diff --git a/Makefile b/Makefile index 8db8c28..704861b 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,8 @@ endif # Barbican encryption key should be a random 32-byte string that is base64 # encoded. e.g. head --bytes=32 /dev/urandom | base64 BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY ?= sEFmdFjDUqRM2VemYslV5yGNWjokioJXsg8Nrlc3drU= +KEYSTONE_FEDERATION_CLIENT_SECRET ?= COX8bmlKAWn56XCGMrKQJj7dgHNAOl6f +KEYSTONE_CRYPTO_PASSPHRASE ?= openstack # Allows overriding the cleanup command used in *_cleanup targets. # Useful in CI, to allow injectin kustomization in each operator CR directory @@ -536,6 +538,8 @@ ${1}: export PASSWORD=${PASSWORD} ${1}: export METADATA_SHARED_SECRET=${METADATA_SHARED_SECRET} ${1}: export HEAT_AUTH_ENCRYPTION_KEY=${HEAT_AUTH_ENCRYPTION_KEY} ${1}: export BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY=${BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY} +${1}: export KEYSTONE_FEDERATION_CLIENT_SECRET=${KEYSTONE_FEDERATION_CLIENT_SECRET} +${1}: export KEYSTONE_CRYPTO_PASSPHRASE=${KEYSTONE_CRYPTO_PASSPHRASE} ${1}: export LIBVIRT_SECRET=${LIBVIRT_SECRET} ${1}: export STORAGE_CLASS=${STORAGE_CLASS} ${1}: export OUT=${OUT} diff --git a/scripts/gen-input-kustomize.sh b/scripts/gen-input-kustomize.sh index a6fbd04..a4671d6 100644 --- a/scripts/gen-input-kustomize.sh +++ b/scripts/gen-input-kustomize.sh @@ -40,6 +40,14 @@ if [ -z "$BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY" ]; then echo "Please set BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY"; exit 1 fi +if [ -z "$KEYSTONE_FEDERATION_CLIENT_SECRET" ]; then + echo "Please set KEYSTONE_FEDERATION_CLIENT_SECRET"; exit 1 +fi + +if [ -z "$KEYSTONE_CRYPTO_PASSPHRASE" ]; then + echo "Please set KEYSTONE_CRYPTO_PASSPHRASE"; exit 1 +fi + if [ -z "$LIBVIRT_SECRET" ]; then echo "Please set LIBVIRT_SECRET"; exit 1 fi @@ -76,6 +84,8 @@ secretGenerator: - CinderPassword=${PASSWORD} - IronicPassword=${PASSWORD} - IronicInspectorPassword=${PASSWORD} + - KeystoneClientSecret=${KEYSTONE_FEDERATION_CLIENT_SECRET} + - KeystoneCryptoPassphrase=${KEYSTONE_CRYPTO_PASSPHRASE} - OctaviaPassword=${PASSWORD} - OctaviaHeartbeatKey=${PASSWORD} - NovaPassword=${PASSWORD}