blob: 33938b247508b6891955e78c7060255dcb0c6322 [file] [log] [blame]
parameters:
_param:
docker_security_monkey_api_replicas: 1
docker_security_monkey_scheduler_replicas: 1
docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
security_monkey_bind_host: security-audit-api
security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
security_monkey_ssl:
enabled: false
security_monkey_db: secmonkey
notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
security_monkey_password: devopsportal
security_monkey_role: Justify
security_monkey_fqdn: ${_param:security_monkey_bind_host}
security_monkey_web_port: ${_param:security_monkey_bind_port}
security_monkey_api_port: ${_param:security_monkey_bind_port}
security_monkey_nginx_port: ${_param:security_monkey_bind_port}
devops_portal_sm_wtf_csrf_enabled: False
security_monkey_sync_interval: 15
security_monkey_os_ssl_verify: False
security_monkey_os_endpoint_type: "public"
security_monkey_openstack:
os_account_id: mcp_cloud
os_account_name: mcp_cloud
username: ""
password: ""
auth_url: ""
project_domain_name: Default
project_name: admin
user_domain_name: Default
cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
cafile: /opt/certs/cert.pem
docker:
client:
stack:
security_monkey:
environment:
SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
WEB_PORT: ${_param:security_monkey_web_port}
API_PORT: ${_param:security_monkey_api_port}
NGINX_PORT: ${_param:security_monkey_nginx_port}
NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
DEFAULT_USER: ${_param:security_monkey_user}
DEFAULT_PASSWORD: ${_param:security_monkey_password}
DEFAULT_ROLE: ${_param:security_monkey_role}
OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
OS_USERNAME: ${_param:security_monkey_openstack:username}
OS_PASSWORD: ${_param:security_monkey_openstack:password}
OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
OS_SSL_VERIFY: ${_param:security_monkey_os_ssl_verify}
OS_ENDPOINT_TYPE: ${_param:security_monkey_os_endpoint_type}
CACERT_PATH: ${_param:security_monkey_openstack:cafile}
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
SQLALCHEMY_POOL_RECYCLE: 14400
service:
security-audit-api:
image: ${_param:docker_image_security_monkey_api}
deploy:
replicas: ${_param:docker_security_monkey_api_replicas}
restart_policy:
condition: any
ports:
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
replicas: ${_param:docker_security_monkey_scheduler_replicas}
restart_policy:
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
network:
default:
external:
name: oss_backend