Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 609d32f399d05bab29a1ca0607cd28490f3d1ea1^! / . / docker
commit609d32f399d05bab29a1ca0607cd28490f3d1ea1[log] [tgz]
authorazvyagintsev <azvyagintsev@mirantis.com>Thu Jan 17 13:47:01 2019 +0200
committerIvan Berezovskiy <iberezovskiy@mirantis.com>Tue Mar 12 11:48:14 2019 +0000
tree283f56b1f95e9d09c39ed07a799033c58135fd1f
parentaed376eb31a763588717b7754a06f54879ae5dff [diff]
Drop static passwords

For security reasons, all passwords must be generated. That's why
all password related parameters has been moved to defaults but
commented out, so they will be required and one have to set needed
parameters if any of them used but missing, and also to have a reference.

Exclusions:
- `opencontrail_message_queue_password` must be defined due of
  limitations in OpenContrail over OpenStack
- `rabbitmq_guest_password` for backward compatibility
- `keepalived_openstack_telemetry_vip_password` for backward
  compatibility
- `gerrit_ldap_bind_password` for backward compatibility
- `opencontrail_identity_password` for backward compatibility
- `kubernetes_openstack_provider_cloud_password` for backward
  compatibility

Depends-on: https://gerrit.mcp.mirantis.com/#/c/34073/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36474/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36650/
Depends-on: https://gerrit.mcp.mirantis.com/#/c/36656/
Prod-related: PROD-26560 (PROD:26560)

Change-Id: Ia2203cf59349850ecd55c89208285e65b65899cd

diff --git a/docker/client/compose/service/gerrit.yml b/docker/client/compose/service/gerrit.yml
index 69b2a2c..67af5eb 100644
--- a/docker/client/compose/service/gerrit.yml
+++ b/docker/client/compose/service/gerrit.yml

@@ -4,7 +4,6 @@
   _param:
     gerrit_ldap_server: ""
     gerrit_ldap_bind_user: ""
-    gerrit_ldap_bind_password: ""
     gerrit_ldap_account_base: ""
     gerrit_ldap_group_base: ""
     gerrit_http_listen_url: http://*:8080/

diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 62a3e14..7b0eac5 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml

@@ -6,7 +6,6 @@
     grafana_database_type: sqlite3
     grafana_database_host: localhost
     grafana_database_port: 3306
-    grafana_database_password: password
   docker:
     client:
       stack:

diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 964899d..42af606 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml

@@ -4,7 +4,6 @@
   _param:
     gerrit_ldap_server: ""
     gerrit_ldap_bind_user: ""
-    gerrit_ldap_bind_password: ""
     gerrit_ldap_account_base: ""
     gerrit_ldap_group_base: ""
     gerrit_http_listen_url: http://*:8080/

diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 0cb8c43..b711e45 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml

@@ -2,7 +2,7 @@
   _param:
     docker_janitor_monkey_replicas: 1
     docker_mongodb_admin_username: admin
-    docker_mongodb_admin_password: password
+#    docker_mongodb_admin_password: password
     docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
     janitor_monkey_bind_host: cleanup-service-api
     janitor_monkey_bind_port: 8080
@@ -17,7 +17,7 @@
     janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
     janitor_monkey_mongodb_db: mcp_cloud
     janitor_monkey_mongodb_username: janitor
-    janitor_monkey_mongodb_password: password
+#    janitor_monkey_mongodb_password: password
     janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
     janitor_monkey_cloudfire_region: RegionOne
     janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
@@ -30,7 +30,7 @@
       project_name: admin
       auth_url: http://yourcloud.com:5000/v3/auth/tokens
       username: admin
-      password: password
+#      password: password
       endpoint_type: public
       ssl_verify: False
       source_credentials_dir: /srv/volumes/rundeck/storage

diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index 7dcb88a..3598282 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml

@@ -6,7 +6,6 @@
     keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
     # Initial admin support
     keycloak_admin_username: admin
-    keycloak_admin_password: password
   docker:
     client:
       stack:

diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
index 0c61ed9..24166ed 100644
--- a/docker/swarm/stack/kqueen.yml
+++ b/docker/swarm/stack/kqueen.yml

@@ -10,7 +10,6 @@
     kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
     kqueen_api_ldap_uri: 'ldap://ldap'
     kqueen_api_ldap_dn: 'cn=admin,dc=example,dc=org'
-    kqueen_api_ldap_password: 'password'
     kqueen_api_auth_modules: 'local'
     docker_kqueen_ui_replicas: 1
     kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
@@ -26,7 +25,6 @@
       kqueen_ui_secret_key: 'pasteyoursecret'
       kqueen_api_bootstrap_admin: True
       kqueen_api_admin_username: admin
-      kqueen_api_admin_password: default
       kqueen_api_admin_organization: MirantisCloudPlatform
       kqueen_api_admin_namespace: mcp
   docker:

diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index b3936c6..619e0c2 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml

@@ -7,7 +7,6 @@
     postgresql_ssl:
       enabled: false
     postgresql_admin_user: postgres
-    postgresql_admin_user_password: postgrespassword
   docker:
     client:
       stack:

diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 2ee26e4..3bb1e17 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml

@@ -13,13 +13,11 @@
     pushkin_smtp_port: 587
     pushkin_smtp_use_tls: true
     webhook_from: your_sender@mail.com
-    pushkin_email_sender_password: your_sender_password
     webhook_recipients: "recepient1@mail.com,recepient2@mail.com"
     webhook_login_id: 13
     webhook_application_id: 24
     sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
     sfdc_username: user@example.net
-    sfdc_password: secret
     sfdc_consumer_key: example_consumer_key
     sfdc_consumer_secret: example_consumer_secret
     sfdc_organization_id: example_organization_id

diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 5db205e..582a219 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml

@@ -13,7 +13,7 @@
     security_monkey_db: secmonkey
     notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
     security_monkey_user: devopsportal@devopsportal.local
-    security_monkey_password: devopsportal
+#    security_monkey_password: devopsportal
     security_monkey_role: Justify
     security_monkey_fqdn: ${_param:security_monkey_bind_host}
     security_monkey_web_port: ${_param:security_monkey_bind_port}
@@ -26,7 +26,7 @@
       os_account_name: mcp_cloud
       auth_url: http://yourcloud.com:5000/v3/auth/tokens
       username: admin
-      password: password
+#      password: password
       project_domain_name: Default
       project_name: admin
       user_domain_name: Default