docker/swarm/stack/security_monkey.yml - salt-models/reclass-system - Gitiles

 parameters:
   _param:
     docker_security_monkey_api_replicas: 1
     docker_security_monkey_scheduler_replicas: 1
     secmonkey_login_id: 11
     secmonkey_application_id: 1
     docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
     docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
     security_monkey_bind_host: security-audit-api
     security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
     security_monkey_ssl:
       enabled: false
     security_monkey_db: secmonkey
     notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
     security_monkey_user: devopsportal@devopsportal.local
     security_monkey_password: devopsportal
     security_monkey_role: Justify
     security_monkey_fqdn: ${_param:security_monkey_bind_host}
     security_monkey_web_port: ${_param:security_monkey_bind_port}
     security_monkey_api_port: ${_param:security_monkey_bind_port}
     security_monkey_nginx_port: ${_param:security_monkey_bind_port}
     devops_portal_sm_wtf_csrf_enabled: False
     security_monkey_sync_interval: 15
     security_monkey_openstack:
       os_account_id: mcp_cloud
       os_account_name: mcp_cloud
       auth_url: http://yourcloud.com:5000/v3/auth/tokens
       username: admin
       password: password
       project_domain_name: Default
       project_name: admin
       user_domain_name: Default
       source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
       service_credentials: /opt/os_creds
       endpoint_type: public
       ssl_verify: False
   docker:
     client:
       stack:
         security_monkey:
           environment:
             SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
             SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
             SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
             SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
             SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
             WEB_PORT: ${_param:security_monkey_web_port}
             API_PORT: ${_param:security_monkey_api_port}
             NGINX_PORT: ${_param:security_monkey_nginx_port}
             NOTIFICATIONS_APP_ID: ${_param:secmonkey_application_id}
             NOTIFICATIONS_LOGIN_ID: ${_param:secmonkey_login_id}
             NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
             DEFAULT_USER: ${_param:security_monkey_user}
             DEFAULT_PASSWORD: ${_param:security_monkey_password}
             DEFAULT_ROLE: ${_param:security_monkey_role}
             OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
             OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
             OS_USERNAME: ${_param:security_monkey_openstack:username}
             OS_PASSWORD: ${_param:security_monkey_openstack:password}
             OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
             OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
             OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
             OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
             OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
             CACERT_PATH: ${_param:security_monkey_openstack:service_credentials}/cert.pem
             USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
             SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
             SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
             SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
             SQLALCHEMY_POOL_RECYCLE: 25000
           service:
             security-audit-api:
               image: ${_param:docker_image_security_monkey_api}
               deploy:
                 replicas: ${_param:docker_security_monkey_api_replicas}
                 restart_policy:
                   condition: any
               ports:
                 - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
                 - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
             security-audit-scheduler:
               image: ${_param:docker_image_security_monkey_scheduler}
               deploy:
                 replicas: ${_param:docker_security_monkey_scheduler_replicas}
                 restart_policy:
                   condition: any
               volumes:
                 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
                 - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
           network:
             default:
               external:
                 name: oss_backend
	parameters:
	_param:
	docker_security_monkey_api_replicas: 1
	docker_security_monkey_scheduler_replicas: 1
	secmonkey_login_id: 11
	secmonkey_application_id: 1
	docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
	docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
	security_monkey_bind_host: security-audit-api
	security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
	security_monkey_ssl:
	enabled: false
	security_monkey_db: secmonkey
	notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
	security_monkey_user: devopsportal@devopsportal.local
	security_monkey_password: devopsportal
	security_monkey_role: Justify
	security_monkey_fqdn: ${_param:security_monkey_bind_host}
	security_monkey_web_port: ${_param:security_monkey_bind_port}
	security_monkey_api_port: ${_param:security_monkey_bind_port}
	security_monkey_nginx_port: ${_param:security_monkey_bind_port}
	devops_portal_sm_wtf_csrf_enabled: False
	security_monkey_sync_interval: 15
	security_monkey_openstack:
	os_account_id: mcp_cloud
	os_account_name: mcp_cloud
	auth_url: http://yourcloud.com:5000/v3/auth/tokens
	username: admin
	password: password
	project_domain_name: Default
	project_name: admin
	user_domain_name: Default
	source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
	service_credentials: /opt/os_creds
	endpoint_type: public
	ssl_verify: False
	docker:
	client:
	stack:
	security_monkey:
	environment:
	SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
	SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
	SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
	SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
	SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
	WEB_PORT: ${_param:security_monkey_web_port}
	API_PORT: ${_param:security_monkey_api_port}
	NGINX_PORT: ${_param:security_monkey_nginx_port}
	NOTIFICATIONS_APP_ID: ${_param:secmonkey_application_id}
	NOTIFICATIONS_LOGIN_ID: ${_param:secmonkey_login_id}
	NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
	DEFAULT_USER: ${_param:security_monkey_user}
	DEFAULT_PASSWORD: ${_param:security_monkey_password}
	DEFAULT_ROLE: ${_param:security_monkey_role}
	OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
	OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
	OS_USERNAME: ${_param:security_monkey_openstack:username}
	OS_PASSWORD: ${_param:security_monkey_openstack:password}
	OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
	OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
	OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
	OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
	OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
	CACERT_PATH: ${_param:security_monkey_openstack:service_credentials}/cert.pem
	USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
	SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
	SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
	SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
	SQLALCHEMY_POOL_RECYCLE: 25000
	service:
	security-audit-api:
	image: ${_param:docker_image_security_monkey_api}
	deploy:
	replicas: ${_param:docker_security_monkey_api_replicas}
	restart_policy:
	condition: any
	ports:
	- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
	volumes:
	- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
	- ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
	security-audit-scheduler:
	image: ${_param:docker_image_security_monkey_scheduler}
	deploy:
	replicas: ${_param:docker_security_monkey_scheduler_replicas}
	restart_policy:
	condition: any
	volumes:
	- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
	- ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
	network:
	default:
	external:
	name: oss_backend