Drop static passwords
For security reasons, all passwords must be generated. That's why
all password related parameters has been moved to defaults but
commented out, so they will be required and one have to set needed
parameters if any of them used but missing, and also to have a reference.
Exclusions:
- `opencontrail_message_queue_password` must be defined due of
limitations in OpenContrail over OpenStack
- `rabbitmq_guest_password` for backward compatibility
- `keepalived_openstack_telemetry_vip_password` for backward
compatibility
- `gerrit_ldap_bind_password` for backward compatibility
- `opencontrail_identity_password` for backward compatibility
- `kubernetes_openstack_provider_cloud_password` for backward
compatibility
This is kind of backport of https://gerrit.mcp.mirantis.com/#/c/34068/
to release/2019.2.0.
Change-Id: Id63bc4be2ef9dfaf369c583e017718c8253c8e93
Prod-related: PROD-29480
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index f7fbce8..42d95f1 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -8,7 +8,6 @@
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
keepalived_k8s_apiserver_vip_interface: ens3
keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
- keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
@@ -25,4 +24,4 @@
interface: ${_param:keepalived_k8s_apiserver_vip_interface}
virtual_router_id: 60
priority: ${_param:keepalived_vip_priority}
- track_script: k8s_vip
\ No newline at end of file
+ track_script: k8s_vip