Drop static passwords
For security reasons, all passwords must be generated. That's why
all password related parameters has been moved to defaults but
commented out, so they will be required and one have to set needed
parameters if any of them used but missing, and also to have a reference.
Exclusions:
- `opencontrail_message_queue_password` must be defined due of
limitations in OpenContrail over OpenStack
- `rabbitmq_guest_password` for backward compatibility
- `keepalived_openstack_telemetry_vip_password` for backward
compatibility
- `gerrit_ldap_bind_password` for backward compatibility
- `opencontrail_identity_password` for backward compatibility
- `kubernetes_openstack_provider_cloud_password` for backward
compatibility
This is kind of backport of https://gerrit.mcp.mirantis.com/#/c/34068/
to release/2019.2.0.
Change-Id: Id63bc4be2ef9dfaf369c583e017718c8253c8e93
Prod-related: PROD-29480
diff --git a/billometer/server/single.yml b/billometer/server/single.yml
index 8152202..c606303 100644
--- a/billometer/server/single.yml
+++ b/billometer/server/single.yml
@@ -7,16 +7,8 @@
- service.supervisor.server.single
parameters:
_param:
- billometer_secret_key: billometer
keystone_billometer_address: localhost
- keystone_billometer_password: password
- postgresql_billometer_password: password
- postgresql_graphite_password: password
rabbitmq_admin_name: admin
- rabbitmq_admin_password: password
- rabbitmq_secret_key: rabbitmq
- rabbitmq_billometer_password: password
- rabbitmq_graphite_password: password
postgresql:
server:
database:
diff --git a/defaults/init.yml b/defaults/init.yml
index 2763914..8fae296 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -21,6 +21,7 @@
- system.defaults.gerrit
- system.defaults.keepalived
- system.defaults.salt
+- system.defaults.secrets
- system.defaults.stacklight
- system.defaults.xtrabackup
- system.defaults.haproxy
diff --git a/defaults/secrets.yml b/defaults/secrets.yml
index 65b7bce..fe8a6a2 100644
--- a/defaults/secrets.yml
+++ b/defaults/secrets.yml
@@ -40,11 +40,19 @@
# jenkins_client_password: <<CHANGEME>>
# jenkins_security_ldap_manager_password: <<CHANGEME>>
# oss_jenkins_password: <<CHANGEME>>
+# jenkins_slave_password: <<CHANGEME>>
# Gerrit/LDAP
gerrit_ldap_bind_password: password
# Docker
+# docker_mongodb_admin_password: <<CHANGEME>>
+# janitor_monkey_mongodb_password: <<CHANGEME>>
+# janitor_monkey_openstack:
+# password: <<CHANGEME>>
+# security_monkey_password: <<CHANGEME>>
+# security_monkey_openstack:
+# password: <<CHANGEME>>
# keycloak_admin_password: <<CHANGEME>>
# kqueen_api_ldap_password: <<CHANGEME>>
# kqueen_credentials:
@@ -60,7 +68,6 @@
# nova_compute_ssh_public: <<CHANGEME>>
# nova_compute_ssh_private: <<CHANGEME>>
-
# Grafana
# grafana_password: <<CHANGEME>>
# grafana_database_password: <<CHANGEME>>
@@ -76,7 +83,6 @@
# Galera
# galera_clustercheck_password: <<CHANGEME>>
-# Generic
+# Generic
# root_private_key:
# root_public_key:
-
diff --git a/devops_portal/service/jenkins.yml b/devops_portal/service/jenkins.yml
index ee00912..b800188 100644
--- a/devops_portal/service/jenkins.yml
+++ b/devops_portal/service/jenkins.yml
@@ -1,7 +1,6 @@
parameters:
_param:
oss_jenkins_user: admin
- oss_jenkins_password: password
devops_portal:
config:
service:
diff --git a/docker/client/compose/service/gerrit.yml b/docker/client/compose/service/gerrit.yml
index 69b2a2c..67af5eb 100644
--- a/docker/client/compose/service/gerrit.yml
+++ b/docker/client/compose/service/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 62a3e14..7b0eac5 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -6,7 +6,6 @@
grafana_database_type: sqlite3
grafana_database_host: localhost
grafana_database_port: 3306
- grafana_database_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 964899d..42af606 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 0cb8c43..79e9561 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -2,7 +2,6 @@
_param:
docker_janitor_monkey_replicas: 1
docker_mongodb_admin_username: admin
- docker_mongodb_admin_password: password
docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
janitor_monkey_bind_host: cleanup-service-api
janitor_monkey_bind_port: 8080
@@ -17,7 +16,6 @@
janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
janitor_monkey_mongodb_db: mcp_cloud
janitor_monkey_mongodb_username: janitor
- janitor_monkey_mongodb_password: password
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
@@ -30,7 +28,6 @@
project_name: admin
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
endpoint_type: public
ssl_verify: False
source_credentials_dir: /srv/volumes/rundeck/storage
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index 7dcb88a..3598282 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml
@@ -6,7 +6,6 @@
keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
# Initial admin support
keycloak_admin_username: admin
- keycloak_admin_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
index 0c61ed9..24166ed 100644
--- a/docker/swarm/stack/kqueen.yml
+++ b/docker/swarm/stack/kqueen.yml
@@ -10,7 +10,6 @@
kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
kqueen_api_ldap_uri: 'ldap://ldap'
kqueen_api_ldap_dn: 'cn=admin,dc=example,dc=org'
- kqueen_api_ldap_password: 'password'
kqueen_api_auth_modules: 'local'
docker_kqueen_ui_replicas: 1
kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
@@ -26,7 +25,6 @@
kqueen_ui_secret_key: 'pasteyoursecret'
kqueen_api_bootstrap_admin: True
kqueen_api_admin_username: admin
- kqueen_api_admin_password: default
kqueen_api_admin_organization: MirantisCloudPlatform
kqueen_api_admin_namespace: mcp
docker:
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index b3936c6..619e0c2 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -7,7 +7,6 @@
postgresql_ssl:
enabled: false
postgresql_admin_user: postgres
- postgresql_admin_user_password: postgrespassword
docker:
client:
stack:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 2ee26e4..3bb1e17 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -13,13 +13,11 @@
pushkin_smtp_port: 587
pushkin_smtp_use_tls: true
webhook_from: your_sender@mail.com
- pushkin_email_sender_password: your_sender_password
webhook_recipients: "recepient1@mail.com,recepient2@mail.com"
webhook_login_id: 13
webhook_application_id: 24
sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
sfdc_username: user@example.net
- sfdc_password: secret
sfdc_consumer_key: example_consumer_key
sfdc_consumer_secret: example_consumer_secret
sfdc_organization_id: example_organization_id
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 5db205e..5b7046c 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -13,7 +13,6 @@
security_monkey_db: secmonkey
notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
- security_monkey_password: devopsportal
security_monkey_role: Justify
security_monkey_fqdn: ${_param:security_monkey_bind_host}
security_monkey_web_port: ${_param:security_monkey_bind_port}
@@ -26,7 +25,6 @@
os_account_name: mcp_cloud
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
project_domain_name: Default
project_name: admin
user_domain_name: Default
diff --git a/galera/server/clustercheck.yml b/galera/server/clustercheck.yml
index a5d7137..6213c58 100644
--- a/galera/server/clustercheck.yml
+++ b/galera/server/clustercheck.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- galera_clustercheck_password: clustercheck
galera:
clustercheck:
enabled: True
diff --git a/grafana/server/single.yml b/grafana/server/single.yml
index 775ce38..6303430 100644
--- a/grafana/server/single.yml
+++ b/grafana/server/single.yml
@@ -4,7 +4,6 @@
_param:
grafana_port: 3000
grafana_user: admin
- grafana_password: admin
grafana:
server:
enabled: true
diff --git a/graphite/collector/single.yml b/graphite/collector/single.yml
index 5ca5715..5442a3f 100644
--- a/graphite/collector/single.yml
+++ b/graphite/collector/single.yml
@@ -2,8 +2,6 @@
- service.memcached.server.local
- service.graphite.collector.single
parameters:
- _param:
- rabbitmq_monitor_password: password
carbon:
relay:
enabled: false
diff --git a/graphite/server/single.yml b/graphite/server/single.yml
index 237c65d..9c891d3 100644
--- a/graphite/server/single.yml
+++ b/graphite/server/single.yml
@@ -7,12 +7,7 @@
parameters:
_param:
graphite_secret_key: secret
- postgresql_graphite_password: password
apache2_site_graphite_host: ${_param:single_address}
- rabbitmq_graphite_password: password
- rabbitmq_monitor_password: password
- rabbitmq_admin_password: password
- rabbitmq_secret_key: password
apache:
server:
modules:
diff --git a/haproxy/proxy/listen/opencontrail/analytics.yml b/haproxy/proxy/listen/opencontrail/analytics.yml
index 14890ca..fd20277 100644
--- a/haproxy/proxy/listen/opencontrail/analytics.yml
+++ b/haproxy/proxy/listen/opencontrail/analytics.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- opencontrail_stats_password: password
haproxy:
proxy:
listen:
diff --git a/haproxy/proxy/listen/opencontrail/control.yml b/haproxy/proxy/listen/opencontrail/control.yml
index db407be..b704f04 100644
--- a/haproxy/proxy/listen/opencontrail/control.yml
+++ b/haproxy/proxy/listen/opencontrail/control.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- opencontrail_stats_password: password
opencontrail_api_start_offset: 0
opencontrail_api_workers_count: 1
haproxy:
diff --git a/haproxy/proxy/listen/opencontrail/control4_0.yml b/haproxy/proxy/listen/opencontrail/control4_0.yml
index baeb86e..22623fd 100644
--- a/haproxy/proxy/listen/opencontrail/control4_0.yml
+++ b/haproxy/proxy/listen/opencontrail/control4_0.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- opencontrail_stats_password: password
opencontrail_api_start_offset: 0
opencontrail_api_workers_count: 1
haproxy:
diff --git a/heka/router/single.yml b/heka/router/single.yml
index 8801e42..bba6458 100644
--- a/heka/router/single.yml
+++ b/heka/router/single.yml
@@ -12,7 +12,6 @@
heka_router_prefetch_count: 20
rabbitmq_secret_key: secret_key
rabbitmq_admin_name: admin
- rabbitmq_admin_password: workshoplearning42
kibana_elasticsearch_host: localhost
heka:
shipper:
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 711c855..11b5430 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -7,7 +7,6 @@
parameters:
_param:
jenkins_client_user: none
- jenkins_client_password: none
jenkins_master_host: ${_param:control_vip_address}
jenkins_aptly_storages: "local"
jenkins_offline_deployment: "false"
diff --git a/jenkins/client/security/ldap.yml b/jenkins/client/security/ldap.yml
index ba53570..d47e74f 100644
--- a/jenkins/client/security/ldap.yml
+++ b/jenkins/client/security/ldap.yml
@@ -1,7 +1,6 @@
parameters:
_param:
jenkins_security_ldap_manager_dn: ''
- jenkins_security_ldap_manager_password: ''
jenkins_security_ldap_user_search_filter: 'uid={0}'
jenkins_security_ldap_user_search_base: ''
jenkins_security_ldap_group_search_base: ''
diff --git a/jenkins/slave/init.yml b/jenkins/slave/init.yml
index 693464e..a0d3e0e 100644
--- a/jenkins/slave/init.yml
+++ b/jenkins/slave/init.yml
@@ -6,6 +6,7 @@
_param:
java_environment_version: "8"
java_environment_platform: openjdk
+ jenkins_slave_user: none
jenkins_master_host: ${_param:control_vip_address}
java:
environment:
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index f7fbce8..42d95f1 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -8,7 +8,6 @@
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
keepalived_k8s_apiserver_vip_interface: ens3
keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
- keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
@@ -25,4 +24,4 @@
interface: ${_param:keepalived_k8s_apiserver_vip_interface}
virtual_router_id: 60
priority: ${_param:keepalived_vip_priority}
- track_script: k8s_vip
\ No newline at end of file
+ track_script: k8s_vip
diff --git a/keepalived/cluster/instance/openstack_barbican_vip.yml b/keepalived/cluster/instance/openstack_barbican_vip.yml
index 3c733c4..f6e430f 100644
--- a/keepalived/cluster/instance/openstack_barbican_vip.yml
+++ b/keepalived/cluster/instance/openstack_barbican_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_barbican_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_barbican_vip_password: password
keepalived_openstack_barbican_vip_interface: eth1
keepalived_vip_virtual_router_id: 250
keepalived_vip_address: ${_param:keepalived_openstack_barbican_vip_address}
diff --git a/keepalived/cluster/instance/openstack_baremetal_vip.yml b/keepalived/cluster/instance/openstack_baremetal_vip.yml
index 355cf53..fe2b527 100644
--- a/keepalived/cluster/instance/openstack_baremetal_vip.yml
+++ b/keepalived/cluster/instance/openstack_baremetal_vip.yml
@@ -5,7 +5,6 @@
parameters:
_param:
keepalived_openstack_baremetal_vip_address: ${_param:cluster_baremetal_vip_address}
- keepalived_openstack_baremetal_password: password
keepalived_openstack_baremetal_vip_interface: eth1
keepalived_openstack_baremetal_vip_virtual_router_id: 132
keepalived_openstack_baremetal_vip_priority: ${_param:keepalived_vip_priority}
diff --git a/keepalived/cluster/instance/openstack_manila_vip.yml b/keepalived/cluster/instance/openstack_manila_vip.yml
index d8330c4..b87d998 100644
--- a/keepalived/cluster/instance/openstack_manila_vip.yml
+++ b/keepalived/cluster/instance/openstack_manila_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_manila_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_manila_vip_password: password
keepalived_openstack_manila_vip_interface: eth1
keepalived_vip_virtual_router_id: 235
keepalived_vip_address: ${_param:keepalived_openstack_manila_vip_address}
diff --git a/keepalived/cluster/instance/openstack_telemetry_vip.yml b/keepalived/cluster/instance/openstack_telemetry_vip.yml
index 5dc91a1..92aa048 100644
--- a/keepalived/cluster/instance/openstack_telemetry_vip.yml
+++ b/keepalived/cluster/instance/openstack_telemetry_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_telemetry_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_telemetry_vip_password: password
keepalived_openstack_telemetry_vip_interface: eth1
keepalived_vip_virtual_router_id: 230
keepalived_vip_address: ${_param:keepalived_openstack_telemetry_vip_address}
diff --git a/keepalived/cluster/instance/openstack_web_public_vip.yml b/keepalived/cluster/instance/openstack_web_public_vip.yml
index 363f23b..3efebd2 100644
--- a/keepalived/cluster/instance/openstack_web_public_vip.yml
+++ b/keepalived/cluster/instance/openstack_web_public_vip.yml
@@ -5,7 +5,6 @@
parameters:
_param:
keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_web_public_vip_password: password
keepalived_openstack_web_public_vip_interface: eth1
keepalived:
cluster:
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 9663488..014a6dc 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -9,10 +9,8 @@
parameters:
_param:
keystone_service_token: token
- keystone_admin_password: password
mysql_admin_user: root
- mysql_admin_password: password
- mysql_keystone_password: password
+ keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 3ab1085..00a98eb 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -131,7 +131,6 @@
kubernetes_openstack_provider_binary: ${_param:kubernetes_openstack_provider_repo}/openstack-cloud-controller-manager_v0.3.0-2_1549884015986
kubernetes_openstack_provider_binary_hash: md5=fd19a97527009aac72de7997744885fb
kubernetes_openstack_provider_cloud_user: admin
- kubernetes_openstack_provider_cloud_password: secret
kubernetes_openstack_provider_cloud_auth_url: http://127.0.0.1:5000/v3
kubernetes_openstack_provider_cloud_tenant_id: tenant_id
kubernetes_openstack_provider_cloud_domain_id: default
diff --git a/kubernetes/control/opencontrail.yml b/kubernetes/control/opencontrail.yml
index 75e3b0d..8cdd97c 100644
--- a/kubernetes/control/opencontrail.yml
+++ b/kubernetes/control/opencontrail.yml
@@ -1,12 +1,10 @@
parameters:
_param:
opencontrail_identity_user: admin
- opencontrail_identity_password: contrail123
opencontrail_identity_tenant: admin
opencontrail_public_ip_range: 172.17.47.128/25
opencontrail_public_ip_network: default-domain:default-project:Public
opencontrail_private_ip_range: 10.150.0.0/16
- opencontrail_message_queue_password: guest
kubernetes:
pool:
network:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 5533cf9..437f3c1 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -13,7 +13,6 @@
nova_cpu_allocation_ratio: 16.0
nova_ram_allocation_ratio: 1.5
nova_disk_allocation_ratio: 1.0
- metadata_password: metadataPass
linux:
system:
package:
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index eb29ead..18c5a5f 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -18,7 +18,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
opencontrail_analytics_container_name: opencontrail_analytics_1
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 64cbf14..6859b9c 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -19,7 +19,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
diff --git a/opencontrail/control/cluster4_0_k8s.yml b/opencontrail/control/cluster4_0_k8s.yml
index f5f34c1..77c036d 100644
--- a/opencontrail/control/cluster4_0_k8s.yml
+++ b/opencontrail/control/cluster4_0_k8s.yml
@@ -13,7 +13,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index fe63ec1..bc37f8e 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -13,7 +13,6 @@
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_message_queue_password: guest
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_api_workers_count: 6
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index d0573e9..89768d3 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -15,7 +15,6 @@
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
- opencontrail_message_queue_password: guest
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
system:
diff --git a/postgresql/client/init.yml b/postgresql/client/init.yml
index 95fdcdb..1775654 100644
--- a/postgresql/client/init.yml
+++ b/postgresql/client/init.yml
@@ -1,7 +1,6 @@
parameters:
_param:
postgresql_client_user: none
- postgresql_client_password: none
postgresql_client_host: ${_param:control_vip_address}
postgresql_client_port: 5432
postgresql:
diff --git a/postgresql/client/pushkin/alertmanager.yml b/postgresql/client/pushkin/alertmanager.yml
index 8e413da..bf01013 100644
--- a/postgresql/client/pushkin/alertmanager.yml
+++ b/postgresql/client/pushkin/alertmanager.yml
@@ -4,7 +4,6 @@
_param:
alertmanager_db_host: ${_param:haproxy_postgresql_bind_host}
alertmanager_db_user: alertmanager
- alertmanager_db_user_password: alertmanager
webhook_login_id: 13
webhook_application_id: 24
postgresql:
diff --git a/postgresql/client/pushkin/init.yml b/postgresql/client/pushkin/init.yml
index 5677646..26f8abe 100644
--- a/postgresql/client/pushkin/init.yml
+++ b/postgresql/client/pushkin/init.yml
@@ -4,7 +4,6 @@
_param:
pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
pushkin_db_user: pushkin
- pushkin_db_user_password: pushkin
postgresql:
client:
server:
diff --git a/postgresql/client/pushkin/janitor_monkey.yml b/postgresql/client/pushkin/janitor_monkey.yml
index b56d098..78a3b27 100644
--- a/postgresql/client/pushkin/janitor_monkey.yml
+++ b/postgresql/client/pushkin/janitor_monkey.yml
@@ -4,7 +4,6 @@
_param:
janmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
janmonkey_db_user: janmonkey
- janmonkey_db_user_password: janmonkey
janmonkey_login_id: 12
janmonkey_application_id: 2
postgresql:
diff --git a/postgresql/client/pushkin/security_monkey.yml b/postgresql/client/pushkin/security_monkey.yml
index 18154cd..1ebf4f4 100644
--- a/postgresql/client/pushkin/security_monkey.yml
+++ b/postgresql/client/pushkin/security_monkey.yml
@@ -4,7 +4,6 @@
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
- secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
diff --git a/postgresql/client/pushkin/sfdc.yml b/postgresql/client/pushkin/sfdc.yml
index 57af7fe..cfb1236 100644
--- a/postgresql/client/pushkin/sfdc.yml
+++ b/postgresql/client/pushkin/sfdc.yml
@@ -4,7 +4,6 @@
_param:
sfdc_db_host: ${_param:haproxy_postgresql_bind_host}
sfdc_db_user: sfdc
- sfdc_db_user_password: sfdc
sfdc_login_id: 14
sfdc_application_id: 4
postgresql:
diff --git a/postgresql/client/rundeck.yml b/postgresql/client/rundeck.yml
index 0c1102d..d4cd256 100644
--- a/postgresql/client/rundeck.yml
+++ b/postgresql/client/rundeck.yml
@@ -4,7 +4,6 @@
_param:
rundeck_db_host: ${_param:haproxy_postgresql_bind_host}
rundeck_db_user: rundeck
- rundeck_db_user_password: password
postgresql:
client:
server:
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index ab7a4c8..5693d6c 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -4,7 +4,6 @@
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
- secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
diff --git a/rabbitmq/server/vhost/catalog.yml b/rabbitmq/server/vhost/catalog.yml
index 23cb0f2..cd4b0cb 100644
--- a/rabbitmq/server/vhost/catalog.yml
+++ b/rabbitmq/server/vhost/catalog.yml
@@ -12,7 +12,7 @@
definition: '{"ha-mode": "all", "message-ttl": 120000}'
admin:
name: admin
- password: zeQuooQu47eed8esahpie2Lai8En9ohp
+ password: ${_param:rabbitmq_guest_password}
bind:
address: ${_param:single_address}
management:
diff --git a/rabbitmq/server/vhost/opencontrail.yml b/rabbitmq/server/vhost/opencontrail.yml
index 8f88cee..c29f7c8 100644
--- a/rabbitmq/server/vhost/opencontrail.yml
+++ b/rabbitmq/server/vhost/opencontrail.yml
@@ -5,7 +5,7 @@
'/':
enabled: true
user: guest
- password: guest
+ password: ${_param:rabbitmq_guest_password}
policies:
- name: HA
pattern: '^(?!amq\.).*'
diff --git a/rabbitmq/server/vhost/openstack/init.yml b/rabbitmq/server/vhost/openstack/init.yml
index 50b0814..5b440e7 100644
--- a/rabbitmq/server/vhost/openstack/init.yml
+++ b/rabbitmq/server/vhost/openstack/init.yml
@@ -8,7 +8,7 @@
'/':
enabled: true
user: guest
- password: guest
+ password: ${_param:rabbitmq_guest_password}
policies:
- name: HA
pattern: '^(?!amq\.).*'
diff --git a/sensu/server/cluster.yml b/sensu/server/cluster.yml
index 5c8fe85..7f17a2c 100644
--- a/sensu/server/cluster.yml
+++ b/sensu/server/cluster.yml
@@ -6,10 +6,6 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_secret_key: secret
- rabbitmq_admin_password: password
- rabbitmq_cold_password: password
- rabbitmq_monitor_password: password
sensu_message_queue_host: ${_param:cluster_vip_address}
cluster_redis_port: 6379
sensu:
diff --git a/sensu/server/dashboard.yml b/sensu/server/dashboard.yml
index 7cabe2b..98f480f 100644
--- a/sensu/server/dashboard.yml
+++ b/sensu/server/dashboard.yml
@@ -5,7 +5,6 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_monitor_password: password
sensu_message_queue_host: 127.0.0.1
sensu:
dashboard:
diff --git a/sensu/server/single.yml b/sensu/server/single.yml
index 806b9ef..e3c4df9 100644
--- a/sensu/server/single.yml
+++ b/sensu/server/single.yml
@@ -4,5 +4,4 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_monitor_password: password
sensu_message_queue_host: 127.0.0.1