=anothersecret
# ./stack.sh # ./stack.sh
# #
# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh`` # You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh``
# #
# Additionally, you can put any local variables into a ``localrc`` file, like:: # Additionally, you can put any local variables into a ``localrc`` file, like::
# #
# MYSQL_PASS=anothersecret # MYSQL_PASSWORD=anothersecret
# MYSQL_USER=hellaroot # MYSQL_USER=hellaroot
# #
# We try to have sensible defaults, so you should be able to run ``./stack.sh`` # We try to have sensible defaults, so you should be able to run ``./stack.sh``
@ -111,7 +111,7 @@ set -o xtrace
# #
# If ``localrc`` exists, then ``stackrc`` will load those settings. This is # If ``localrc`` exists, then ``stackrc`` will load those settings. This is
# useful for changing a branch or repostiory to test other versions. Also you # useful for changing a branch or repostiory to test other versions. Also you
# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead # can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead
# of letting devstack generate random ones for you. # of letting devstack generate random ones for you.
source ./stackrc source ./stackrc
@ -146,6 +146,43 @@ if [ ! -n "$HOST_IP" ]; then
HOST_IP=`LC_ALL=C /sbin/ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'` HOST_IP=`LC_ALL=C /sbin/ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`
fi fi
# Generic helper to configure passwords
function read_password {
set +o xtrace
var=$1; msg=$2
pw=${!var}
# If the password is not defined yet, proceed to prompt user for a password.
if [ ! $pw ]; then
# If there is no localrc file, create one
if [ ! -e localrc ]; then
touch localrc
fi
# Presumably if we got this far it can only be that our localrc is missing
# the required password. Prompt user for a password and write to localrc.
if ! grep -q $1 localrc; then
echo ''
echo '################################################################################'
echo $msg
echo '################################################################################'
echo "This value will be written to your localrc file."
echo "It is probably best to avoid spaces and weird characters."
echo "If you leave this blank, a random default value will be used."
echo "Enter a password now:"
read $var
pw=${!var}
if [ ! $pw ]; then
pw=`openssl rand -hex 10`
fi
eval "$var=$pw"
echo "$var=$pw" >> localrc
fi
fi
set -o xtrace
}
# Nova Network Configuration # Nova Network Configuration
# -------------------------- # --------------------------
@ -194,31 +231,32 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}
# By default this script will install and configure MySQL. If you want to # By default this script will install and configure MySQL. If you want to
# use an existing server, you can pass in the user/password/host parameters. # use an existing server, you can pass in the user/password/host parameters.
# You will need to send the same ``MYSQL_PASS`` to every host if you are doing # You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing
# a multi-node devstack installation. # a multi-node devstack installation.
MYSQL_USER=${MYSQL_USER:-root} MYSQL_USER=${MYSQL_USER:-root}
MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`} read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL."
MYSQL_HOST=${MYSQL_HOST:-localhost} MYSQL_HOST=${MYSQL_HOST:-localhost}
# don't specify /db in this string, so we can use it for multiple services # don't specify /db in this string, so we can use it for multiple services
BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST} BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST}
# Rabbit connection info # Rabbit connection info
RABBIT_HOST=${RABBIT_HOST:-localhost} RABBIT_HOST=${RABBIT_HOST:-localhost}
RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`} RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
# Glance connection info. Note the port must be specified. # Glance connection info. Note the port must be specified.
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292} GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
# Keystone # Keystone
# -------- # --------
# Service Token - Openstack components need to have an admin token # Service Token - Openstack components need to have an admin token
# to validate user tokens. # to validate user tokens.
SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`} read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
# Dash currently truncates usernames and passwords at 20 characters # Dash currently truncates usernames and passwords at 20 characters
# so use 10 bytes read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)."
ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`}
# Install Packages # Install Packages
@ -301,15 +339,15 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
# Seed configuration with mysql password so that apt-get install doesn't # Seed configuration with mysql password so that apt-get install doesn't
# prompt us for a password upon install. # prompt us for a password upon install.
cat <<MYSQL_PRESEED | sudo debconf-set-selections cat <<MYSQL_PRESEED | sudo debconf-set-selections
mysql-server-5.1 mysql-server/root_password password $MYSQL_PASS mysql-server-5.1 mysql-server/root_password password $MYSQL_PASSWORD
mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASS mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASSWORD
mysql-server-5.1 mysql-server/start_on_boot boolean true mysql-server-5.1 mysql-server/start_on_boot boolean true
MYSQL_PRESEED MYSQL_PRESEED
# Install and start mysql-server # Install and start mysql-server
sudo apt-get -y -q install mysql-server sudo apt-get -y -q install mysql-server
# Update the DB to give user $MYSQL_USER@% full control of the all databases: # Update the DB to give user $MYSQL_USER@% full control of the all databases:
sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASS';" sudo mysql -uroot -p$MYSQL_PASSWORD -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"
# Edit /etc/mysql/my.cnf to change bind-address from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service: # Edit /etc/mysql/my.cnf to change bind-address from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:
sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
@ -360,8 +398,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
mkdir -p $GLANCE_IMAGE_DIR mkdir -p $GLANCE_IMAGE_DIR
# (re)create glance database # (re)create glance database
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS glance;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS glance;'
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE glance;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance;'
# Copy over our glance-registry.conf # Copy over our glance-registry.conf
GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
cp $FILES/glance-registry.conf $GLANCE_CONF cp $FILES/glance-registry.conf $GLANCE_CONF
@ -490,8 +528,8 @@ fi
if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
# (re)create nova database # (re)create nova database
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS nova;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS nova;'
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE nova;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE nova;'
# (re)create nova database # (re)create nova database
$NOVA_DIR/bin/nova-manage db sync $NOVA_DIR/bin/nova-manage db sync
@ -509,8 +547,8 @@ fi
if [[ "$ENABLED_SERVICES" =~ "key" ]]; then if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
# (re)create keystone database # (re)create keystone database
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS keystone;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'
# FIXME (anthony) keystone should use keystone.conf.example # FIXME (anthony) keystone should use keystone.conf.example
KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf