--- # The purpose of this file is to define the account catalog for the site. This # mostly contains service usernames, but also contain some information which # should be changed like the region (site) name. schema: pegleg/AccountCatalogue/v1 metadata: schema: metadata/Document/v1 name: ucp_service_accounts layeringDefinition: abstract: false layer: type storagePolicy: cleartext data: ucp: postgres: admin: username: postgres oslo_db: admin: username: root oslo_messaging: admin: username: rabbitmq keystone: admin: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne username: admin project_name: admin user_domain_name: default project_domain_name: default oslo_messaging: admin: username: rabbitmq keystone: username: keystone oslo_db: username: keystone database: keystone promenade: keystone: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: promenade drydock: keystone: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: drydock postgres: username: drydock database: drydock shipyard: keystone: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: shipyard postgres: username: shipyard database: shipyard airflow: postgres: username: airflow database: airflow oslo_messaging: admin: username: rabbitmq user: username: airflow maas: admin: username: admin email: none@none postgres: username: maas database: maasdb barbican: keystone: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: barbican oslo_db: username: barbican database: barbican oslo_messaging: admin: username: rabbitmq keystone: username: keystone armada: keystone: project_domain_name: default user_domain_name: default project_name: service # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin user_domain_name: default username: armada deckhand: keystone: # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne role: admin project_name: service project_domain_name: default user_domain_name: default username: deckhand postgres: username: deckhand database: deckhand prometheus_openstack_exporter: user: region_name: RegionOne role: admin username: prometheus-openstack-exporter project_name: service user_domain_name: default project_domain_name: default ceph: swift: keystone: role: admin # NEWSITE-CHANGEME: Replace with the site name region_name: RegionOne username: swift project_name: service user_domain_name: default project_domain_name: default ... --- schema: pegleg/AccountCatalogue/v1 metadata: schema: metadata/Document/v1 name: osh_service_accounts layeringDefinition: abstract: false layer: type storagePolicy: cleartext substitutions: - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.keystone.admin.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.cinder.cinder.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.glance.glance.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.heat.heat.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.heat.heat_trustee.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.heat.heat_stack_user.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.swift.keystone.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.neutron.neutron.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.nova.nova.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.nova.placement.region_name - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh.barbican.barbican.region_name data: osh: keystone: admin: username: admin project_name: admin user_domain_name: default project_domain_name: default oslo_db: username: keystone database: keystone oslo_messaging: admin: username: keystone-rabbitmq-admin keystone: username: keystone-rabbitmq-user ldap: # NEWSITE-CHANGEME: Replace with the site's LDAP account used to # authenticate to the active directory backend to validate keystone # users. username: "test@ldap.example.com" cinder: cinder: role: admin username: cinder project_name: service user_domain_name: default project_domain_name: default oslo_db: username: cinder database: cinder oslo_messaging: admin: username: cinder-rabbitmq-admin cinder: username: cinder-rabbitmq-user glance: glance: role: admin username: glance project_name: service user_domain_name: default project_domain_name: default oslo_db: username: glance database: glance oslo_messaging: admin: username: glance-rabbitmq-admin glance: username: glance-rabbitmq-user ceph_object_store: username: glance heat: heat: role: admin username: heat project_name: service user_domain_name: default project_domain_name: default heat_trustee: role: admin username: heat-trust project_name: service user_domain_name: default project_domain_name: default heat_stack_user: role: admin username: heat-domain domain_name: heat oslo_db: username: heat database: heat oslo_messaging: admin: username: heat-rabbitmq-admin heat: username: heat-rabbitmq-user swift: keystone: role: admin username: swift project_name: service user_domain_name: default project_domain_name: default oslo_db: admin: username: root prometheus_mysql_exporter: user: username: osh-oslodb-exporter neutron: neutron: role: admin username: neutron project_name: service user_domain_name: default project_domain_name: default oslo_db: username: neutron database: neutron oslo_messaging: admin: username: neutron-rabbitmq-admin neutron: username: neutron-rabbitmq-user nova: nova: role: admin username: nova project_name: service user_domain_name: default project_domain_name: default placement: role: admin username: placement project_name: service user_domain_name: default project_domain_name: default oslo_db: username: nova database: nova oslo_db_api: username: nova database: nova_api oslo_db_cell0: username: nova database: "nova_cell0" oslo_messaging: admin: username: nova-rabbitmq-admin nova: username: nova-rabbitmq-user horizon: oslo_db: username: horizon database: horizon barbican: barbican: role: admin username: barbican project_name: service user_domain_name: default project_domain_name: default oslo_db: username: barbican database: barbican oslo_messaging: admin: username: barbican-rabbitmq-admin barbican: username: barbican-rabbitmq-user tempest: tempest: role: admin username: tempest project_name: service user_domain_name: default project_domain_name: default ... --- schema: pegleg/AccountCatalogue/v1 metadata: schema: metadata/Document/v1 name: osh_infra_service_accounts layeringDefinition: abstract: false layer: type storagePolicy: cleartext substitutions: - src: schema: pegleg/CommonSoftwareConfig/v1 name: common-software-config path: .osh.region_name dest: path: .osh_infra.prometheus_openstack_exporter.user.region_name data: osh_infra: ceph_object_store: admin: username: s3_admin elasticsearch: username: elasticsearch grafana: admin: username: grafana oslo_db: username: grafana database: grafana oslo_db_session: username: grafana_session database: grafana_session elasticsearch: admin: username: elasticsearch oslo_db: admin: username: root prometheus_mysql_exporter: user: username: osh-infra-oslodb-exporter prometheus_openstack_exporter: user: role: admin username: prometheus-openstack-exporter project_name: service user_domain_name: default project_domain_name: default nagios: admin: username: nagios prometheus: admin: username: prometheus ldap: admin: # NEWSITE-CHANGEME: Replace with the site's LDAP account used to # authenticate to the active directory backend to validate keystone # users. bind: "test@ldap.example.com" ...