summaryrefslogtreecommitdiffstats
path: root/type/cntt/software/config/service_accounts.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'type/cntt/software/config/service_accounts.yaml')
-rw-r--r--type/cntt/software/config/service_accounts.yaml435
1 files changed, 435 insertions, 0 deletions
diff --git a/type/cntt/software/config/service_accounts.yaml b/type/cntt/software/config/service_accounts.yaml
new file mode 100644
index 0000000..751f1b1
--- /dev/null
+++ b/type/cntt/software/config/service_accounts.yaml
@@ -0,0 +1,435 @@
+---
+# The purpose of this file is to define the account catalog for the site. This
+# mostly contains service usernames, but also contain some information which
+# should be changed like the region (site) name.
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: ucp_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ ucp:
+ postgres:
+ admin:
+ username: postgres
+ replica:
+ username: standby
+ exporter:
+ username: psql_exporter
+ oslo_db:
+ admin:
+ username: root
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ oslo_db:
+ username: keystone
+ database: keystone
+ promenade:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: promenade
+ drydock:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: drydock
+ postgres:
+ username: drydock
+ database: drydock
+ shipyard:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: shipyard
+ postgres:
+ username: shipyard
+ database: shipyard
+ airflow:
+ postgres:
+ username: airflow
+ database: airflow
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ user:
+ username: airflow
+ maas:
+ admin:
+ username: admin
+ email: none@none
+ postgres:
+ username: maas
+ database: maasdb
+ barbican:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: barbican
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ admin:
+ username: rabbitmq
+ keystone:
+ username: keystone
+ armada:
+ keystone:
+ project_domain_name: default
+ user_domain_name: default
+ project_name: service
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ username: armada
+ deckhand:
+ keystone:
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ role: admin
+ project_name: service
+ project_domain_name: default
+ user_domain_name: default
+ username: deckhand
+ postgres:
+ username: deckhand
+ database: deckhand
+ prometheus_openstack_exporter:
+ user:
+ region_name: RegionOne
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ ceph:
+ swift:
+ keystone:
+ role: admin
+ # NEWSITE-CHANGEME: Replace with the site name
+ region_name: RegionOne
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.keystone.admin.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.cinder.cinder.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.glance.glance.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_trustee.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.heat.heat_stack_user.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.swift.keystone.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.neutron.neutron.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.nova.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.nova.placement.region_name
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh.barbican.barbican.region_name
+data:
+ osh:
+ keystone:
+ admin:
+ username: admin
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: keystone
+ database: keystone
+ oslo_messaging:
+ keystone:
+ username: keystone-rabbitmq-user
+ ldap:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ username: "test@ldap.example.com"
+ cinder:
+ cinder:
+ role: admin
+ username: cinder
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: cinder
+ database: cinder
+ oslo_messaging:
+ cinder:
+ username: cinder-rabbitmq-user
+ glance:
+ glance:
+ role: admin
+ username: glance
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: glance
+ database: glance
+ oslo_messaging:
+ glance:
+ username: glance-rabbitmq-user
+ ceph_object_store:
+ username: glance
+ heat:
+ heat:
+ role: admin
+ username: heat
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_trustee:
+ role: admin
+ username: heat-trust
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ heat_stack_user:
+ role: admin
+ username: heat-domain
+ domain_name: heat
+ oslo_db:
+ username: heat
+ database: heat
+ oslo_messaging:
+ heat:
+ username: heat-rabbitmq-user
+ swift:
+ keystone:
+ role: admin
+ username: swift
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ admin:
+ username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-oslodb-exporter
+ neutron:
+ neutron:
+ role: admin
+ username: neutron
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: neutron
+ database: neutron
+ oslo_messaging:
+ neutron:
+ username: neutron-rabbitmq-user
+ nova:
+ nova:
+ role: admin
+ username: nova
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ placement:
+ role: admin
+ username: placement
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: nova
+ database: nova
+ oslo_db_api:
+ username: nova
+ database: nova_api
+ oslo_db_cell0:
+ username: nova
+ database: "nova_cell0"
+ oslo_messaging:
+ nova:
+ username: nova-rabbitmq-user
+ horizon:
+ oslo_db:
+ username: horizon
+ database: horizon
+ barbican:
+ barbican:
+ role: admin
+ username: barbican
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ oslo_db:
+ username: barbican
+ database: barbican
+ oslo_messaging:
+ barbican:
+ username: barbican-rabbitmq-user
+ oslo_messaging:
+ admin:
+ username: admin
+ tempest:
+ tempest:
+ role: admin
+ username: tempest
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+ schema: metadata/Document/v1
+ name: osh_infra_service_accounts
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+ substitutions:
+ - src:
+ schema: pegleg/CommonSoftwareConfig/v1
+ name: common-software-config
+ path: .osh.region_name
+ dest:
+ path: .osh_infra.prometheus_openstack_exporter.user.region_name
+data:
+ osh_infra:
+ ceph_object_store:
+ admin:
+ username: s3_admin
+ elasticsearch:
+ username: elasticsearch
+ grafana:
+ admin:
+ username: grafana
+ oslo_db:
+ username: grafana
+ database: grafana
+ oslo_db_session:
+ username: grafana_session
+ database: grafana_session
+ elasticsearch:
+ admin:
+ username: elasticsearch
+ oslo_db:
+ admin:
+ username: root
+ prometheus_mysql_exporter:
+ user:
+ username: osh-infra-oslodb-exporter
+ prometheus_openstack_exporter:
+ user:
+ role: admin
+ username: prometheus-openstack-exporter
+ project_name: service
+ user_domain_name: default
+ project_domain_name: default
+ nagios:
+ admin:
+ username: nagios
+ prometheus:
+ admin:
+ username: prometheus
+ ldap:
+ admin:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ bind: "test@ldap.example.com"
+...