German Eichberger 13ce4e0837 Adds the certificate client key password to user_secrets
With the automatic Octav ia cert creation the user has the option
to use a default secret for the generation of the client_ca key.
This ca will be used for generating client certificates to be used
by Octavia.

Change-Id: I6bf9c9f93e6fb96e836333bf1379035df488ee8f
Depends-On: https://review.openstack.org/553630
2018-05-31 13:34:06 +01:00

205 lines
5.2 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
############################# WARNING ########################################
# The playbooks do not currently manage changing passwords in an existing
# environment. Changing passwords and re-running the playbooks will fail
# and may break your OpenStack environment.
############################# WARNING ########################################
# TODO(ansmith): remove rabbitmq_passwords once oslomsg_*_passwords are used
## Rabbitmq Options
rabbitmq_cookie_token:
rabbitmq_monitoring_password:
## Tokens
memcached_encryption_key:
## Galera Options
galera_root_password:
## Keystone Options
keystone_container_mysql_password:
keystone_auth_admin_password:
keystone_service_password:
keystone_rabbitmq_password:
keystone_oslomsg_rpc_password:
keystone_oslomsg_notify_password:
## Ceilometer Options:
ceilometer_container_db_password:
ceilometer_service_password:
ceilometer_telemetry_secret:
ceilometer_rabbitmq_password:
ceilometer_oslomsg_rpc_password:
ceilometer_oslomsg_notify_password:
## Aodh Options:
aodh_container_db_password:
aodh_service_password:
aodh_rabbitmq_password:
aodh_oslomsg_rpc_password:
aodh_oslomsg_notify_password:
## Cinder Options
cinder_container_mysql_password:
cinder_service_password:
cinder_profiler_hmac_key:
cinder_rabbitmq_password:
cinder_oslomsg_rpc_password:
cinder_oslomsg_notify_password:
## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user
cinder_ceph_client_uuid:
## Glance Options
glance_container_mysql_password:
glance_service_password:
glance_profiler_hmac_key:
glance_rabbitmq_password:
glance_oslomsg_rpc_password:
glance_oslomsg_notify_password:
## Gnocchi Options:
gnocchi_container_mysql_password:
gnocchi_service_password:
## Heat Options
heat_stack_domain_admin_password:
heat_container_mysql_password:
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
heat_auth_encryption_key:
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
heat_service_password:
heat_rabbitmq_password:
heat_oslomsg_rpc_password:
heat_oslomsg_notify_password:
## Ironic options
ironic_rabbitmq_password:
ironic_oslomsg_rpc_password:
ironic_container_mysql_password:
ironic_service_password:
ironic_swift_temp_url_secret_key:
## Horizon Options
horizon_container_mysql_password:
horizon_secret_key:
## Neutron Options
neutron_container_mysql_password:
neutron_service_password:
neutron_rabbitmq_password:
neutron_oslomsg_rpc_password:
neutron_oslomsg_notify_password:
neutron_ha_vrrp_auth_password:
## Nova Options
nova_container_mysql_password:
nova_api_container_mysql_password:
nova_metadata_proxy_secret:
nova_service_password:
nova_rabbitmq_password:
nova_oslomsg_rpc_password:
nova_oslomsg_notify_password:
nova_placement_service_password:
# LXD Options for nova compute
lxd_trust_password:
## Octavia Options
octavia_container_mysql_password:
octavia_service_password:
octavia_health_hmac_key:
octavia_rabbitmq_password:
octavia_oslomsg_rpc_password:
octavia_oslomsg_notify_password:
octavia_cert_client_password:
## Sahara Options
sahara_container_mysql_password:
sahara_rabbitmq_password:
sahara_oslomsg_rpc_password:
sahara_oslomsg_notify_password:
sahara_service_password:
## Swift Options:
swift_service_password:
swift_dispersion_password:
### Once the swift cluster has been setup DO NOT change these hash values!
swift_hash_path_suffix:
swift_hash_path_prefix:
# Swift needs a telemetry password when using ceilometer
swift_rabbitmq_telemetry_password:
swift_oslomsg_rpc_password:
swift_oslomsg_notify_password:
## haproxy stats password
haproxy_stats_password:
haproxy_keepalived_authentication_password:
## Magnum Options
magnum_service_password:
magnum_galera_password:
magnum_rabbitmq_password:
magnum_oslomsg_rpc_password:
magnum_oslomsg_notify_password:
magnum_trustee_password:
## Rally Options:
rally_galera_password:
## Trove Options
trove_galera_password:
trove_rabbitmq_password:
trove_oslomsg_rpc_password:
trove_oslomsg_notify_password:
trove_service_password:
trove_admin_user_password:
trove_taskmanager_rpc_encr_key:
trove_inst_rpc_key_encr_key:
## Barbican Options
barbican_galera_password:
barbican_rabbitmq_password:
barbican_oslomsg_rpc_password:
barbican_oslomsg_notify_password:
barbican_service_password:
## Designate Options
designate_galera_password:
designate_rabbitmq_password:
designate_oslomsg_rpc_password:
designate_oslomsg_notify_password:
designate_service_password:
## Molteniron Options:
molteniron_container_mysql_password:
## Tacker options
tacker_rabbitmq_password:
tacker_oslomsg_rpc_password:
tacker_oslomsg_notify_password:
tacker_service_password:
tacker_container_mysql_password:
## Ceph RadosGW Keystone password
radosgw_admin_password:
## Congress options
congress_container_mysql_password:
congress_service_password: