Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / e80567f63f16e7f37b238d055ae3201d55c210b8 / . / docker / swarm / stack / security_monkey.yml
blob: 582a2196a0b325c6a09363be311f79a926053639 [file] [log] [blame]
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]1parameters:
2 _param:
3 docker_security_monkey_api_replicas: 1
4 docker_security_monkey_scheduler_replicas: 1
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]5 secmonkey_login_id: 11
6 secmonkey_application_id: 1
azvyagintsev16ca7ce2018-08-21 17:20:33 +0300[diff] [blame]7 docker_image_security_monkey_api: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-api
8 docker_image_security_monkey_scheduler: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-scheduler
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]9 security_monkey_bind_host: security-audit-api
10 security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
11 security_monkey_ssl:
12 enabled: false
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]13 security_monkey_db: secmonkey
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]14 notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]15 security_monkey_user: devopsportal@devopsportal.local
azvyagintsev609d32f2019-01-17 13:47:01 +0200[diff] [blame]16# security_monkey_password: devopsportal
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]17 security_monkey_role: Justify
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]18 security_monkey_fqdn: ${_param:security_monkey_bind_host}
19 security_monkey_web_port: ${_param:security_monkey_bind_port}
20 security_monkey_api_port: ${_param:security_monkey_bind_port}
21 security_monkey_nginx_port: ${_param:security_monkey_bind_port}
Volodymyr Stoikofdefe2f2017-06-06 10:15:47 +0300[diff] [blame]22 devops_portal_sm_wtf_csrf_enabled: False
Vladislav Naumovddb85072017-07-14 11:43:21 +0300[diff] [blame]23 security_monkey_sync_interval: 15
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]24 security_monkey_openstack:
25 os_account_id: mcp_cloud
26 os_account_name: mcp_cloud
Vladislav Naumovd5eeceb2017-09-13 11:07:44 +0300[diff] [blame]27 auth_url: http://yourcloud.com:5000/v3/auth/tokens
28 username: admin
azvyagintsev609d32f2019-01-17 13:47:01 +0200[diff] [blame]29# password: password
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]30 project_domain_name: Default
31 project_name: admin
32 user_domain_name: Default
Vladislav Naumovd5eeceb2017-09-13 11:07:44 +0300[diff] [blame]33 endpoint_type: public
Vladislav Naumov976d9ff2017-09-12 12:56:17 +0300[diff] [blame]34 ssl_verify: False
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]35 source_credentials_dir: /srv/volumes/rundeck/storage
36 destination_credentials_dir: /opt/os_creds
37 cacert_path: ${_param:security_monkey_openstack:destination_credentials_dir}/content/keys/cis/openstack/cert.pem
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]38 docker:
39 client:
40 stack:
41 security_monkey:
42 environment:
43 SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
44 SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
45 SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]46 SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
Volodymyr Stoiko12db8312017-06-30 12:02:14 +0300[diff] [blame]47 SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
48 WEB_PORT: ${_param:security_monkey_web_port}
49 API_PORT: ${_param:security_monkey_api_port}
50 NGINX_PORT: ${_param:security_monkey_nginx_port}
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]51 NOTIFICATIONS_APP_ID: ${_param:secmonkey_application_id}
52 NOTIFICATIONS_LOGIN_ID: ${_param:secmonkey_login_id}
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]53 NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
54 DEFAULT_USER: ${_param:security_monkey_user}
55 DEFAULT_PASSWORD: ${_param:security_monkey_password}
56 DEFAULT_ROLE: ${_param:security_monkey_role}
57 OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
58 OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
59 OS_USERNAME: ${_param:security_monkey_openstack:username}
60 OS_PASSWORD: ${_param:security_monkey_openstack:password}
61 OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
62 OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
63 OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
Vladislav Naumov976d9ff2017-09-12 12:56:17 +0300[diff] [blame]64 OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
65 OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]66 CACERT_PATH: ${_param:security_monkey_openstack:cacert_path}
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]67 USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
Volodymyr Stoikofdefe2f2017-06-06 10:15:47 +0300[diff] [blame]68 SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
Vladislav Naumovddb85072017-07-14 11:43:21 +0300[diff] [blame]69 SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
Volodymyr Stoikoe24d9e22017-07-11 11:29:07 +0300[diff] [blame]70 SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
Vnaumov1aaf3e62017-10-30 12:40:20 +0300[diff] [blame]71 SQLALCHEMY_POOL_RECYCLE: 25000
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]72 service:
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]73 security-audit-api:
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]74 image: ${_param:docker_image_security_monkey_api}
75 deploy:
76 replicas: ${_param:docker_security_monkey_api_replicas}
77 restart_policy:
78 condition: any
79 ports:
80 - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
81 volumes:
Volodymyr Stoiko4320d742017-05-12 16:46:36 +0300[diff] [blame]82 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]83 - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]84 security-audit-scheduler:
Volodymyr Stoiko085cc1e2017-04-23 14:01:26 +0300[diff] [blame]85 image: ${_param:docker_image_security_monkey_scheduler}
86 deploy:
87 replicas: ${_param:docker_security_monkey_scheduler_replicas}
88 restart_policy:
89 condition: any
90 volumes:
Vladislav Naumov0ec79c72017-07-02 16:36:05 +0300[diff] [blame]91 - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
Vnaumov1f1c0302018-01-10 17:05:51 +0400[diff] [blame]92 - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
Volodymyr Stoiko1ae92ce2017-08-11 11:45:12 +0300[diff] [blame]93 network:
94 default:
95 external:
96 name: oss_backend