This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Remove unused references to log_debug in wsgi template
- Add missing WSGISocketPrefix to wsgi template
- Additional tests for keystone.conf and identity.conf
- Remove unused ldap section tests as we no longer have attributes for it
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Change-Id: I717247217523e89251e4c0bead0c1a0d114ade2a
- Replace git.openstack.org with opendev.org
- Update some documentation
- Move README.md to README.rst for better rendering
- Drop obsolete bootstrap.sh script
- Drop obsolete default recipe
Change-Id: I7894951c9ac0bbd00007da5face15e9418880bc4
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Also update Berksfile to allow dependency testing and require chef >= 14 now.
Change-Id: Id4c06c8fc136ae3cde97e751373049db989de21e
- Keystone config updates for Ocata
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
Change-Id: Ie1d5f27a9cf8803044568a31e4dae7654b02c9a1
- corrects SELinux enablement for Keystone, as RHEL comes with SELinux
enabled by default.
- removes executable bit from metadata.rb
Change-Id: I97e73bcc0d4721283067e41b988bccb1ddf6c031
- Removed v2 support
- Workover Endpoint creation
Identity Endpoints now will be bootstrapped
- Removed bootstrap_token
- Added domain_creation
- Edited openrc to work with itendity_v3
- changed "tenant"-naming to project
- Removed unused files and functions
providers/register.rb
spec/register_spec.rb
resources/register.rb
libraries/machters.rb
- rewrote specs
- updated readme
- added apache_site disable keystone since
ubuntu auto-enables it
- bumbed ubuntu version to 16.04
Change-Id: I0f8955f05de9b33711c54b9a198f45018cceb8e1
* added a lot of inline comments for attributes, recipes and provider
* updated README to the current state of the cookbook
Change-Id: Ic7b7ae6d26ce56e2237fe3215aff9ab447946b48
Version 3.2.0 of the apache2 cookbook was released, update our
dependency so that we are compatible with the other openstack
cookbooks and berkshelf resolution can succeed. Drop the reference to
the github version.
Change-Id: I55110726ee846f579849ea039a759ef1a0ad9bff
* added new logic into templates/default/keystone.conf.erb
* refactored attributes throughout all recipes that were connected to
the attributes used for the keystone.conf.erb template to adapt the new
template attribute syntax
* moved all attributes from attributes/default.rb that were used in
keystone_conf.erb to attributes/keystone_conf.rb
* removed all attributes from default.rb and keystone.conf.erb which are set
as default in attributes, openstack doc and used to render the template
* finished split between public, internal and admin endpoints
* refactored endpoint and bind_service logic to fit the new common cookbook
* adapted specs
* added endpoint and bind_service attributes (moved from common)
* removed keystone eventlet configuration (removed in mitaka)
* moved templated service catalog to its own section
* removed deprecated recipe for keystone server deployment without apache (also
removed corresponding specs)
* moved recipe openrc (and template + specs) from common here, to remove inverse dependency in common
cookbook
* adapted the specs (unit tests) to work again
* removed qpid as a messaging option (can be included in a wrapper)
* deleted default attributes from keystone.conf.rb originated in
openstack-common
* removed suse as supported platform
* included current master of apache2 cookbook to utilize new listen logic
* removed rubocop exceptions in recipes and libraries and regenerated the
.rubocop_todo.yaml conaining all remaining exceptions
Change-Id: I3262b2e6f792f37c32a446e6567790b82bdd4613
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Keystone is recommended to run under apache and the service side
is already deprecated and will be removed in the M release.
This patch adds a new recipe, server-apache, to allow keystone
under apache.
I intentionally just copied the existing server recipe and spec to
create the new ones and I figure those will just be removed in
the M release anyway, no need for "common" type code here.
The majority of the recipe code is exactly the same, just the
last lines, "Start of Apache..." have been added.
This should also work with the existing dashboard cookbook with the
one exception that the apache 3.1 cookbook is needed. There's already
a patch out for that.
I don't plan on changing the default kilo role to use this, that will
be done once we branch for liberty.
Change-Id: I1641e1e5c6bf56d0765ef6e54ae32848431f6d6e
Implements: blueprint keystone-apache
Oslo.message using rabbit_max_retries and rabbit_retry_interval to
define reconnect rabbitmq server times and interval when can not
connect to rabbitmq server.
Change-Id: I54236d1d0243e73eb27dd8984cfb86f8bbf7a271
Closes-bug: #1439968
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: Ica189a00fc25b39d125467b99a1630860625cf87
* Consistent email across cookbooks
* Add Contributor.md to help out new folks
* Fix broken link in Testing.md
Change-Id: Ide156275d985f2a2104d62d6836df3764029e1a4
Partial-Bug: #1342735
Change server recipe and template to allow the admin_bind_host
to be set to the identity_admin endpoint defined in Common.
Change-Id: I1043d8e9137ea2a6c8f84ee3a2da4f98e3c82521
Closes-Bug: #1368282
To avoid other users to access scecret in keystone.conf, set the
file permission to 640 instead of 644
Fix bug 1369446
Change-Id: I26af2ae803de9ba909d3356c27a33563fba68af3
* This change allows further flexibility with
handling keystone-paste.ini
* We now support pulling from a local file
(redhat use case), pulling from a remote file,
and finally template functionality (default)
* We support a misc_paste chef attribute to add
custom lines to the keystone-paste.ini when using
the templated version
Change-Id: I9a9adf3fd63df7a36deea274aac51ecd08335bfa
*_python_packages attributes are being moved to -common in order to
remove the duplication from all the cookbooks which are using them
Implements: blueprint move-python-db-client-attrs-to-common
Change-Id: Ifb77c999854d6d6648dd39443409f2ae2593033f
In order for package updates to occur, package resources need to use
the upgrade action.
Change-Id: I39469096c6965731befa443c56968820ec97dc20
Implements: blueprint allow-package-updates
When the keystone tokens backend is SQL, the tokens table grows
unboundedly as new tokens are issued and not disposed of after
expiration.
Keystone provides a tool to delete the tokens, and this patch puts it in
a cronjob in order to avoid growing the tokens database forever.
Change-Id: I3e4831619efec273ac5aa378fff4b14ad877f326
Implements: blueprint token-flush
There is an LWRP in db2 cookbook to install ODBC driver,
so need to move this driver installation to db2 cookbook.
Change-Id: I3fe126b95eb7ba9fae4becc126f52a94728e6c58
Closes-bug: 1294376
Add an explicit recipe for installing client
only packages.
Tests are also included.
Bumped minor version for this new feature.
Change-Id: Ib6ffb3e4f27d60c82feb81386427edeaf0336866
Addresses: blueprint add-client-recipes