f2a3c8ed69
Currently 3 sets of credentials are generated for MQ, per service: - rabbitmq_password - oslomsg_rpc_password - oslomsg_notify_password In each service, we should use x_oslomsg_rpc_password and x_oslomsg_notify_password, and not rabbitmq. However there is no wiring as of today. This could lead to a username like nova, on a vhost nova, with 3 different passwords. Only one would work. This patch ensures the wiring is done by default, for all the roles to be able to use x_oslomsg_notify_password and x_oslomsg_rpc_password. This is done by always referencing, in the notify part, the credentials to the rpc part. The RPC part is then a reference to the rabbitmq_password, so it's easy to upgrade from queens to Rocky without changes. If a deployer wants to override the credentials, he can do so by uncommenting the appropriate line in the user_secrets. This would then override the existing group_vars and wire the secrets appropriately. A new user should be used in that case, as written in the comments. Change-Id: I834bdc5a33f6b3c49452a9948c889caa79659f3c
271 lines
7.5 KiB
YAML
271 lines
7.5 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
############################# WARNING ########################################
|
|
# The playbooks do not currently manage changing passwords in an existing
|
|
# environment. Changing passwords and re-running the playbooks will fail
|
|
# and may break your OpenStack environment.
|
|
############################# WARNING ########################################
|
|
|
|
## Rabbitmq Options
|
|
rabbitmq_cookie_token:
|
|
rabbitmq_monitoring_password:
|
|
|
|
## Tokens
|
|
memcached_encryption_key:
|
|
|
|
## Galera Options
|
|
galera_root_password:
|
|
|
|
## Keystone Options
|
|
keystone_container_mysql_password:
|
|
keystone_auth_admin_password:
|
|
keystone_service_password:
|
|
keystone_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#keystone_oslomsg_rpc_password:
|
|
#keystone_oslomsg_notify_password:
|
|
|
|
## Ceilometer Options:
|
|
ceilometer_container_db_password:
|
|
ceilometer_service_password:
|
|
ceilometer_telemetry_secret:
|
|
ceilometer_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#ceilometer_oslomsg_rpc_password:
|
|
#ceilometer_oslomsg_notify_password:
|
|
|
|
## Aodh Options:
|
|
aodh_container_db_password:
|
|
aodh_service_password:
|
|
aodh_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#aodh_oslomsg_rpc_password:
|
|
#aodh_oslomsg_notify_password:
|
|
|
|
## Cinder Options
|
|
cinder_container_mysql_password:
|
|
cinder_service_password:
|
|
cinder_profiler_hmac_key:
|
|
cinder_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#cinder_oslomsg_rpc_password:
|
|
#cinder_oslomsg_notify_password:
|
|
|
|
## Ceph/rbd: a UUID to be used by libvirt to refer to the client.cinder user
|
|
cinder_ceph_client_uuid:
|
|
|
|
## Glance Options
|
|
glance_container_mysql_password:
|
|
glance_service_password:
|
|
glance_profiler_hmac_key:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#glance_oslomsg_rpc_password:
|
|
#glance_oslomsg_notify_password:
|
|
glance_rabbitmq_password:
|
|
|
|
## Gnocchi Options:
|
|
gnocchi_container_mysql_password:
|
|
gnocchi_service_password:
|
|
|
|
## Heat Options
|
|
heat_stack_domain_admin_password:
|
|
heat_container_mysql_password:
|
|
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
|
|
heat_auth_encryption_key:
|
|
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
|
|
heat_service_password:
|
|
heat_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#heat_oslomsg_rpc_password:
|
|
#heat_oslomsg_notify_password:
|
|
|
|
## Ironic options
|
|
ironic_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#ironic_oslomsg_rpc_password:
|
|
ironic_container_mysql_password:
|
|
ironic_service_password:
|
|
ironic_swift_temp_url_secret_key:
|
|
|
|
## Horizon Options
|
|
horizon_container_mysql_password:
|
|
horizon_secret_key:
|
|
|
|
## Neutron Options
|
|
neutron_container_mysql_password:
|
|
neutron_service_password:
|
|
neutron_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#neutron_oslomsg_rpc_password:
|
|
#neutron_oslomsg_notify_password:
|
|
neutron_ha_vrrp_auth_password:
|
|
|
|
## Nova Options
|
|
nova_container_mysql_password:
|
|
nova_api_container_mysql_password:
|
|
nova_metadata_proxy_secret:
|
|
nova_service_password:
|
|
nova_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#nova_oslomsg_rpc_password:
|
|
#nova_oslomsg_notify_password:
|
|
nova_placement_service_password:
|
|
|
|
# LXD Options for nova compute
|
|
lxd_trust_password:
|
|
|
|
## Octavia Options
|
|
octavia_container_mysql_password:
|
|
octavia_service_password:
|
|
octavia_health_hmac_key:
|
|
octavia_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#octavia_oslomsg_rpc_password:
|
|
#octavia_oslomsg_notify_password:
|
|
octavia_cert_client_password:
|
|
|
|
## Sahara Options
|
|
sahara_container_mysql_password:
|
|
sahara_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#sahara_oslomsg_rpc_password:
|
|
#sahara_oslomsg_notify_password:
|
|
sahara_service_password:
|
|
|
|
## Swift Options:
|
|
swift_service_password:
|
|
swift_dispersion_password:
|
|
### Once the swift cluster has been setup DO NOT change these hash values!
|
|
swift_hash_path_suffix:
|
|
swift_hash_path_prefix:
|
|
# Swift needs a telemetry password when using ceilometer
|
|
swift_rabbitmq_telemetry_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#swift_oslomsg_rpc_password:
|
|
#swift_oslomsg_notify_password:
|
|
|
|
## haproxy stats password
|
|
haproxy_stats_password:
|
|
haproxy_keepalived_authentication_password:
|
|
|
|
## Magnum Options
|
|
magnum_service_password:
|
|
magnum_galera_password:
|
|
magnum_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#magnum_oslomsg_rpc_password:
|
|
#magnum_oslomsg_notify_password:
|
|
magnum_trustee_password:
|
|
|
|
## Rally Options:
|
|
rally_galera_password:
|
|
|
|
## Trove Options
|
|
trove_galera_password:
|
|
trove_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#trove_oslomsg_rpc_password:
|
|
#trove_oslomsg_notify_password:
|
|
trove_service_password:
|
|
trove_admin_user_password:
|
|
trove_taskmanager_rpc_encr_key:
|
|
trove_inst_rpc_key_encr_key:
|
|
|
|
## Barbican Options
|
|
barbican_galera_password:
|
|
barbican_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#barbican_oslomsg_rpc_password:
|
|
#barbican_oslomsg_notify_password:
|
|
barbican_service_password:
|
|
|
|
## Designate Options
|
|
designate_galera_password:
|
|
designate_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#designate_oslomsg_rpc_password:
|
|
#designate_oslomsg_notify_password:
|
|
designate_service_password:
|
|
|
|
## Molteniron Options:
|
|
molteniron_container_mysql_password:
|
|
|
|
## Tacker options
|
|
tacker_rabbitmq_password:
|
|
#NOTE: Please uncomment those
|
|
# if you want to split rpc and notify users
|
|
# Please also wire the appropriate userid in
|
|
# your user variables.
|
|
#tacker_oslomsg_rpc_password:
|
|
#tacker_oslomsg_notify_password:
|
|
tacker_service_password:
|
|
tacker_container_mysql_password:
|
|
|
|
## Ceph RadosGW Keystone password
|
|
radosgw_admin_password:
|
|
|
|
## Congress options
|
|
congress_container_mysql_password:
|
|
congress_service_password:
|