Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / b68ddc9b4e2f8a55fcc12ee637b95d27058c2172 / . / docker / swarm / stack / security_monkey.yml
blob: 2c46878c88bd4066dae05bd510537554cd4f8e18 [file] [log] [blame]
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]1parameters:
2 _param:
azvyagintsev16ca7ce2018-08-21 17:20:33 +0300[diff] [blame]3 mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]4 docker_security_monkey_api_replicas: 1
5 docker_security_monkey_scheduler_replicas: 1
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]6 secmonkey_login_id: 11
7 secmonkey_application_id: 1
azvyagintsev16ca7ce2018-08-21 17:20:33 +0300[diff] [blame]8 docker_image_security_monkey_api: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-api
9 docker_image_security_monkey_scheduler: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-scheduler
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]10 security_monkey_bind_host: security-audit-api
11 security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
12 security_monkey_ssl:
13 enabled: false
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]14 security_monkey_db: secmonkey
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]15 notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]16 security_monkey_user: devopsportal@devopsportal.local
17 security_monkey_password: devopsportal
18 security_monkey_role: Justify
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]19 security_monkey_fqdn: ${_param:security_monkey_bind_host}
20 security_monkey_web_port: ${_param:security_monkey_bind_port}
21 security_monkey_api_port: ${_param:security_monkey_bind_port}
22 security_monkey_nginx_port: ${_param:security_monkey_bind_port}
Volodymyr Stoikofdefe2f2017-06-06 10:15:47 +0300[diff] [blame]23 devops_portal_sm_wtf_csrf_enabled: False
Vladislav Naumovddb85072017-07-14 11:43:21 +0300[diff] [blame]24 security_monkey_sync_interval: 15
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]25 security_monkey_openstack:
26 os_account_id: mcp_cloud
27 os_account_name: mcp_cloud
Vladislav Naumovd5eeceb2017-09-13 11:07:44 +0300[diff] [blame]28 auth_url: http://yourcloud.com:5000/v3/auth/tokens
29 username: admin
30 password: password
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]31 project_domain_name: Default
32 project_name: admin
33 user_domain_name: Default
Vladislav Naumovd5eeceb2017-09-13 11:07:44 +0300[diff] [blame]34 endpoint_type: public
Vladislav Naumov976d9ff2017-09-12 12:56:17 +0300[diff] [blame]35 ssl_verify: False
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]36 source_credentials_dir: /srv/volumes/rundeck/storage
37 destination_credentials_dir: /opt/os_creds
38 cacert_path: ${_param:security_monkey_openstack:destination_credentials_dir}/content/keys/cis/openstack/cert.pem
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]39 docker:
40 client:
41 stack:
42 security_monkey:
43 environment:
44 SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
45 SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
46 SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]47 SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
Volodymyr Stoiko12db8312017-06-30 12:02:14 +0300[diff] [blame]48 SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
49 WEB_PORT: ${_param:security_monkey_web_port}
50 API_PORT: ${_param:security_monkey_api_port}
51 NGINX_PORT: ${_param:security_monkey_nginx_port}
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]52 NOTIFICATIONS_APP_ID: ${_param:secmonkey_application_id}
53 NOTIFICATIONS_LOGIN_ID: ${_param:secmonkey_login_id}
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]54 NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
55 DEFAULT_USER: ${_param:security_monkey_user}
56 DEFAULT_PASSWORD: ${_param:security_monkey_password}
57 DEFAULT_ROLE: ${_param:security_monkey_role}
58 OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
59 OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
60 OS_USERNAME: ${_param:security_monkey_openstack:username}
61 OS_PASSWORD: ${_param:security_monkey_openstack:password}
62 OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
63 OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
64 OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
Vladislav Naumov976d9ff2017-09-12 12:56:17 +0300[diff] [blame]65 OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
66 OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]67 CACERT_PATH: ${_param:security_monkey_openstack:cacert_path}
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]68 USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
Volodymyr Stoikofdefe2f2017-06-06 10:15:47 +0300[diff] [blame]69 SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
Vladislav Naumovddb85072017-07-14 11:43:21 +0300[diff] [blame]70 SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
Volodymyr Stoikoe24d9e22017-07-11 11:29:07 +0300[diff] [blame]71 SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]72 SQLALCHEMY_POOL_RECYCLE: 25000
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]73 service:
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]74 security-audit-api:
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]75 image: ${_param:docker_image_security_monkey_api}
76 deploy:
77 replicas: ${_param:docker_security_monkey_api_replicas}
78 restart_policy:
79 condition: any
80 ports:
81 - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
82 volumes:
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]83 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]84 - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]85 security-audit-scheduler:
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]86 image: ${_param:docker_image_security_monkey_scheduler}
87 deploy:
88 replicas: ${_param:docker_security_monkey_scheduler_replicas}
89 restart_policy:
90 condition: any
91 volumes:
Vladislav Naumov0ec79c72017-07-02 16:36:05 +0300[diff] [blame]92 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]93 - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]94 network:
95 default:
96 external:
97 name: oss_backend