From 38d8f5f82c952db34e139488dd7619f620ecc742 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Mon, 22 Feb 2021 11:20:18 -0500 Subject: Remove embedded passwords Updated properties files to use env variables instead of embedded default passwords. Change-Id: I7b5a796bbb5d386dda8cba47cbb977ec47838a11 Issue-ID: SDNC-1482 Signed-off-by: Dan Timoney Former-commit-id: d0a86a8593f3832f11198e91c2343db6fad5a1a9 --- installation/src/main/yaml/docker-compose.yml | 61 ++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 10 deletions(-) (limited to 'installation/src/main/yaml') diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml index 7adc6202..01c972c4 100644 --- a/installation/src/main/yaml/docker-compose.yml +++ b/installation/src/main/yaml/docker-compose.yml @@ -8,17 +8,21 @@ networks: services: + db: - image: mysql/mysql-server:5.6 + image: mariadb:10.5 container_name: sdnc_db_container ports: - - "3306" + - "23306:3306" environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_ROOT_HOST=% - logging: + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + logging: driver: "json-file" - options: + options: max-size: "30m" max-file: "5" @@ -35,7 +39,11 @@ services: - db:sdnctldb01 - db:sdnctldb02 environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - ANSIBLE_TRUSTSTORE_PASSWORD=${ANSIBLE_TRUSTSTORE_PASSWORD} logging: driver: "json-file" options: @@ -57,13 +65,28 @@ services: - db:sdnctldb02 - ansible:ansiblehost environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties - SDNC_BIN=/opt/onap/sdnc/bin - ODL_CERT_DIR=/tmp - - ODL_ADMIN_USERNAME=admin - - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + - ODL_ADMIN_USERNAME=${ODL_USER} + - ODL_ADMIN_PASSWORD=${ODL_PASSWORD} + - ODL_USER=${ODL_USER} + - ODL_PASSWORD=${ODL_PASSWORD} - SDNC_DB_INIT=true + - HONEYCOMB_USER=${HONEYCOMB_USER} + - HONEYCOMB_PASSWORD=${HONEYCOMB_PASSWORD} + - TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD} + - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD} + - SO_USER=${SO_USER} + - SO_PASSWORD=${SO_PASSWORD} + - NENG_USER=${NENG_USER} + - NENG_PASSWORD=${NENG_PASSWORD} + - CDS_USER=${CDS_USER} + - CDS_PASSWORD=${CDS_PASSWORD} + - ANSIBLE_USER=${ANSIBLE_USER} + - ANSIBLE_PASSWORD=${ANSIBLE_PASSWORD} + - SQL_CRYPTKEY=${SQL_CRYPTKEY} - A1_TRUSTSTORE_PASSWORD=a1adapter # The default truststore for A1 adapter can be overridden by mounting a new # truststore (uncomment the lines below), whereas the corresponding password @@ -97,7 +120,10 @@ services: - db:sdnctldb02 - sdnc:sdnhost environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} - SDNC_CONFIG_DIR=/opt/onap/ccsdk/data/properties logging: driver: "json-file" @@ -119,6 +145,13 @@ services: environment: - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties - PROPERTY_DIR=/opt/onap/sdnc/data/properties + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - ODL_USER=${ODL_USER} + - ODL_PASSWORD=${ODL_PASSWORD} + - ASDC_USER=${ASDC_USER} + - ASDC_PASSWORD=${ASDC_PASSWORD} logging: driver: "json-file" options: @@ -139,6 +172,14 @@ services: environment: - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties - PROPERTY_DIR=/opt/onap/sdnc/data/properties + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - ODL_USER=${ODL_USER} + - ODL_PASSWORD=${ODL_PASSWORD} + - DMAAP_USER=${DMAAP_USER} + - DMAAP_PASSWORD=${DMAAP_PASSWORD} + - DMAAP_AUTHKEY=${DMAAP_AUTHKEY} logging: driver: "json-file" options: -- cgit 1.2.3-korg