From 7a549f40f5ce17dbee0274f2e9adc664394b0ab5 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 12 Oct 2011 07:13:13 +0000 Subject: [PATCH 1/6] Prompt users for passwords, and write those passwords to localrc --- stack.sh | 76 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 19 deletions(-) diff --git a/stack.sh b/stack.sh index f6bf534e33..cdeb8a08eb 100755 --- a/stack.sh +++ b/stack.sh @@ -91,14 +91,14 @@ set -o xtrace # This script is customizable through setting environment variables. If you # want to override a setting you can either:: # -# export MYSQL_PASS=anothersecret +# export MYSQL_PASSWORD=anothersecret # ./stack.sh # -# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh`` +# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh`` # # Additionally, you can put any local variables into a ``localrc`` file, like:: # -# MYSQL_PASS=anothersecret +# MYSQL_PASSWORD=anothersecret # MYSQL_USER=hellaroot # # We try to have sensible defaults, so you should be able to run ``./stack.sh`` @@ -111,7 +111,7 @@ set -o xtrace # # If ``localrc`` exists, then ``stackrc`` will load those settings. This is # useful for changing a branch or repostiory to test other versions. Also you -# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead +# can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead # of letting devstack generate random ones for you. source ./stackrc @@ -146,6 +146,43 @@ if [ ! -n "$HOST_IP" ]; then HOST_IP=`LC_ALL=C /sbin/ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'` fi +# Generic helper to configure passwords +function read_password { + set +o xtrace + var=$1; msg=$2 + pw=${!var} + + # If the password is not defined yet, proceed to prompt user for a password. + if [ ! $pw ]; then + # If there is no localrc file, create one + if [ ! -e localrc ]; then + touch localrc + fi + + # Presumably if we got this far it can only be that our localrc is missing + # the required password. Prompt user for a password and write to localrc. + if ! grep -q $1 localrc; then + echo '' + echo '################################################################################' + echo $msg + echo '################################################################################' + echo "This value will be written to your localrc file." + echo "It is probably best to avoid spaces and weird characters." + echo "If you leave this blank, a random default value will be used." + echo "Enter a password now:" + read $var + pw=${!var} + if [ ! $pw ]; then + pw=`openssl rand -hex 10` + fi + eval "$var=$pw" + echo "$var=$pw" >> localrc + fi + fi + set -o xtrace +} + + # Nova Network Configuration # -------------------------- @@ -194,31 +231,32 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0} # By default this script will install and configure MySQL. If you want to # use an existing server, you can pass in the user/password/host parameters. -# You will need to send the same ``MYSQL_PASS`` to every host if you are doing +# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing # a multi-node devstack installation. MYSQL_USER=${MYSQL_USER:-root} -MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`} +read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL." MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services -BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST} +BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST} # Rabbit connection info RABBIT_HOST=${RABBIT_HOST:-localhost} RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`} +read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT." # Glance connection info. Note the port must be specified. GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292} + # Keystone # -------- # Service Token - Openstack components need to have an admin token # to validate user tokens. -SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`} +read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN." # Dash currently truncates usernames and passwords at 20 characters -# so use 10 bytes -ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`} +read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)." # Install Packages @@ -301,15 +339,15 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then # Seed configuration with mysql password so that apt-get install doesn't # prompt us for a password upon install. cat < Date: Wed, 12 Oct 2011 07:17:11 +0000 Subject: [PATCH 2/6] use hard path to localrc --- stack.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/stack.sh b/stack.sh index cdeb8a08eb..32b7a0c8d9 100755 --- a/stack.sh +++ b/stack.sh @@ -43,6 +43,9 @@ if [ ! -d $FILES ]; then exit 1 fi +# Keep track of the current working directory. +CWD=`pwd` + # OpenStack is designed to be run as a regular user (Dashboard will fail to run # as root, since apache refused to startup serve content from root user). If # stack.sh is run as root, it automatically creates a stack user with @@ -152,6 +155,8 @@ function read_password { var=$1; msg=$2 pw=${!var} + localrc=$CWD/localrc + # If the password is not defined yet, proceed to prompt user for a password. if [ ! $pw ]; then # If there is no localrc file, create one From 66b8bbcbd85cefb044a3be54cd84d72fcb6b63be Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 12 Oct 2011 07:21:41 +0000 Subject: [PATCH 3/6] update msg --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 32b7a0c8d9..68e5afaff9 100755 --- a/stack.sh +++ b/stack.sh @@ -171,7 +171,7 @@ function read_password { echo '################################################################################' echo $msg echo '################################################################################' - echo "This value will be written to your localrc file." + echo "This value will be written to your localrc file so you don't have to enter it again." echo "It is probably best to avoid spaces and weird characters." echo "If you leave this blank, a random default value will be used." echo "Enter a password now:" From b4db225494a2c8d19db523c48fc48cbaee0402a0 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 12 Oct 2011 14:08:08 -0700 Subject: [PATCH 4/6] No need to check localrc for password. Also use TOP_DIR as described by smoser. --- stack.sh | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/stack.sh b/stack.sh index 68e5afaff9..4fbfa28c01 100755 --- a/stack.sh +++ b/stack.sh @@ -43,8 +43,8 @@ if [ ! -d $FILES ]; then exit 1 fi -# Keep track of the current working directory. -CWD=`pwd` +# Keep track of the current devstack directory. +TOP_DIR=$(cd $(dirname "$0") && pwd) # OpenStack is designed to be run as a regular user (Dashboard will fail to run # as root, since apache refused to startup serve content from root user). If @@ -155,34 +155,32 @@ function read_password { var=$1; msg=$2 pw=${!var} - localrc=$CWD/localrc + localrc=$TOP_DIR/localrc # If the password is not defined yet, proceed to prompt user for a password. if [ ! $pw ]; then # If there is no localrc file, create one - if [ ! -e localrc ]; then - touch localrc + if [ ! -e $localrc ]; then + touch $localrc fi # Presumably if we got this far it can only be that our localrc is missing # the required password. Prompt user for a password and write to localrc. - if ! grep -q $1 localrc; then - echo '' - echo '################################################################################' - echo $msg - echo '################################################################################' - echo "This value will be written to your localrc file so you don't have to enter it again." - echo "It is probably best to avoid spaces and weird characters." - echo "If you leave this blank, a random default value will be used." - echo "Enter a password now:" - read $var - pw=${!var} - if [ ! $pw ]; then - pw=`openssl rand -hex 10` - fi - eval "$var=$pw" - echo "$var=$pw" >> localrc + echo '' + echo '################################################################################' + echo $msg + echo '################################################################################' + echo "This value will be written to your localrc file so you don't have to enter it again." + echo "It is probably best to avoid spaces and weird characters." + echo "If you leave this blank, a random default value will be used." + echo "Enter a password now:" + read $var + pw=${!var} + if [ ! $pw ]; then + pw=`openssl rand -hex 10` fi + eval "$var=$pw" + echo "$var=$pw" >> $localrc fi set -o xtrace } From cf145b77e4dbe675108c2c7b788e7505d5818fed Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 13 Oct 2011 15:07:36 -0700 Subject: [PATCH 5/6] merge trunk, and also make sure localrc exists before running build_lxc.sh --- build_lxc.sh | 9 ++++++++- stack.sh | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 643da7e4be..8ca3c41d01 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -11,6 +11,13 @@ if ! grep -q natty /etc/lsb-release; then echo "WARNING: this script has only been tested on natty" fi +# Abort if localrc is not set +if [ ! -e ./localrc ]; then + echo "You must have a localrc with ALL necessary passwords defined before proceeding." + echo "See stack.sh for required passwords." + exit 1 +fi + # Source params source ./stackrc @@ -248,4 +255,4 @@ while [ ! -e "$ROOTFS/$DEST/run.sh.log" ]; do sleep 1 done -tail -F $ROOTFS/$DEST/run.sh.log +tail -F $ROOTFS/$DEST/devstack/stack.sh.*.log diff --git a/stack.sh b/stack.sh index 97c39f81ea..dc151a63df 100755 --- a/stack.sh +++ b/stack.sh @@ -366,7 +366,7 @@ MYSQL_PRESEED cat <$HOME/.my.cnf [client] user=$MYSQL_USER -password=$MYSQL_PASS +password=$MYSQL_PASSWORD host=$MYSQL_HOST EOF chmod 0600 $HOME/.my.cnf From d1b1cdb04c4ba4e892f4eda722cf3f1daa260865 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 13 Oct 2011 15:25:38 -0700 Subject: [PATCH 6/6] tail run.sh.log instead of the stack.sh.log --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 8ca3c41d01..65a06cb132 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -255,4 +255,4 @@ while [ ! -e "$ROOTFS/$DEST/run.sh.log" ]; do sleep 1 done -tail -F $ROOTFS/$DEST/devstack/stack.sh.*.log +tail -F $ROOTFS/$DEST/run.sh.log