← Back to branch summary

~openstack-charm-testers/+junk/keystone-ssl

« back to all changes in this revision

Viewing changes to bundles/dev/hardening.yaml

  • Committer: Liam Young
  • Date: 2016-04-01 09:40:45 UTC
  • mfrom: (181.2.21 hardening)
  • Revision ID: liam.young@canonical.com-20160401094045-crwrk4vhaikm02t9
[hopem, r=gnuoy] Add hardening bundle and tools

Show diffs side-by-side

added added

removed removed

Lines of Context:
bundles/dev/hardening.yaml
 
1
# vim: set ts=2 et:
 
2
# deployer bundle for development ('next') charms
 
3
# UOSCI relies on this for OS-on-OS deployment testing
 
4
openstack-services:
 
5
  services:
 
6
    mysql:
 
7
      branch: https://github.com/openstack/charm-percona-cluster
 
8
      constraints: mem=4G
 
9
      options:
 
10
        dataset-size: 50%
 
11
        max-connections: 20000
 
12
        root-password: iloverandompasswordsbutthiswilldo
 
13
        sst-password: iloverandompasswordsbutthiswilldo
 
14
        harden: "os ssh mysql"
 
15
    rabbitmq-server:
 
16
      branch: https://github.com/openstack/charm-rabbitmq-server
 
17
      constraints: mem=1G
 
18
      options:
 
19
        harden: "os ssh"
 
20
    ceph:
 
21
      branch: https://github.com/openstack/charm-ceph
 
22
      num_units: 3
 
23
      constraints: mem=1G
 
24
      options:
 
25
        monitor-count: 3
 
26
        fsid: 6547bd3e-1397-11e2-82e5-53567c8d32dc
 
27
        monitor-secret: AQCXrnZQwI7KGBAAiPofmKEXKxu5bUzoYLVkbQ==
 
28
        osd-devices: /dev/vdb
 
29
        osd-reformat: "yes"
 
30
        ephemeral-unmount: /mnt
 
31
        harden: "os ssh"
 
32
    keystone:
 
33
      branch: https://github.com/openstack/charm-keystone
 
34
      constraints: mem=1G
 
35
      options:
 
36
        admin-password: openstack
 
37
        admin-token: ubuntutesting
 
38
        harden: "os ssh apache"
 
39
    openstack-dashboard:
 
40
      branch: https://github.com/openstack/charm-openstack-dashboard
 
41
      constraints: mem=1G
 
42
      options:
 
43
        harden: "os ssh apache"
 
44
    nova-compute:
 
45
      branch: https://github.com/openstack/charm-nova-compute
 
46
      num_units: 3
 
47
      constraints: mem=4G
 
48
      options:
 
49
        enable-live-migration: True
 
50
        enable-resize: True
 
51
        migration-auth-type: ssh
 
52
        harden: "os ssh apache"
 
53
    nova-cloud-controller:
 
54
      branch: https://github.com/openstack/charm-nova-cloud-controller
 
55
      constraints: mem=1G
 
56
      options:
 
57
        network-manager: Neutron
 
58
        quantum-security-groups: "yes"
 
59
        harden: "os ssh apache"
 
60
    neutron-gateway:
 
61
      branch: https://github.com/openstack/charm-neutron-gateway
 
62
      constraints: mem=1G
 
63
      options:
 
64
        instance-mtu: 1300
 
65
        harden: "os ssh"
 
66
    cinder:
 
67
      branch: https://github.com/openstack/charm-cinder
 
68
      options:
 
69
        block-device: "None"
 
70
        glance-api-version: 2
 
71
        harden: "os ssh apache"
 
72
      constraints: mem=1G
 
73
    cinder-ceph:
 
74
      branch: https://github.com/openstack/charm-cinder-ceph
 
75
    glance:
 
76
      branch: https://github.com/openstack/charm-glance
 
77
      constraints: mem=1G
 
78
      options:
 
79
        harden: "os ssh apache"
 
80
    swift-proxy:
 
81
      branch: https://github.com/openstack/charm-swift-proxy
 
82
      constraints: mem=1G
 
83
      options:
 
84
        zone-assignment: manual
 
85
        replicas: 3
 
86
        swift-hash: fdfef9d4-8b06-11e2-8ac0-531c923c8fae
 
87
        harden: "os ssh apache"
 
88
    swift-storage-z1:
 
89
      branch: https://github.com/openstack/charm-swift-storage
 
90
      constraints: mem=1G
 
91
      options:
 
92
        zone: 1
 
93
        block-device: vdb
 
94
        overwrite: "true"
 
95
        harden: "os ssh"
 
96
    swift-storage-z2:
 
97
      branch: https://github.com/openstack/charm-swift-storage
 
98
      constraints: mem=1G
 
99
      options:
 
100
        zone: 2
 
101
        block-device: vdb
 
102
        overwrite: "true"
 
103
        harden: "os ssh"
 
104
    swift-storage-z3:
 
105
      branch: https://github.com/openstack/charm-swift-storage
 
106
      constraints: mem=1G
 
107
      options:
 
108
        zone: 3
 
109
        block-device: vdb
 
110
        overwrite: "true"
 
111
        harden: "os ssh"
 
112
    ceilometer:
 
113
      branch: https://github.com/openstack/charm-ceilometer
 
114
      constraints: mem=1G
 
115
      options:
 
116
          harden: "os ssh"
 
117
    ceilometer-agent:
 
118
      branch: https://github.com/openstack/charm-ceilometer-agent
 
119
    heat:
 
120
      branch: https://github.com/openstack/charm-heat
 
121
      options:
 
122
          harden: "os ssh"
 
123
    mongodb:
 
124
      branch: lp:charms/trusty/mongodb
 
125
      constraints: mem=1G
 
126
    hardening-os-tests:
 
127
      branch: https://git.launchpad.net/~openstack-charmers/charms/+source/hardening-os-tests-charm
 
128
    hardening-ssh-tests:
 
129
      branch: https://git.launchpad.net/~openstack-charmers/charms/+source/hardening-ssh-tests-charm
 
130
      constraints: mem=1G
 
131
    hardening-apache-tests:
 
132
      branch: https://git.launchpad.net/~openstack-charmers/charms/+source/hardening-apache-tests-charm
 
133
      constraints: mem=1G
 
134
    hardening-mysql-tests:
 
135
      branch: https://git.launchpad.net/~openstack-charmers/charms/+source/hardening-mysql-tests-charm
 
136
      constraints: mem=1G
 
137
  relations:
 
138
    - [ keystone, mysql ]
 
139
    - [ nova-cloud-controller, mysql ]
 
140
    - [ nova-cloud-controller, rabbitmq-server ]
 
141
    - [ nova-cloud-controller, glance ]
 
142
    - [ nova-cloud-controller, keystone ]
 
143
    - [ nova-compute, nova-cloud-controller ]
 
144
    - [ nova-compute, mysql ]
 
145
    - - nova-compute
 
146
      - rabbitmq-server:amqp
 
147
    - [ nova-compute, glance ]
 
148
    - [ nova-compute, ceph ]
 
149
    - [ glance, mysql ]
 
150
    - [ glance, keystone ]
 
151
    - [ glance, ceph ]
 
152
    - [ glance, cinder ]
 
153
    - [ glance, rabbitmq-server ]
 
154
    - [ cinder, mysql ]
 
155
    - [ cinder, rabbitmq-server ]
 
156
    - [ cinder, nova-cloud-controller ]
 
157
    - [ cinder, keystone ]
 
158
    - [ cinder, cinder-ceph ]
 
159
    - [ cinder-ceph, ceph ]
 
160
    - [ neutron-gateway, nova-cloud-controller ]
 
161
    - [ openstack-dashboard, keystone ]
 
162
    - [ swift-proxy, keystone ]
 
163
    - [ swift-proxy, swift-storage-z1 ]
 
164
    - [ swift-proxy, swift-storage-z2 ]
 
165
    - [ swift-proxy, swift-storage-z3 ]
 
166
    - - ceilometer
 
167
      - keystone:identity-service
 
168
    - [ ceilometer, rabbitmq-server ]
 
169
    - [ ceilometer, mongodb ]
 
170
    - [ ceilometer-agent, nova-compute ]
 
171
    - [ ceilometer-agent, ceilometer ]
 
172
    - [ heat, mysql ]
 
173
    - [ heat, keystone ]
 
174
    - [ heat, rabbitmq-server ]
 
175
    - [ hardening-os-tests, mysql ]
 
176
    - [ hardening-os-tests, keystone ]
 
177
    - [ hardening-os-tests, openstack-dashboard ]
 
178
openstack-singlerabbit:
 
179
  inherits: openstack-services
 
180
  relations:
 
181
    - [ "neutron-gateway:amqp", rabbitmq-server ]
 
182
openstack-icehouse:
 
183
  inherits: openstack-singlerabbit
 
184
  services:
 
185
    neutron-api:
 
186
      branch: https://github.com/openstack/charm-neutron-api
 
187
      constraints: mem=1G
 
188
      options:
 
189
        harden: "os ssh apache"
 
190
        neutron-security-groups: True
 
191
    neutron-openvswitch:
 
192
      branch: https://github.com/openstack/charm-neutron-openvswitch
 
193
  relations:
 
194
  - [ neutron-api, mysql ]
 
195
  - [ neutron-api, rabbitmq-server ]
 
196
  - [ neutron-api, nova-cloud-controller ]
 
197
  - [ neutron-api, neutron-openvswitch ]
 
198
  - [ neutron-api, keystone ]
 
199
  - [ neutron-api, neutron-gateway ]
 
200
  - [ neutron-openvswitch, nova-compute ]
 
201
  - [ neutron-openvswitch, rabbitmq-server ]
 
202
openstack-icehouse-msg-split:
 
203
  inherits: openstack-services
 
204
  services:
 
205
    neutron-api:
 
206
      branch: https://github.com/openstack/charm-neutron-api
 
207
      constraints: mem=1G
 
208
      options:
 
209
        harden: "os ssh apache"
 
210
        neutron-security-groups: True
 
211
    neutron-openvswitch:
 
212
      branch: https://github.com/openstack/charm-neutron-openvswitch
 
213
    rabbitmq-server-neutron:
 
214
      branch: https:charms/trusty/rabbitmq-server
 
215
      constraints: mem=1G
 
216
  relations:
 
217
  - [ neutron-api, mysql ]
 
218
  - [ neutron-api, rabbitmq-server-neutron ]
 
219
  - [ neutron-api, nova-cloud-controller ]
 
220
  - [ neutron-api, neutron-openvswitch ]
 
221
  - [ neutron-api, keystone ]
 
222
  - [ neutron-api, neutron-gateway ]
 
223
  - [ neutron-openvswitch, nova-compute ]
 
224
  - [ neutron-openvswitch, rabbitmq-server-neutron ]
 
225
  - [ "neutron-gateway:amqp-nova", rabbitmq-server ]
 
226
  - [ "neutron-gateway:amqp", rabbitmq-server-neutron ]
 
227
# icehouse
 
228
precise-icehouse:
 
229
  inherits: openstack-singlerabbit
 
230
  series: precise
 
231
  services:
 
232
    mysql:
 
233
      branch: https://github.com/openstack/charm-percona-cluster
 
234
      constraints: mem=4G
 
235
      options:
 
236
        dataset-size: 50%
 
237
        max-connections: 20000
 
238
        root-password: iloverandompasswordsbutthiswilldo
 
239
        sst-password: iloverandompasswordsbutthiswilldo
 
240
        harden: "os ssh mysql"
 
241
  overrides:
 
242
    openstack-origin: cloud:precise-icehouse
 
243
    source: cloud:precise-icehouse
 
244
precise-icehouse-proposed:
 
245
  inherits: precise-icehouse
 
246
  overrides:
 
247
    openstack-origin: cloud:precise-icehouse/proposed
 
248
    source: cloud:precise-updates/icehouse
 
249
precise-icehouse-staging:
 
250
  inherits: precise-icehouse
 
251
  overrides:
 
252
    openstack-origin: ppa:ubuntu-cloud-archive/icehouse-staging
 
253
    source: ppa:ubuntu-cloud-archive/icehouse-staging
 
254
precise-icehouse-trunk:
 
255
  inherits: precise-icehouse
 
256
  overrides:
 
257
    openstack-origin: ppa:openstack-ubuntu-testing/icehouse
 
258
    source: ppa:openstack-ubuntu-testing/icehouse
 
259
trusty-icehouse:
 
260
  inherits: openstack-icehouse
 
261
  series: trusty
 
262
trusty-icehouse-msg-split:
 
263
  inherits: openstack-icehouse-msg-split
 
264
  series: trusty
 
265
trusty-icehouse-proposed:
 
266
  inherits: trusty-icehouse
 
267
  overrides:
 
268
    source: proposed
 
269
    openstack-origin: distro-proposed
 
270
trusty-icehouse-trunk:
 
271
  inherits: trusty-icehouse
 
272
  overrides:
 
273
    openstack-origin: ppa:openstack-ubuntu-testing/icehouse
 
274
    source: ppa:openstack-ubuntu-testing/icehouse
 
275
    offline-compression: "no"
 
276
# juno
 
277
trusty-juno:
 
278
  inherits: openstack-icehouse
 
279
  series: trusty
 
280
  overrides:
 
281
    openstack-origin: cloud:trusty-juno
 
282
    source: cloud:trusty-juno
 
283
trusty-juno-proposed:
 
284
  inherits: trusty-juno
 
285
  overrides:
 
286
    openstack-origin: cloud:trusty-juno/proposed
 
287
    source: cloud:trusty-juno/proposed
 
288
trusty-juno-staging:
 
289
  inherits: trusty-juno
 
290
  overrides:
 
291
    openstack-origin: ppa:ubuntu-cloud-archive/juno-staging
 
292
    source: ppa:ubuntu-cloud-archive/juno-staging
 
293
utopic-juno:
 
294
  inherits: openstack-icehouse
 
295
  series: utopic
 
296
utopic-juno-proposed:
 
297
  inherits: utopic-juno
 
298
  overrides:
 
299
    source: proposed
 
300
    openstack-origin: distro-proposed
 
301
# kilo
 
302
trusty-kilo:
 
303
  inherits: openstack-icehouse
 
304
  series: trusty
 
305
  overrides:
 
306
    openstack-origin: cloud:trusty-kilo
 
307
    source: cloud:trusty-kilo
 
308
trusty-kilo-proposed:
 
309
  inherits: trusty-kilo
 
310
  overrides:
 
311
    openstack-origin: cloud:trusty-kilo/proposed
 
312
    source: cloud:trusty-kilo/proposed
 
313
trusty-kilo-staging:
 
314
  inherits: trusty-kilo
 
315
  overrides:
 
316
    openstack-origin: ppa:ubuntu-cloud-archive/kilo-staging
 
317
    source: ppa:ubuntu-cloud-archive/kilo-staging
 
318
vivid-kilo:
 
319
  inherits: openstack-icehouse
 
320
  series: vivid
 
321
  services:
 
322
    mysql:
 
323
      branch: https://github.com/openstack/charm-percona-cluster
 
324
      constraints: mem=4G
 
325
      options:
 
326
        dataset-size: 50%
 
327
        max-connections: 20000
 
328
        root-password: iloverandompasswordsbutthiswilldo
 
329
        sst-password: iloverandompasswordsbutthiswilldo
 
330
        harden: "os ssh mysql"
 
331
vivid-kilo-proposed:
 
332
  inherits: vivid-kilo
 
333
  overrides:
 
334
    source: proposed
 
335
    openstack-origin: distro-proposed
 
336
# liberty
 
337
trusty-liberty:
 
338
  inherits: openstack-icehouse
 
339
  series: trusty
 
340
  overrides:
 
341
    openstack-origin: cloud:trusty-liberty
 
342
    source: cloud:trusty-liberty
 
343
trusty-liberty-proposed:
 
344
  inherits: trusty-liberty
 
345
  overrides:
 
346
    openstack-origin: cloud:trusty-liberty/proposed
 
347
    source: cloud:trusty-liberty/proposed
 
348
trusty-liberty-staging:
 
349
  inherits: trusty-liberty
 
350
  overrides:
 
351
    openstack-origin: ppa:ubuntu-cloud-archive/liberty-staging
 
352
    source: ppa:ubuntu-cloud-archive/liberty-staging
 
353
wily-liberty:
 
354
  inherits: openstack-icehouse
 
355
  series: wily
 
356
  services:
 
357
    mysql:
 
358
      branch: https://github.com/openstack/charm-percona-cluster
 
359
      constraints: mem=4G
 
360
      options:
 
361
        dataset-size: 50%
 
362
        max-connections: 20000
 
363
        root-password: iloverandompasswordsbutthiswilldo
 
364
        sst-password: iloverandompasswordsbutthiswilldo
 
365
        harden: "os ssh mysql"
 
366
wily-liberty-proposed:
 
367
  inherits: wily-liberty
 
368
  overrides:
 
369
    source: proposed
 
370
    openstack-origin: distro-proposed
 
371
# mitaka
 
372
trusty-mitaka:
 
373
  inherits: openstack-icehouse
 
374
  series: trusty
 
375
  overrides:
 
376
    openstack-origin: cloud:trusty-mitaka
 
377
    source: cloud:trusty-mitaka
 
378
trusty-mitaka-proposed:
 
379
  inherits: trusty-mitaka
 
380
  overrides:
 
381
    openstack-origin: cloud:trusty-mitaka/proposed
 
382
    source: cloud:trusty-mitaka/proposed
 
383
trusty-mitaka-staging:
 
384
  inherits: trusty-mitaka
 
385
  overrides:
 
386
    openstack-origin: ppa:ubuntu-cloud-archive/mitaka-staging
 
387
    source: ppa:ubuntu-cloud-archive/mitaka-staging
 
388
xenial-mitaka:
 
389
  inherits: openstack-icehouse
 
390
  series: xenial
 
391
  services:
 
392
    mysql:
 
393
      branch: https://github.com/openstack/charm-percona-cluster
 
394
      constraints: mem=4G
 
395
      options:
 
396
        dataset-size: 50%
 
397
        max-connections: 20000
 
398
        root-password: iloverandompasswordsbutthiswilldo
 
399
        sst-password: iloverandompasswordsbutthiswilldo
 
400
        harden: "os ssh mysql"
 
401
xenial-mitaka-proposed:
 
402
  inherits: xenial-mitaka
 
403
  overrides:
 
404
    source: proposed
 
405
    openstack-origin: distro-proposed