docker/swarm/stack/security_monkey.yml

parameters:
  _param:
    docker_security_monkey_api_replicas: 1
    docker_security_monkey_scheduler_replicas: 1
    secmonkey_login_id: 11
    secmonkey_application_id: 1
    docker_image_security_monkey_api: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-api
    docker_image_security_monkey_scheduler: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-scheduler
    security_monkey_bind_host: security-audit-api
    security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
    security_monkey_ssl:
      enabled: false
    security_monkey_db: secmonkey
    notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
    security_monkey_user: devopsportal@devopsportal.local
#    security_monkey_password: devopsportal
    security_monkey_role: Justify
    security_monkey_fqdn: ${_param:security_monkey_bind_host}
    security_monkey_web_port: ${_param:security_monkey_bind_port}
    security_monkey_api_port: ${_param:security_monkey_bind_port}
    security_monkey_nginx_port: ${_param:security_monkey_bind_port}
    devops_portal_sm_wtf_csrf_enabled: False
    security_monkey_sync_interval: 15
    security_monkey_openstack:
      os_account_id: mcp_cloud
      os_account_name: mcp_cloud
      auth_url: http://yourcloud.com:5000/v3/auth/tokens
      username: admin
#      password: password
      project_domain_name: Default
      project_name: admin
      user_domain_name: Default
      endpoint_type: public
      ssl_verify: False
      source_credentials_dir: /srv/volumes/rundeck/storage
      destination_credentials_dir: /opt/os_creds
      cacert_path: ${_param:security_monkey_openstack:destination_credentials_dir}/content/keys/cis/openstack/cert.pem
  docker:
    client:
      stack:
        security_monkey:
          environment:
            SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
            SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
            SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
            SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
            SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
            WEB_PORT: ${_param:security_monkey_web_port}
            API_PORT: ${_param:security_monkey_api_port}
            NGINX_PORT: ${_param:security_monkey_nginx_port}
            NOTIFICATIONS_APP_ID: ${_param:secmonkey_application_id}
            NOTIFICATIONS_LOGIN_ID: ${_param:secmonkey_login_id}
            NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
            DEFAULT_USER: ${_param:security_monkey_user}
            DEFAULT_PASSWORD: ${_param:security_monkey_password}
            DEFAULT_ROLE: ${_param:security_monkey_role}
            OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
            OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
            OS_USERNAME: ${_param:security_monkey_openstack:username}
            OS_PASSWORD: ${_param:security_monkey_openstack:password}
            OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
            OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
            OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
            OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
            OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
            CACERT_PATH: ${_param:security_monkey_openstack:cacert_path}
            USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
            SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
            SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
            SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
            SQLALCHEMY_POOL_RECYCLE: 25000
          service:
            security-audit-api:
              image: ${_param:docker_image_security_monkey_api}
              deploy:
                replicas: ${_param:docker_security_monkey_api_replicas}
                restart_policy:
                  condition: any
              ports:
                - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
              volumes:
                - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
                - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
            security-audit-scheduler:
              image: ${_param:docker_image_security_monkey_scheduler}
              deploy:
                replicas: ${_param:docker_security_monkey_scheduler_replicas}
                restart_policy:
                  condition: any
              volumes:
                - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
                - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
          network:
            default:
              external:
                name: oss_backend