Drop static passwords
For security reasons, all passwords must be generated. That's why
all password related parameters has been moved to defaults but
commented out, so they will be required and one have to set needed
parameters if any of them used but missing, and also to have a reference.
Exclusions:
- `opencontrail_message_queue_password` must be defined due of
limitations in OpenContrail over OpenStack
- `rabbitmq_guest_password` for backward compatibility
- `keepalived_openstack_telemetry_vip_password` for backward
compatibility
- `gerrit_ldap_bind_password` for backward compatibility
- `opencontrail_identity_password` for backward compatibility
- `kubernetes_openstack_provider_cloud_password` for backward
compatibility
Depends-on: https://gerrit.mcp.mirantis.com/#/c/34073/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36474/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36650/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36656/
Prod-related: PROD-26560 (PROD:26560)
Change-Id: Ia2203cf59349850ecd55c89208285e65b65899cd
diff --git a/docker/client/compose/service/gerrit.yml b/docker/client/compose/service/gerrit.yml
index 69b2a2c..67af5eb 100644
--- a/docker/client/compose/service/gerrit.yml
+++ b/docker/client/compose/service/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 62a3e14..7b0eac5 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -6,7 +6,6 @@
grafana_database_type: sqlite3
grafana_database_host: localhost
grafana_database_port: 3306
- grafana_database_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 964899d..42af606 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 0cb8c43..b711e45 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -2,7 +2,7 @@
_param:
docker_janitor_monkey_replicas: 1
docker_mongodb_admin_username: admin
- docker_mongodb_admin_password: password
+# docker_mongodb_admin_password: password
docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
janitor_monkey_bind_host: cleanup-service-api
janitor_monkey_bind_port: 8080
@@ -17,7 +17,7 @@
janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
janitor_monkey_mongodb_db: mcp_cloud
janitor_monkey_mongodb_username: janitor
- janitor_monkey_mongodb_password: password
+# janitor_monkey_mongodb_password: password
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
@@ -30,7 +30,7 @@
project_name: admin
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
+# password: password
endpoint_type: public
ssl_verify: False
source_credentials_dir: /srv/volumes/rundeck/storage
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index 7dcb88a..3598282 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml
@@ -6,7 +6,6 @@
keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
# Initial admin support
keycloak_admin_username: admin
- keycloak_admin_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
index 0c61ed9..24166ed 100644
--- a/docker/swarm/stack/kqueen.yml
+++ b/docker/swarm/stack/kqueen.yml
@@ -10,7 +10,6 @@
kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
kqueen_api_ldap_uri: 'ldap://ldap'
kqueen_api_ldap_dn: 'cn=admin,dc=example,dc=org'
- kqueen_api_ldap_password: 'password'
kqueen_api_auth_modules: 'local'
docker_kqueen_ui_replicas: 1
kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
@@ -26,7 +25,6 @@
kqueen_ui_secret_key: 'pasteyoursecret'
kqueen_api_bootstrap_admin: True
kqueen_api_admin_username: admin
- kqueen_api_admin_password: default
kqueen_api_admin_organization: MirantisCloudPlatform
kqueen_api_admin_namespace: mcp
docker:
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index b3936c6..619e0c2 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -7,7 +7,6 @@
postgresql_ssl:
enabled: false
postgresql_admin_user: postgres
- postgresql_admin_user_password: postgrespassword
docker:
client:
stack:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 2ee26e4..3bb1e17 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -13,13 +13,11 @@
pushkin_smtp_port: 587
pushkin_smtp_use_tls: true
webhook_from: your_sender@mail.com
- pushkin_email_sender_password: your_sender_password
webhook_recipients: "recepient1@mail.com,recepient2@mail.com"
webhook_login_id: 13
webhook_application_id: 24
sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
sfdc_username: user@example.net
- sfdc_password: secret
sfdc_consumer_key: example_consumer_key
sfdc_consumer_secret: example_consumer_secret
sfdc_organization_id: example_organization_id
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 5db205e..582a219 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -13,7 +13,7 @@
security_monkey_db: secmonkey
notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
- security_monkey_password: devopsportal
+# security_monkey_password: devopsportal
security_monkey_role: Justify
security_monkey_fqdn: ${_param:security_monkey_bind_host}
security_monkey_web_port: ${_param:security_monkey_bind_port}
@@ -26,7 +26,7 @@
os_account_name: mcp_cloud
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
+# password: password
project_domain_name: Default
project_name: admin
user_domain_name: Default