refactor os-cacert defining for services
to avoid rundeck-formula failures, increase visibility and get mapping of all-os-creds
related bug: https://mirantis.jira.com/browse/PROD-14870
Change-Id: Ief92ea7131692593a71e3ef58afa406f01409876
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index ffea607..2e5698a 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -33,8 +33,8 @@
username: admin
password: password
ssl_verify: False
- cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
- cafile: /opt/certs/cert.pem
+ source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
+ service_credentials: /opt/os_creds
docker:
client:
stack:
@@ -61,7 +61,7 @@
simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
- simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
+ simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:service_credentials}/cert.pem
simianarmy.janitor.rule.stoppedInstanceRule.instanceAgeThreshold: ${_param:janitor_monkey_instance_age_threshold}
simianarmy.janitor.notification.oss.url: ${_param:janitor_monkey_notification_oss_url}
simianarmy.janitor.notification.oss.login_id: ${_param:janitor_monkey_notification_oss_login_id}
@@ -86,7 +86,7 @@
ports:
- ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
volumes:
- - ${_param:janitor_monkey_openstack:cacert_path}:${_param:janitor_monkey_openstack:cafile}:ro
+ - ${_param:janitor_monkey_openstack:source_credentials}:${_param:janitor_monkey_openstack:service_credentials}:ro
network:
default:
external:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 67233c2..b5a1100 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -28,8 +28,8 @@
project_domain_name: Default
project_name: admin
user_domain_name: Default
- cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
- cafile: /opt/certs/cert.pem
+ source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
+ service_credentials: /opt/os_creds
endpoint_type: public
ssl_verify: False
docker:
@@ -58,7 +58,7 @@
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
- CACERT_PATH: ${_param:security_monkey_openstack:cafile}
+ CACERT_PATH: ${_param:security_monkey_openstack:service_credentials}/cert.pem
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
@@ -75,7 +75,7 @@
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+ - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
@@ -84,7 +84,7 @@
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+ - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
network:
default:
external: