Currently we hard-code a list of passwords in tripleoclient, then generate a bunch of random passwords:
https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L70
This works OK, but it is inconvenient if you're an operator wishing to define your own passwords and/or reuse passwords for a test environment.
In particular, the following problems exist:
1. The generated tripleo-overcloud-passwords file is not a heat environment file, which means you have to do some error prone sed mangling to convert it into a yaml file that passes parameter_defaults.
2. In the event you make a mistake with an environment file and miss a password, tripleoclient will silently inject a random one. We should make the password generation optional so instead operators can choose to fail with an error if their password yaml file is incomplete.
3. There's no easy way to introspect the templates and determine all of the parameters that require a password (some, but not all, are named *Password, parameter_groups may help here).
Also, we're lacking docs on how to do this.