All of our sensitive parameters are defaulted to easily predictable
values, which is very bad from a security perspective because we don't
force clients to make sane choices thus risk deploying with the
predictable default values. tripleoclient supports generating random
values for all of these, so remove the defaults, for non-tripleoclient
usage we can create a developer-only environment with defaults.
Related-Bug: #
1516027
Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c
Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
# Common parameters (not specific to a role)
AdminPassword:
- default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
description: The ceilometer backend type.
type: string
CeilometerMeteringSecret:
- default: unset
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
- default: unset
description: The password for the ceilometer service account.
type: string
hidden: true
description: The tenant network type for Neutron, either gre or vxlan.
type: string
NeutronPassword:
- default: unset
description: The password for the neutron service account, used by neutron agents.
type: string
hidden: true
description: Whether to configure Neutron Distributed Virtual Routers
type: string
NeutronMetadataProxySharedSecret:
- default: 'unset'
description: Shared secret to prevent spoofing
type: string
hidden: true
default: 1
description: The number of neutron dhcp agents to schedule per network
NovaPassword:
- default: unset
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
- default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
# Controller-specific params
AdminToken:
- default: unset
description: The keystone auth secret.
type: string
hidden: true
CinderEnableNfsBackend is true.
type: comma_delimited_list
CinderPassword:
- default: unset
description: The password for the cinder service account, used by cinder-api.
type: string
hidden: true
type: string
default: noop
GlancePassword:
- default: unset
description: The password for the glance service account, used by the glance services.
type: string
hidden: true
constraints:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
- default: unset
description: The password for the Heat service account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
description: Password for heat_domain_admin user.
type: string
- default: ''
hidden: true
InstanceNameTemplate:
default: 'instance-%08x'
This should be int_public when a VLAN is being used.
type: string
SwiftHashSuffix:
- default: unset
description: A random string to be used as a salt when hashing to determine mappings in the ring.
type: string
hidden: true
SwiftPassword:
- default: unset
description: The password for the swift service account, used by the swift proxy services.
type: string
hidden: true
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderPassword:
- default: unset
description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
- default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
parameters:
AdminPassword:
- default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
constraints:
- allowed_values: ['', Present]
CeilometerMeteringSecret:
- default: unset
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
- default: unset
description: The password for the ceilometer service account.
type: string
hidden: true
VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronPassword:
- default: unset
description: The password for the neutron service account, used by neutron agents.
type: string
hidden: true
default: 'False'
type: string
NeutronMetadataProxySharedSecret:
- default: 'unset'
description: Shared secret to prevent spoofing
type: string
hidden: true
description: Whether to enable or not the Rbd backend for Nova
type: boolean
NovaPassword:
- default: unset
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
- default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
type: string
hidden: true
AdminPassword:
- default: unset
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AdminToken:
- default: unset
description: The keystone auth secret and db password.
type: string
hidden: true
description: The ceilometer backend type.
type: string
CeilometerMeteringSecret:
- default: unset
description: Secret shared by the ceilometer services.
type: string
hidden: true
CeilometerPassword:
- default: unset
description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableNfsBackend is true.
type: comma_delimited_list
CinderPassword:
- default: unset
description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
type: string
default: ''
GlancePassword:
- default: unset
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
description: Syslog address where HAproxy will send its log
type: string
HeatPassword:
- default: unset
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
description: Password for heat_domain_admin user.
type: string
- default: ''
hidden: true
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
description: Whether to configure Neutron Distributed Virtual Routers
type: string
NeutronMetadataProxySharedSecret:
- default: 'unset'
description: Shared secret to prevent spoofing
type: string
hidden: true
VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronPassword:
- default: unset
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
type: string
default: ''
NovaPassword:
- default: unset
description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
- default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
SwiftHashSuffix:
- default: unset
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
description: Partition Power to use when building Swift rings
type: number
SwiftPassword:
- default: unset
description: The password for the swift service account, used by the swift proxy
services.
hidden: true
constraints:
- custom_constraint: nova.flavor
HashSuffix:
- default: unset
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
- default: unset
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
Code Review / apex-tripleo-heat-templates.git / commitdiff