Skip to content

Commit 850e7ba

Browse files
nmaludynmaludy
committed
Allow datastore key to be populated from a variable.
1 parent e6cad37 commit 850e7ba

File tree

3 files changed

+14
-0
lines changed

3 files changed

+14
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ Below is the list of variables you can redefine in your playbook to customize st
4545
| `st2_auth_username` | `testu` | Username used by StackStorm standalone authentication.
4646
| `st2_auth_password` | `testp` | Password used by StackStorm standalone authentication.
4747
| `st2_save_credentials` | `yes` | Save credentials for local CLI in `/root/.st2/config` file.
48+
| `st2_datastore_key` | `null` | String for the datastore key file contents. This is useful if you're deploying StackStorm to multiple nodes and they need to share the same datastore key. By default, this variable is undefined and a new random key will be generated for each node.
4849
| `st2_packs` | `[ st2 ]` | List of packs to install. This flag does not work with a `--python3` only pack.
4950
| **st2web**
5051
| `st2web_ssl_certificate` | `null` | String with custom SSL certificate (`.crt`). If not provided, self-signed certificate will be generated.

roles/StackStorm.st2/defaults/main.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,11 @@ st2_auth_username: testu
3434
st2_auth_password: testp
3535
# Save credentials in ~/.st2/config file
3636
st2_save_credentials: yes
37+
# The string contents of the datastore key file. If you need to distribute the same key
38+
# to multiple StackStorm nodes, generate a datastore key and populate this variable
39+
# when installing on each of the ndoes.
40+
# Example: '{"hmacKey": {"hmacKeyString": "xxx", "size": 256}, "aesKeyString": "yyy", "mode": "CBC", "size": 256}'
41+
st2_datastore_key: null
3742
# ST2 packs to be installed (list)
3843
st2_packs:
3944
- st2

roles/StackStorm.st2/tasks/datastore.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,14 @@
1313
command: st2-generate-symmetric-crypto-key --key-path {{ st2_datastore_key_file }}
1414
args:
1515
creates: "{{ st2_datastore_key_file }}"
16+
when: not st2_datastore_key
17+
18+
- name: Copy st2 encryption key
19+
become: yes
20+
copy:
21+
content: "{{ st2_datastore_key }}"
22+
dest: "{{ st2_datastore_key_file }}"
23+
when: st2_datastore_key
1624

1725
- name: Fix permissions on datastore encryption key
1826
become: yes

0 commit comments

Comments
 (0)