OpenStack Heat

A resource which generates random strings for passwords

Registered by Steve Baker

Orchestrated services often need passwords and secrets to be propagated to multiple servers and set in configuration files or admin tools.

Currently the only practical way of doing this is to define template parameters for passwords and specify the password value on stack create. This can become a burden for complex templates with many services. For example these tripleo examples ask the user to generate 13 random passwords to pass to stack-create:
http://docs.openstack.org/developer/tripleo-incubator/devtest.html

This blueprint suggests creating a resource type OS::Heat::RandomString which randomly generates a string that can be accessed via an attribute. Properties can be set to specify what kind of string to generate, but defaults would aim to generate a string which is appropriate for service and user passwords that heat templates typically configure.

The resource's string will be stored in resource data and will be persisted by heat for the lifecycle of the stack. A future modification could be to store the string on a key server like Barbican.

Blueprint information

Status:
Complete
Approver:
Steve Baker
Priority:
Medium
Drafter:
Steve Baker
Direction:
Approved
Assignee:
Steve Baker
Definition:
Approved
Series goal:
Accepted for icehouse
Implementation:
Implemented
Milestone target:
milestone icon 2014.1
Started by
Steve Baker
Completed by
Steve Baker

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/random-string-resource,n,z

Addressed by: https://review.openstack.org/50525
    A resource to generate random strings

Relevant change (https://review.openstack.org/50525) was already merged. why this bug is in 'Not Started' state?

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.