502fde7a64
Enables management of shadow password directives in login.defs By allowing operators to set values in login.defs, they are able to improve password security for newly created system accounts. This change will in turn allow operators to adhere with security hardening frameworks, such as STIG DISA & CIS Security Benchmarks. bp login-defs Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
158 lines
7.0 KiB
YAML
158 lines
7.0 KiB
YAML
resource_registry:
|
|
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
|
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
|
|
OS::TripleO::Services::CephMgr: ../../docker/services/ceph-ansible/ceph-mgr.yaml
|
|
OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
|
|
OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
|
|
OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
|
|
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
|
|
OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
|
|
# TODO(mandre) fix the tacker service - https://bugs.launchpad.net/tripleo/+bug/1714270
|
|
# OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
|
|
OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml
|
|
OS::TripleO::Services::Congress: ../../docker/services/congress.yaml
|
|
OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
|
|
OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
|
|
OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
|
|
OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
|
|
OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
|
|
OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
|
|
OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
|
|
OS::TripleO::Services::CinderBackup: ../../docker/services/pacemaker/cinder-backup.yaml
|
|
OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml
|
|
OS::TripleO::Services::Keepalived: OS::Heat::None
|
|
OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
|
|
OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
|
|
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
|
|
OS::TripleO::Services::Fluentd: ../../docker/services/fluentd.yaml
|
|
OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
|
|
# Some infra instances don't pass the ping test but are otherwise working.
|
|
# Since the OVB jobs also test this functionality we can shut it off here.
|
|
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
|
|
|
|
parameter_defaults:
|
|
ControllerServices:
|
|
- OS::TripleO::Services::Clustercheck
|
|
- OS::TripleO::Services::Docker
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::Keystone
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::GlanceApi
|
|
- OS::TripleO::Services::HeatApi
|
|
- OS::TripleO::Services::HeatApiCfn
|
|
- OS::TripleO::Services::HeatEngine
|
|
- OS::TripleO::Services::MySQL
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::NeutronDhcpAgent
|
|
- OS::TripleO::Services::NeutronL3Agent
|
|
- OS::TripleO::Services::NeutronMetadataAgent
|
|
- OS::TripleO::Services::NeutronServer
|
|
- OS::TripleO::Services::NeutronCorePlugin
|
|
- OS::TripleO::Services::NeutronOvsAgent
|
|
- OS::TripleO::Services::RabbitMQ
|
|
- OS::TripleO::Services::HAproxy
|
|
- OS::TripleO::Services::Keepalived
|
|
- OS::TripleO::Services::Memcached
|
|
- OS::TripleO::Services::Pacemaker
|
|
- OS::TripleO::Services::NovaConductor
|
|
- OS::TripleO::Services::NovaApi
|
|
- OS::TripleO::Services::NovaPlacement
|
|
- OS::TripleO::Services::NovaMetadata
|
|
- OS::TripleO::Services::NovaScheduler
|
|
- OS::TripleO::Services::Ntp
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::NovaCompute
|
|
- OS::TripleO::Services::NovaLibvirt
|
|
- OS::TripleO::Services::NovaMigrationTarget
|
|
- OS::TripleO::Services::MongoDb
|
|
- OS::TripleO::Services::Redis
|
|
- OS::TripleO::Services::AodhApi
|
|
- OS::TripleO::Services::AodhEvaluator
|
|
- OS::TripleO::Services::AodhNotifier
|
|
- OS::TripleO::Services::AodhListener
|
|
- OS::TripleO::Services::CeilometerAgentCentral
|
|
- OS::TripleO::Services::CeilometerAgentIpmi
|
|
- OS::TripleO::Services::CeilometerAgentNotification
|
|
- OS::TripleO::Services::ComputeCeilometerAgent
|
|
- OS::TripleO::Services::GnocchiApi
|
|
- OS::TripleO::Services::GnocchiMetricd
|
|
- OS::TripleO::Services::GnocchiStatsd
|
|
- OS::TripleO::Services::PankoApi
|
|
- OS::TripleO::Services::CephMgr
|
|
- OS::TripleO::Services::CephMon
|
|
- OS::TripleO::Services::CephOSD
|
|
- OS::TripleO::Services::CephClient
|
|
- OS::TripleO::Services::CinderApi
|
|
- OS::TripleO::Services::CinderBackup
|
|
- OS::TripleO::Services::CinderScheduler
|
|
- OS::TripleO::Services::CinderVolume
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::Tacker
|
|
- OS::TripleO::Services::Congress
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::Fluentd
|
|
- OS::TripleO::Services::SensuClient
|
|
- OS::TripleO::Services::Iscsid
|
|
|
|
ControllerExtraConfig:
|
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
|
# This makes the job twice as fast
|
|
ceilometer::agent::polling::polling_interval: 15
|
|
Debug: true
|
|
#TODO(gfidente): remove when the new default is in tripleo-common
|
|
DockerCephDaemonImage: docker.io/ceph/daemon:tag-build-master-luminous-centos-7
|
|
CephAnsibleDisksConfig:
|
|
devices:
|
|
- /dev/loop3
|
|
journal_size: 512
|
|
osd_scenario: collocated
|
|
CephPoolDefaultPgNum: 32
|
|
CephPoolDefaultSize: 1
|
|
CephAnsibleExtraConfig:
|
|
centos_package_dependencies: []
|
|
CephAnsibleSkipTags: ''
|
|
#NOTE: These ID's and keys should be regenerated for
|
|
# a production deployment. What is here is suitable for
|
|
# developer and CI testing only.
|
|
CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
|
|
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
|
|
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
|
|
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
|
|
NovaEnableRbdBackend: true
|
|
CinderEnableRbdBackend: true
|
|
CinderBackupBackend: ceph
|
|
GlanceBackend: rbd
|
|
GnocchiBackend: rbd
|
|
CinderEnableIscsiBackend: false
|
|
GnocchiArchivePolicy: 'high'
|
|
BannerText: |
|
|
******************************************************************
|
|
* This system is for the use of authorized users only. Usage of *
|
|
* this system may be monitored and recorded by system personnel. *
|
|
* Anyone using this system expressly consents to such monitoring *
|
|
* and is advised that if such monitoring reveals possible *
|
|
* evidence of criminal activity, system personnel may provide *
|
|
* the evidence from such monitoring to law enforcement officials.*
|
|
******************************************************************
|
|
CollectdExtraPlugins:
|
|
- rrdtool
|
|
LoggingServers:
|
|
- host: 127.0.0.1
|
|
port: 24224
|
|
MonitoringRabbitHost: 127.0.0.1
|
|
MonitoringRabbitPort: 5676
|
|
MonitoringRabbitPassword: sensu
|
|
TtyValues:
|
|
- console
|
|
- tty1
|
|
- tty2
|
|
- tty3
|
|
- tty4
|
|
- tty5
|
|
- tty6
|