@@ -91,14 +91,14 @@ set -o xtrace

 # This script is customizable through setting environment variables.  If you

 # want to override a setting you can either::

 #

-#     export MYSQL_PASS=anothersecret

+#     export MYSQL_PASSWORD=anothersecret

 #     ./stack.sh

 #

-# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh``

+# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh``

 #

 # Additionally, you can put any local variables into a ``localrc`` file, like::

 #

-#     MYSQL_PASS=anothersecret

+#     MYSQL_PASSWORD=anothersecret

 #     MYSQL_USER=hellaroot

 #

 # We try to have sensible defaults, so you should be able to run ``./stack.sh``

@@ -111,7 +111,7 @@ set -o xtrace

 #

 # If ``localrc`` exists, then ``stackrc`` will load those settings.  This is 

 # useful for changing a branch or repostiory to test other versions.  Also you

-# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead

+# can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead

 # of letting devstack generate random ones for you.

 source ./stackrc

@@ -146,6 +146,43 @@ if [ ! -n "$HOST_IP" ]; then

     HOST_IP=`LC_ALL=C /sbin/ifconfig  | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`

 fi

+# Generic helper to configure passwords

+function read_password {

+    set +o xtrace

+    var=$1; msg=$2

+    pw=${!var}

+

+    # If the password is not defined yet, proceed to prompt user for a password.

+    if [ ! $pw ]; then

+        # If there is no localrc file, create one

+        if [ ! -e localrc ]; then

+            touch localrc

+        fi

+

+        # Presumably if we got this far it can only be that our localrc is missing 

+        # the required password.  Prompt user for a password and write to localrc.

+        if ! grep -q $1 localrc; then

+            echo ''

+            echo '################################################################################'

+            echo $msg

+            echo '################################################################################'

+            echo "This value will be written to your localrc file."

+            echo "It is probably best to avoid spaces and weird characters."

+            echo "If you leave this blank, a random default value will be used."

+            echo "Enter a password now:"

+            read $var

+            pw=${!var}

+            if [ ! $pw ]; then

+                pw=`openssl rand -hex 10`

+            fi

+            eval "$var=$pw"

+            echo "$var=$pw" >> localrc

+        fi

+    fi

+    set -o xtrace

+}

+

+

 # Nova Network Configuration

 # --------------------------

@@ -194,31 +231,32 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}

 # By default this script will install and configure MySQL.  If you want to 

 # use an existing server, you can pass in the user/password/host parameters.

-# You will need to send the same ``MYSQL_PASS`` to every host if you are doing

+# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing

 # a multi-node devstack installation.

 MYSQL_USER=${MYSQL_USER:-root}

-MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`}

+read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL."

 MYSQL_HOST=${MYSQL_HOST:-localhost}

 # don't specify /db in this string, so we can use it for multiple services

-BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST}

+BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST}

 # Rabbit connection info

 RABBIT_HOST=${RABBIT_HOST:-localhost}

 RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`}

+read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."

 # Glance connection info.  Note the port must be specified.

 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}

+

 # Keystone

 # --------

 # Service Token - Openstack components need to have an admin token

 # to validate user tokens.

-SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`}

+read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."

 # Dash currently truncates usernames and passwords at 20 characters

-# so use 10 bytes

-ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`}

+read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)."

 # Install Packages

@@ -301,15 +339,15 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then

     # Seed configuration with mysql password so that apt-get install doesn't

     # prompt us for a password upon install.

     cat <<MYSQL_PRESEED | sudo debconf-set-selections

-mysql-server-5.1 mysql-server/root_password password $MYSQL_PASS

-mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASS

+mysql-server-5.1 mysql-server/root_password password $MYSQL_PASSWORD

+mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASSWORD

 mysql-server-5.1 mysql-server/start_on_boot boolean true

 MYSQL_PRESEED

     # Install and start mysql-server

     sudo apt-get -y -q install mysql-server

     # Update the DB to give user ‘$MYSQL_USER’@’%’ full control of the all databases:

-    sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASS';"

+    sudo mysql -uroot -p$MYSQL_PASSWORD -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"

     # Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:

     sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

@@ -360,8 +398,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then

     mkdir -p $GLANCE_IMAGE_DIR

     # (re)create glance database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS glance;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE glance;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS glance;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance;'

     # Copy over our glance-registry.conf

     GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf

     cp $FILES/glance-registry.conf $GLANCE_CONF

@@ -490,8 +528,8 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then

     # (re)create nova database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS nova;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE nova;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS nova;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE nova;'

     # (re)create nova database

     $NOVA_DIR/bin/nova-manage db sync

@@ -509,8 +547,8 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "key" ]]; then

     # (re)create keystone database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS keystone;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE keystone;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'

     # FIXME (anthony) keystone should use keystone.conf.example

     KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf