airship
/
treasuremap
Code Issues Proposed changes
treasuremap/type/cruiser/software/config/service_accounts.yaml

435 lines
11 KiB
YAML
Raw Blame History

---
# The purpose of this file is to define the account catalog for the site. This
# mostly contains service usernames, but also contain some information which
# should be changed like the region (site) name.
schema: pegleg/AccountCatalogue/v1
metadata:
schema: metadata/Document/v1
name: osh_service_accounts
layeringDefinition:
abstract: false
layer: type
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
- path: .osh.keystone.admin.region_name
- path: .osh.keystone.test.region_name
- path: .osh.cinder.cinder.region_name
- path: .osh.cinder.test.region_name
- path: .osh.glance.glance.region_name
- path: .osh.glance.test.region_name
- path: .osh.heat.heat.region_name
- path: .osh.heat.test.region_name
- path: .osh.heat.heat_trustee.region_name
- path: .osh.heat.heat_stack_user.region_name
- path: .osh.swift.keystone.region_name
- path: .osh.neutron.neutron.region_name
- path: .osh.neutron.test.region_name
- path: .osh.nova.nova.region_name
- path: .osh.nova.test.region_name
- path: .osh.nova.placement.region_name
- path: .osh.placement.placement.region_name
- path: .osh.placement.test.region_name
- path: .osh.barbican.barbican.region_name
- path: .osh.horizon.admin.region_name
data:
osh:
keystone:
admin:
username: admin
project_name: admin
user_domain_name: default
project_domain_name: default
test:
role: admin
username: keystone-test
project_name: test
user_domain_name: service
project_domain_name: service
oslo_db:
username: keystone
database: keystone
oslo_messaging:
keystone:
username: keystone-rabbitmq-user
cinder:
cinder:
role: admin
username: cinder
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: cinder-test
project_name: test
user_domain_name: service
project_domain_name: service
oslo_db:
username: cinder
database: cinder
oslo_messaging:
cinder:
username: cinder-rabbitmq-user
glance:
glance:
role: admin
username: glance
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: glance-test
project_name: test
user_domain_name: service
project_domain_name: service
oslo_db:
username: glance
database: glance
oslo_messaging:
glance:
username: glance-rabbitmq-user
ceph_object_store:
username: glance
heat:
heat:
role: admin
username: heat
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: heat-test
project_name: test
user_domain_name: service
project_domain_name: service
heat_trustee:
role: admin
username: heat-trust
project_name: service
user_domain_name: default
project_domain_name: default
heat_stack_user:
role: admin
username: heat-domain
domain_name: heat
oslo_db:
username: heat
database: heat
oslo_messaging:
heat:
username: heat-rabbitmq-user
swift:
keystone:
role: admin
username: swift
project_name: service
user_domain_name: default
project_domain_name: default
oslo_db:
admin:
username: root
sst:
username: sst
audit:
username: audit
prometheus_mysql_exporter:
user:
username: osh-oslodb-exporter
neutron:
neutron:
role: admin
username: neutron
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: neutron-test
project_name: test
user_domain_name: service
project_domain_name: service
oslo_db:
username: neutron
database: neutron
oslo_messaging:
neutron:
username: neutron-rabbitmq-user
placement:
placement:
role: admin
username: placement
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: placement-test
project_name: test
user_domain_name: service
project_domain_name: service
oslo_db:
username: placement
database: placement
oslo_messaging:
placement:
username: placement-rabbitmq-user
nova:
nova:
role: admin
username: nova
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
username: nova-test
project_name: test
user_domain_name: service
project_domain_name: service
placement:
role: admin
username: placement
project_name: service
user_domain_name: default
project_domain_name: default
oslo_db:
username: nova
database: nova
oslo_db_api:
username: nova
database: nova_api
oslo_db_cell0:
username: nova
database: "nova_cell0"
oslo_messaging:
nova:
username: nova-rabbitmq-user
placement:
username: nova-rabbitmq-user
horizon:
admin:
username: admin
project_name: admin
user_domain_name: default
project_domain_name: default
oslo_db:
username: horizon
database: horizon
barbican:
barbican:
role: admin
username: barbican
project_name: service
user_domain_name: default
project_domain_name: default
oslo_db:
username: barbican
database: barbican
oslo_messaging:
barbican:
username: barbican-rabbitmq-user
oslo_messaging:
admin:
username: admin
...
---
schema: pegleg/AccountCatalogue/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_service_accounts
layeringDefinition:
abstract: false
layer: type
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
path: .osh_infra.prometheus_openstack_exporter.user.region_name
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ldap.username
dest:
path: .osh_infra.ldap.admin.bind
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .infrastructure.dmaap.user
dest:
path: .osh_infra.kafka.admin.username
data:
osh_infra:
ceph_object_store:
admin:
username: s3_admin
elasticsearch:
username: elasticsearch
grafana:
admin:
username: grafana
oslo_db:
username: grafana
database: grafana
oslo_db_session:
username: grafana_session
database: grafana_session
elasticsearch:
admin:
username: elasticsearch
oslo_messaging:
admin:
username: admin
oslo_db:
admin:
username: root
sst:
username: sst
audit:
username: audit
prometheus_mysql_exporter:
user:
username: osh-infra-oslodb-exporter
prometheus_openstack_exporter:
user:
role: admin
username: prometheus-openstack-exporter
project_name: service
user_domain_name: default
project_domain_name: default
nagios:
admin:
username: nagios
prometheus:
admin:
username: prometheus
...
---
schema: pegleg/AccountCatalogue/v1
metadata:
schema: metadata/Document/v1
name: ro_service_accounts
layeringDefinition:
abstract: false
layer: type
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
- path: .ro.keystone.admin.region_name
- path: .ro.keystone.ro.region_name
data:
ro:
keystone:
ro:
username: ro_admin
project_name: admin
user_domain_name: default
project_domain_name: default
oslo_db:
username: ro_admin
database: ro_admin
oslo_messaging:
ro:
username: ro_admin
...
---
schema: pegleg/AccountCatalogue/v1
metadata:
schema: metadata/Document/v1
name: osh_addons_service_accounts
layeringDefinition:
abstract: false
layer: type
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
path: .osh_addons.ranger-agent.ranger_agent.region_name
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
path: .osh_addons.ranger-agent.ranger.region_name
- src:
schema: pegleg/CommonSoftwareConfig/v1
name: common-software-config
path: .osh.region_name
dest:
path: .osh_addons.ranger-agent.ranger_admin.region_name
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .ranger.ranger-agent.ranger_agent_keystone_user
dest:
path: .osh_addons.ranger-agent.ranger_agent.username
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .ranger.ranger.ranger_keystone_user
dest:
path: .osh_addons.ranger-agent.ranger.username
- src:
schema: nc/CorridorConfig/v1
name: corridor-config
path: .ranger.ranger.ranger_keystone_user
dest:
path: .osh_addons.ranger-agent.ranger_admin.username
data:
osh_addons:
ranger-agent:
ranger_agent:
role: admin
project_name: service
user_domain_name: default
project_domain_name: default
oslo_db:
admin:
username: root
sst:
username: sst
audit:
username: audit
ranger_agent:
username: ranger-agent
database: ord
oslo_messaging:
admin:
username: admin
ranger-agent:
username: ranger-agent-rabbitmq-user
ranger:
role:
- admin
- admin_support
- admin_viewer
- ranger_customer_creator
- ranger_flavor_creator
- admin_image
project_name: service
user_domain_name: default
project_domain_name: default
ranger_admin:
role: admin
project_name: admin
user_domain_name: default
project_domain_name: default
...
View Git Blame Copy Permalink