diff options
| author |   Kaspars Skels <kaspars.skels@att.com> | 2019-07-15 15:27:12 -0500 |
|---|---|---|
| committer | Kaspars Skels <kaspars.skels@att.com> | 2019-08-13 10:48:32 -0500 |
| commit | d62d663a2daaf301c6ca5ae7d314e61b904af575 (patch) | |
| tree | 0b6fbd14381b1fe38e834326382784d8476e00ad /type/cntt/software/config | |
| parent | 6f42f8c81f7cffc41abd73f80731b73261ad35e3 (diff) | |
Initial site reference manifests for intel-pod17
This includes cntt type definition as well as site manifests.
Change-Id: I4829c80199795af0c841419b8fd19557295fe244
Signed-off-by: Kaspars Skels <kaspars.skels@att.com>
Diffstat (limited to 'type/cntt/software/config')
| -rw-r--r-- | type/cntt/software/config/endpoints.yaml | 1088 | ||||
| -rw-r--r-- | type/cntt/software/config/service_accounts.yaml | 435 |
2 files changed, 1523 insertions, 0 deletions
diff --git a/type/cntt/software/config/endpoints.yaml b/type/cntt/software/config/endpoints.yaml new file mode 100644 index 0000000..12bc7da --- /dev/null +++ b/type/cntt/software/config/endpoints.yaml @@ -0,0 +1,1088 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .ucp.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .ucp.shipyard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.physicalprovisioner.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.maas_region.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: iam-airship.DOMAIN + admin: + host: iam-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + airflow_oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /airflow + scheme: amqp + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_messaging: + namespace: null + statefulset: + name: airship-ucp-rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: drydock-airship.DOMAIN + maas_region: + name: maas-region + hosts: + default: maas-region + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_api: + default: 80 + nodeport: 31900 + podport: 80 + public: 80 + region_proxy: + default: 8000 + host_fqdn_override: + default: null + public: + host: maas-airship.DOMAIN + maas_ingress: + hosts: + default: maas-ingress + error_pages: maas-ingress-error + host_fqdn_override: + public: null + port: + http: + default: 80 + https: + default: 443 + ingress_default_server: + default: 8383 + error_pages: + default: 8080 + podport: 8080 + healthz: + podport: 10259 + status: + podport: 18089 + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: shipyard-airship.DOMAIN + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.image.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.cloudformation.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.orchestration.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.placement.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.network.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .osh.dashboard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volume.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev2.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev3.host_fqdn_override.public.host + pattern: DOMAIN +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + oslo_messaging: + statefulset: + name: airship-openstack-rabbitmq-rabbitmq + namespace: openstack + hosts: + default: openstack-rabbitmq + host_fqdn_override: + default: null + path: /VHOST_NAME + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + openstack_rabbitmq_exporter: + namespace: openstack + hosts: + default: openstack-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: identity-airship.DOMAIN + admin: + host: identity-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + public: + host: image-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + public: + host: orchestration-airship.DOMAIN + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8004 + public: 80 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + public: + host: cloudformation-airship.DOMAIN + path: + default: /v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8000 + public: 80 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + public: + host: network-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9696 + public: 80 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + public: + host: compute-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 80 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + public: + host: nova-novncproxy-airship.DOMAIN + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "http" + port: + novnc_proxy: + default: 6080 + public: 80 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + public: + host: placement-airship.DOMAIN + path: + default: / + scheme: + default: "http" + public: "http" + port: + api: + default: 8778 + public: 80 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + public: + host: dashboard-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + web: + default: 80 + public: 80 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.grafana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.nagios.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.base_url + dest: + path: .osh_infra.ldap.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + public: + host: grafana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + grafana: + default: 3000 + public: 80 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + public: + host: kibana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + kibana: + default: 5601 + public: 80 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + public: + host: nagios-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + http: + default: 80 + public: 80 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + public: + host: DOMAIN + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... diff --git a/type/cntt/software/config/service_accounts.yaml b/type/cntt/software/config/service_accounts.yaml new file mode 100644 index 0000000..751f1b1 --- /dev/null +++ b/type/cntt/software/config/service_accounts.yaml @@ -0,0 +1,435 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + replica: + username: standby + exporter: + username: psql_exporter + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + barbican: + username: barbican-rabbitmq-user + oslo_messaging: + admin: + username: admin + tempest: + tempest: + role: admin + username: tempest + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... |