parameters: | |
_param: | |
docker_security_monkey_api_replicas: 1 | |
docker_security_monkey_scheduler_replicas: 1 | |
docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api | |
docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler | |
security_monkey_bind_host: security-audit-api | |
security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port} | |
security_monkey_ssl: | |
enabled: false | |
security_monkey_db: secmonkey | |
notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json | |
security_monkey_user: devopsportal@devopsportal.local | |
security_monkey_password: devopsportal | |
security_monkey_role: Justify | |
security_monkey_fqdn: ${_param:security_monkey_bind_host} | |
security_monkey_web_port: ${_param:security_monkey_bind_port} | |
security_monkey_api_port: ${_param:security_monkey_bind_port} | |
security_monkey_nginx_port: ${_param:security_monkey_bind_port} | |
devops_portal_sm_wtf_csrf_enabled: False | |
security_monkey_sync_interval: 15 | |
security_monkey_os_ssl_verify: False | |
security_monkey_os_endpoint_type: "public" | |
security_monkey_openstack: | |
os_account_id: mcp_cloud | |
os_account_name: mcp_cloud | |
username: "" | |
password: "" | |
auth_url: "" | |
project_domain_name: Default | |
project_name: admin | |
user_domain_name: Default | |
cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem | |
cafile: /opt/certs/cert.pem | |
docker: | |
client: | |
stack: | |
security_monkey: | |
environment: | |
SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user} | |
SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password} | |
SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host} | |
SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port} | |
SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn} | |
WEB_PORT: ${_param:security_monkey_web_port} | |
API_PORT: ${_param:security_monkey_api_port} | |
NGINX_PORT: ${_param:security_monkey_nginx_port} | |
NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url} | |
DEFAULT_USER: ${_param:security_monkey_user} | |
DEFAULT_PASSWORD: ${_param:security_monkey_password} | |
DEFAULT_ROLE: ${_param:security_monkey_role} | |
OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id} | |
OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name} | |
OS_USERNAME: ${_param:security_monkey_openstack:username} | |
OS_PASSWORD: ${_param:security_monkey_openstack:password} | |
OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url} | |
OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name} | |
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name} | |
OS_SSL_VERIFY: ${_param:security_monkey_os_ssl_verify} | |
OS_ENDPOINT_TYPE: ${_param:security_monkey_os_endpoint_type} | |
CACERT_PATH: ${_param:security_monkey_openstack:cafile} | |
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name} | |
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled} | |
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval} | |
SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db} | |
SQLALCHEMY_POOL_RECYCLE: 14400 | |
service: | |
security-audit-api: | |
image: ${_param:docker_image_security_monkey_api} | |
deploy: | |
replicas: ${_param:docker_security_monkey_api_replicas} | |
restart_policy: | |
condition: any | |
ports: | |
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port} | |
volumes: | |
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs | |
- ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro | |
security-audit-scheduler: | |
image: ${_param:docker_image_security_monkey_scheduler} | |
deploy: | |
replicas: ${_param:docker_security_monkey_scheduler_replicas} | |
restart_policy: | |
condition: any | |
volumes: | |
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs | |
- ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro | |
network: | |
default: | |
external: | |
name: oss_backend |