Data bags

The following example data bags are provided in support of the IBM Cloud Manager with OpenStack topologies.

These data bags contain passwords and secrets for your cloud operating environments running IBM Cloud Manager with OpenStack. By default, all data bags are encrypted using the example secret key that is provided with your IBM Cloud Manager with OpenStack installation (/opt/ibm/cmwo/chef-repo/data_bags/example_data_bag_secret).
  • db_passwords
  • secrets
  • service_passwords
  • user_passwords
db_passwords
Contains IBM Cloud Manager with OpenStack database passwords for your deployment. By default, all passwords match the data bag item name.
Note: For a HA controller +n compute topology, do not change these passwords post deployment.
  • ceilometer: Database password for the telemetry component.
  • cinder: Database password for the block-storage component.
  • dragon: Database password for the disaster recovery component.
  • glance: Database password for the image component.
  • heat: Database password for the orchestration component.
  • horizon: Database password for the dashboard component.
  • Ironic : Database password for the bare-metal component.
  • keystone: Database password for the identity component.
  • neutron: Database password for the network component.
  • nova: Database password for the compute component.
  • powervc: Database password for the PowerVC driver component.
  • sspuser: Database password for the IBM Cloud Manager - Self Service user.
  • swift: Database password for the object storage component.
secrets
Contains IBM Cloud Manager with OpenStack secrets. By default, all secrets match the data bag item name except, openstack_simple_token.
  • corosync_secret: Secret for the cluster engine. For a HA controller +n compute topology, do not change this password post deployment.
  • neutron_metadata_secret: Metadata secret for the network component.
  • openstack_identity_bootstrap_token: Bootstrap token for the identity component. For a HA controller +n compute topology, do not change this password post deployment.
  • openstack_metering_secret: Metering secret for the telemetry component.
  • openstack_simple_token: Simple token for the IBM Cloud Manager with OpenStack identity component. The secret must be a base64 encoded value. To generate a secret, run the following command: 
    dd if=/dev/urandom bs=16 count=1 2>/dev/null | base64
  • openstack_vmware_secret_name: Secret for the VMware driver.
  • orchestration_auth_encryption_key: Key used to encrypt authentication information in the database for Heat. The length of this key must be 16, 24, or 32 characters. This secret is available with IBM Cloud Manager with OpenStack version 4.3, FP2 and later.
service_passwords
Contains IBM Cloud Manager with OpenStack service user passwords. By default, all passwords match the data bag item name.
  • openstack-bare-metal: Ironic service user password for the bare-metal component.
  • openstack-block-storage: Cinder service user password for the block-storage component.
  • openstack-ceilometer: Ceilometer service user password for the telemetry component.
  • openstack-compute: Nova service user password for the compute component.
  • openstack-image: Glance service user password for the image component.
  • openstack-network: Neutron service user password for the network component.
  • openstack-orchestration: Heat service user password for the orchestration component.
  • openstack-powervc-driver: PowerVC driver service user password for the PowerVC driver component.
  • rabbit_cookie: RabbitMQ cluster password used for the RabbitMQ messaging component. For a HA controller +n compute topology, do not change this password post deployment.
user_passwords
Contains IBM Cloud Manager with OpenStack user passwords. This includes passwords for the IBM Cloud Manager with OpenStack administrator along with the Qpid, RabbitMQ, DB2®, MariaDB, and MySQL users. By default, all passwords are openstack1.
  • admin: Password for the OpenStack admin user and the IBM Cloud Manager - Self Service admin user.
  • db2sslkdb: Password for DB2 certificate key database user.
  • hacluster: Password for the HA cluster hacluster user. For a HA controller +n compute topology, do not change this password post deployment.
  • heat_stack_admin: Keystone password for stack_domain_admin user.
  • mysqlroot: Password for MariaDB or MySQL root user.
  • qpidadmin: Password for the Qpid qpidadmin user.
  • qpidclient: Password for the Qpid qpidclient user.
  • qpidssl: Password for the Qpid qpidssl certificate user.
  • rabbitclient: Password for the RabbitMQ rabbitclient user.
  • pvcadmin: Password for the PowerVC admin user.
  • pvcqpid: Password for the PowerVC Qpid powervc_qpid user.
  • pvcrabbit: Password for the PowerVC RabbitMQ powervcdriver_mq user.
  • sceagent: Password for the IBM Cloud Manager - Self Service sceagent user.
  • xcat: Password for the z/VM® xcat admin user.
  • xcatmnadmin: Password for the z/VM xcat mnadmin user.
  • zlinuxroot: Password for the instances that are created by z/VM root user.