On 19/02/14 18:29, Dougal Matthews wrote: > The question for me, is what passwords will we have and when do we need > them? Are any of the passwords required long term.
We will need whatever the Heat template needs to generate all the configuration files. That includes passwords for all services that are going to be configured, such as, for example, Swift or MySQL. I'm not sure about the exact mechanisms in Heat, but I would guess that we will need all the parameters, including passwords, when the templates are re-generated. We could probably generate new passwords every time, though. > If we do need to store passwords it becomes a somewhat thorny issue, how > does Tuskar know what a password is? If this is flagged up by the > UI/client then we are relying on the user to tell us which isn't wise. All the template parameters that are passwords are marked in the Heat parameter list that we get from it as "NoEcho": "true", so we do have an idea about which parts are sensitive. -- Radomir Dopieralski _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev