440 lines
12 KiB
YAML
440 lines
12 KiB
YAML
---
|
|
# The purpose of this file is to define the account catalog for the site. This
|
|
# mostly contains service usernames, but also contain some information which
|
|
# should be changed like the region (site) name.
|
|
schema: pegleg/AccountCatalogue/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: ucp_service_accounts
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data:
|
|
ucp:
|
|
postgres:
|
|
admin:
|
|
username: postgres
|
|
oslo_db:
|
|
admin:
|
|
username: root
|
|
oslo_messaging:
|
|
admin:
|
|
username: rabbitmq
|
|
keystone:
|
|
admin:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
username: admin
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_messaging:
|
|
admin:
|
|
username: rabbitmq
|
|
keystone:
|
|
username: keystone
|
|
oslo_db:
|
|
username: keystone
|
|
database: keystone
|
|
promenade:
|
|
keystone:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: promenade
|
|
drydock:
|
|
keystone:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: drydock
|
|
postgres:
|
|
username: drydock
|
|
database: drydock
|
|
shipyard:
|
|
keystone:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: shipyard
|
|
postgres:
|
|
username: shipyard
|
|
database: shipyard
|
|
airflow:
|
|
postgres:
|
|
username: airflow
|
|
database: airflow
|
|
oslo_messaging:
|
|
admin:
|
|
username: rabbitmq
|
|
user:
|
|
username: airflow
|
|
maas:
|
|
admin:
|
|
username: admin
|
|
email: none@none
|
|
postgres:
|
|
username: maas
|
|
database: maasdb
|
|
barbican:
|
|
keystone:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: barbican
|
|
oslo_db:
|
|
username: barbican
|
|
database: barbican
|
|
oslo_messaging:
|
|
admin:
|
|
username: rabbitmq
|
|
keystone:
|
|
username: keystone
|
|
armada:
|
|
keystone:
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
project_name: service
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
user_domain_name: default
|
|
username: armada
|
|
deckhand:
|
|
keystone:
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
role: admin
|
|
project_name: service
|
|
project_domain_name: default
|
|
user_domain_name: default
|
|
username: deckhand
|
|
postgres:
|
|
username: deckhand
|
|
database: deckhand
|
|
prometheus_openstack_exporter:
|
|
user:
|
|
region_name: RegionOne
|
|
role: admin
|
|
username: prometheus-openstack-exporter
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
ceph:
|
|
swift:
|
|
keystone:
|
|
role: admin
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
region_name: RegionOne
|
|
username: swift
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
...
|
|
---
|
|
schema: pegleg/AccountCatalogue/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: osh_service_accounts
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.keystone.admin.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.cinder.cinder.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.glance.glance.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.heat.heat.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.heat.heat_trustee.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.heat.heat_stack_user.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.swift.keystone.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.neutron.neutron.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.nova.nova.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.nova.placement.region_name
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh.barbican.barbican.region_name
|
|
data:
|
|
osh:
|
|
keystone:
|
|
admin:
|
|
username: admin
|
|
project_name: admin
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: keystone
|
|
database: keystone
|
|
oslo_messaging:
|
|
admin:
|
|
username: keystone-rabbitmq-admin
|
|
keystone:
|
|
username: keystone-rabbitmq-user
|
|
ldap:
|
|
# NEWSITE-CHANGEME: Replace with the site's LDAP account used to
|
|
# authenticate to the active directory backend to validate keystone
|
|
# users.
|
|
username: "test@ldap.example.com"
|
|
cinder:
|
|
cinder:
|
|
role: admin
|
|
username: cinder
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: cinder
|
|
database: cinder
|
|
oslo_messaging:
|
|
admin:
|
|
username: cinder-rabbitmq-admin
|
|
cinder:
|
|
username: cinder-rabbitmq-user
|
|
glance:
|
|
glance:
|
|
role: admin
|
|
username: glance
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: glance
|
|
database: glance
|
|
oslo_messaging:
|
|
admin:
|
|
username: glance-rabbitmq-admin
|
|
glance:
|
|
username: glance-rabbitmq-user
|
|
ceph_object_store:
|
|
username: glance
|
|
heat:
|
|
heat:
|
|
role: admin
|
|
username: heat
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
heat_trustee:
|
|
role: admin
|
|
username: heat-trust
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
heat_stack_user:
|
|
role: admin
|
|
username: heat-domain
|
|
domain_name: heat
|
|
oslo_db:
|
|
username: heat
|
|
database: heat
|
|
oslo_messaging:
|
|
admin:
|
|
username: heat-rabbitmq-admin
|
|
heat:
|
|
username: heat-rabbitmq-user
|
|
swift:
|
|
keystone:
|
|
role: admin
|
|
username: swift
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
admin:
|
|
username: root
|
|
prometheus_mysql_exporter:
|
|
user:
|
|
username: osh-oslodb-exporter
|
|
neutron:
|
|
neutron:
|
|
role: admin
|
|
username: neutron
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: neutron
|
|
database: neutron
|
|
oslo_messaging:
|
|
admin:
|
|
username: neutron-rabbitmq-admin
|
|
neutron:
|
|
username: neutron-rabbitmq-user
|
|
nova:
|
|
nova:
|
|
role: admin
|
|
username: nova
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
placement:
|
|
role: admin
|
|
username: placement
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: nova
|
|
database: nova
|
|
oslo_db_api:
|
|
username: nova
|
|
database: nova_api
|
|
oslo_db_cell0:
|
|
username: nova
|
|
database: "nova_cell0"
|
|
oslo_messaging:
|
|
admin:
|
|
username: nova-rabbitmq-admin
|
|
nova:
|
|
username: nova-rabbitmq-user
|
|
horizon:
|
|
oslo_db:
|
|
username: horizon
|
|
database: horizon
|
|
barbican:
|
|
barbican:
|
|
role: admin
|
|
username: barbican
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
oslo_db:
|
|
username: barbican
|
|
database: barbican
|
|
oslo_messaging:
|
|
admin:
|
|
username: barbican-rabbitmq-admin
|
|
barbican:
|
|
username: barbican-rabbitmq-user
|
|
...
|
|
---
|
|
schema: pegleg/AccountCatalogue/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: osh_infra_service_accounts
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
- src:
|
|
schema: pegleg/CommonSoftwareConfig/v1
|
|
name: common-software-config
|
|
path: .osh.region_name
|
|
dest:
|
|
path: .osh_infra.prometheus_openstack_exporter.user.region_name
|
|
data:
|
|
osh_infra:
|
|
ceph_object_store:
|
|
admin:
|
|
username: s3_admin
|
|
elasticsearch:
|
|
username: elasticsearch
|
|
grafana:
|
|
admin:
|
|
username: grafana
|
|
oslo_db:
|
|
username: grafana
|
|
database: grafana
|
|
oslo_db_session:
|
|
username: grafana_session
|
|
database: grafana_session
|
|
elasticsearch:
|
|
admin:
|
|
username: elasticsearch
|
|
kibana:
|
|
admin:
|
|
username: kibana
|
|
oslo_db:
|
|
admin:
|
|
username: root
|
|
prometheus_mysql_exporter:
|
|
user:
|
|
username: osh-infra-oslodb-exporter
|
|
prometheus_openstack_exporter:
|
|
user:
|
|
role: admin
|
|
username: prometheus-openstack-exporter
|
|
project_name: service
|
|
user_domain_name: default
|
|
project_domain_name: default
|
|
nagios:
|
|
admin:
|
|
username: nagios
|
|
prometheus:
|
|
admin:
|
|
username: prometheus
|
|
ldap:
|
|
admin:
|
|
# NEWSITE-CHANGEME: Replace with the site's LDAP account used to
|
|
# authenticate to the active directory backend to validate keystone
|
|
# users.
|
|
bind: "test@ldap.example.com"
|
|
...
|