X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site_type%2Fovsdpdk-a13%2Ftemplates%2Fsoftware%2Fconfig%2Fservice_accounts.j2;fp=site_type%2Fovsdpdk-a13%2Ftemplates%2Fsoftware%2Fconfig%2Fservice_accounts.j2;h=751f1b1f79944f6f32383dff0ee4d5e3f61a2087;hb=4ef0e0a733df21b39be32c773be73c688d4466af;hp=0000000000000000000000000000000000000000;hpb=267230d53447c489d10905f260f503f2e71d414f;p=yaml_builds.git diff --git a/site_type/ovsdpdk-a13/templates/software/config/service_accounts.j2 b/site_type/ovsdpdk-a13/templates/software/config/service_accounts.j2 new file mode 100644 index 0000000..751f1b1 --- /dev/null +++ b/site_type/ovsdpdk-a13/templates/software/config/service_accounts.j2 @@ -0,0 +1,435 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + replica: + username: standby + exporter: + username: psql_exporter + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + barbican: + username: barbican-rabbitmq-user + oslo_messaging: + admin: + username: admin + tempest: + tempest: + role: admin + username: tempest + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +...