k8s: Remove hardcoded password for 'vagrant' user
Password for 'vagrant' user is now passed through exported environmental
variable.
This patch also:
* removes the assumption of having 'vagrant' user on cluster nodes (for
future scripts reuse),
* removes mixed string interpolation and passing shell variables,
* replaces '~' with '$HOME' for proper substitiution.
Issue-ID: SECCOM-235
Change-Id: Id9e7b6acccd902de4c414cd8a0f095ac135fee5a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
index e7fe6b1..d91a822 100644
--- a/test/security/k8s/vagrant/dublin/Vagrantfile
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -2,7 +2,9 @@
# -*- coding: utf-8 -*-
host_ip = "192.168.121.1"
-operator_key = "~/.ssh/onap-key"
+operator_key = "${HOME}/.ssh/onap-key"
+vagrant_user = "vagrant"
+vagrant_password = "vagrant"
vm_memory = 2 * 1024
vm_cpus = 1
@@ -16,6 +18,16 @@
all = cluster.dup << operation
+$deploy_key = <<-SCRIPT
+ KEY="$1"
+ USER="$2"
+ PASS="$PASSWORD"
+ IPS="$3"
+ for ip in $IPS; do
+ sshpass -p "$PASS" ssh-copy-id -o StrictHostKeyChecking=no -i "$KEY" "${USER}@${ip}"
+ done
+SCRIPT
+
$link_dotfiles = <<-SCRIPT
for rc in /vagrant/dot_*; do
ln -sf "$rc" "${HOME}/.${rc##*dot_}"
@@ -73,11 +85,12 @@
ips = ""
cluster.each { |node| ips << node[:ip] << " " }
- config.vm.provision :shell, privileged: false, inline: <<-SHELL
- for ip in #{ips}; do
- sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip"
- done
- SHELL
+ config.vm.provision :shell do |s|
+ s.privileged = false
+ s.inline = $deploy_key
+ s.args = [operator_key, vagrant_user, ips]
+ s.env = {'PASSWORD': vagrant_password}
+ end
end
end
end