Whilst writing an app that launches Undercloud install and then
subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
the issue of having to store the credentials that return from the
Undercloud install.
What might be the best way? I guess ideally the credentials would be
stored securely, but at this point I'm curious what the best route for
this within Foreman would be regardless.
Does someone have any experience with this?
Thanks
Jason
Jason E. Rist
Senior Software Engineer
OpenStack Infrastructure Integration
Red Hat, Inc.
openuc: +1.972.707.6408
mobile: +1.720.256.3933
Freenode: jrist
github/identi.ca: knowncitizen
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Whilst writing an app that launches Undercloud install and then
> subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
> the issue of having to store the credentials that return from the
> Undercloud install.
>
> What might be the best way? I guess ideally the credentials would be
> stored securely, but at this point I'm curious what the best route for
> this within Foreman would be regardless.
>
> Does someone have any experience with this?
>
if its considered a compute resource in foreman, then it we store it in the
db encrypted. note - most people in here do not understand what you mean by
over/under cloud etc.
Ohad
···
On Tue, Jul 21, 2015 at 7:17 AM, Jason Rist wrote:
Thanks
Jason
Jason E. Rist
Senior Software Engineer
OpenStack Infrastructure Integration
Red Hat, Inc.
openuc: +1.972.707.6408
mobile: +1.720.256.3933
Freenode: jrist
github/identi.ca: knowncitizen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
>
>
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Whilst writing an app that launches Undercloud install and then
>> subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
>> the issue of having to store the credentials that return from the
>> Undercloud install.
>>
>> What might be the best way? I guess ideally the credentials would be
>> stored securely, but at this point I'm curious what the best route for
>> this within Foreman would be regardless.
>>
>> Does someone have any experience with this?
>>
>
> if its considered a compute resource in foreman, then it we store it in
> the db encrypted. note - most people in here do not understand what you
> mean by over/under cloud etc.
>
So it'd be which API call? There are a half dozen ways of using attributes
for compute resources?
···
On Tuesday, July 21, 2015 at 1:24:18 AM UTC-6, ohadlevy wrote:
> On Tue, Jul 21, 2015 at 7:17 AM, Jason Rist > wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Whilst writing an app that launches Undercloud install and then
> > subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
> > the issue of having to store the credentials that return from the
> > Undercloud install.
> >
> > What might be the best way? I guess ideally the credentials would be
> > stored securely, but at this point I'm curious what the best route for
> > this within Foreman would be regardless.
> >
> > Does someone have any experience with this?
> >
>
> if its considered a compute resource in foreman, then it we store it in the
> db encrypted. note - most people in here do not understand what you mean by
> over/under cloud etc.
Another concern worth mentioning, your credentials are stored encrypted,
BUT other Foreman administrators (people with access to the actual
Foreman host) could easily decrypt them. So it's better to have a shared
admin account.
···
On 07/21, Ohad Levy wrote:
> On Tue, Jul 21, 2015 at 7:17 AM, Jason Rist wrote:
Ohad
Thanks
Jason
Jason E. Rist
Senior Software Engineer
OpenStack Infrastructure Integration
Red Hat, Inc.
openuc: +1.972.707.6408
mobile: +1.720.256.3933
Freenode: jrist
github/identi.ca: knowncitizen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
>
>
>>
>>
>>
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Whilst writing an app that launches Undercloud install and then
>>> subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
>>> the issue of having to store the credentials that return from the
>>> Undercloud install.
>>>
>>> What might be the best way? I guess ideally the credentials would be
>>> stored securely, but at this point I'm curious what the best route for
>>> this within Foreman would be regardless.
>>>
>>> Does someone have any experience with this?
>>>
>>
>> if its considered a compute resource in foreman, then it we store it in
>> the db encrypted. note - most people in here do not understand what you
>> mean by over/under cloud etc.
>>
>
> So it'd be which API call? There are a half dozen ways of using attributes
> for compute resources?
>
sorry, you are being cryptic… I'm not following.
Ohad
···
On Tue, Jul 21, 2015 at 5:41 PM, wrote:
> On Tuesday, July 21, 2015 at 1:24:18 AM UTC-6, ohadlevy wrote:
>> On Tue, Jul 21, 2015 at 7:17 AM, Jason Rist wrote:
Ohad
Thanks
Jason
–
You received this message because you are subscribed to the Google Groups
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-dev+unsubscribe@googlegroups.com.
>
>
> >
> >
> >
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA256
> >>
> >> Whilst writing an app that launches Undercloud install and then
> >> subsequently installs an Overcloud (tripleO) on OpenStack, I ran into
> >> the issue of having to store the credentials that return from the
> >> Undercloud install.
> >>
> >> What might be the best way? I guess ideally the credentials would be
> >> stored securely, but at this point I'm curious what the best route for
> >> this within Foreman would be regardless.
> >>
> >> Does someone have any experience with this?
> >>
> >
> > if its considered a compute resource in foreman, then it we store it in
> > the db encrypted. note - most people in here do not understand what you
> > mean by over/under cloud etc.
> >
>
> So it'd be which API call? There are a half dozen ways of using attributes
> for compute resources?
Which API call to store the credentials and encrypt them?
POST api/v2/compute_resources
PUT api/v2/compute_resources
should do it. Any time the password changes it's automatically encrypted
thanks to
···
On 07/21, jrist@redhat.com wrote:
> On Tuesday, July 21, 2015 at 1:24:18 AM UTC-6, ohadlevy wrote:
> > On Tue, Jul 21, 2015 at 7:17 AM, Jason Rist > > wrote: