Changed
- Update release to train
- Migrated to using multi-store feature which has been deemed stable
Fixed
- Cookstyle
Removed:
- Unused rubocop rules
Change-Id: I19c1ff463a70a81e4d08bacb86e480e0a3951789
Depends-On: https://review.opendev.org/731859
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Enable sensitive resources for the execute resources in
openstack_image_image and template[/etc/glance/glance-api.conf] to
improve security.
- Update delivery configuration to exclude integration cookbooks
- Set glance_store/stores, and update auth_type to password as described
in the upstream documentation [1]
- Fix ChefSpec output
[1] https://docs.openstack.org/glance/stein/install/install-rdo.html#install-and-configure-components
Depends-On: https://review.opendev.org/706151
Change-Id: I695b576267bc220b0b70011ab035520fc18ff955
The glance registry has been deprecated upstream [1] and needs to be removed.
This removes all references to the registry service and moves the db migration
to the api recipe.
[1] https://blueprints.launchpad.net/glance/+spec/deprecate-registry
Depends-On: https://review.opendev.org/690410
Change-Id: I356aa65e63032e7866470ad507e5c9bce793a52b
Signed-off-by: Lance Albertson <lance@osuosl.org>
This is needed due to the registry being deprecated upstream and will be
removed.
Change-Id: I5a291c11816e1b6a7d0d62855785c7e2408c5f87
Signed-off-by: Lance Albertson <lance@osuosl.org>
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that. In addition, comment out endpoint type until this PR [1] gets
merged and released.
[1] https://github.com/fog/fog-openstack/pull/494
Depends-On: https://review.opendev.org/666176
Change-Id: Ic80d08b6ed0180ca9513e4b4e230e787b2f5c52e
Signed-off-by: Lance Albertson <lance@osuosl.org>
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).
We add the domain_name attribute that creates the glance user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the glance user is to be
created in the Default domain).
Change-Id: I07086d9ab65581cdcd77d402fe0d513b03a0af69
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).
Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.
Change-Id: I6d98e0603cc4d8fa2dd21cd402adbbe888fbe4f3
- Removed ancient Gemfile
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
Change-Id: Ie61ae3ca685738fe1de98fc9223d3e39535ce000
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- updated readme
- added domain to image-upload
edited resource / provider
Change-Id: If7b4d6e563081a0be9957353d73ef61a9688df56
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Since glance could be used to upload images,
make sure it's restarted immediately within the recipe.
Change-Id: Ie4a742a2a8aaeeec2886fcc0513e654d0237997c
I think it's more correct to use a normal user, admin,
to upload images, instead of using the service accounts.
Change-Id: Ifb1411a4392d04cd9a5e867ffc95327adf4ea4ea
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
for default binding to just one service
* use bind_address method from common
Change-Id: I4f97b659361dabd7fac216305d2aad2f1bb98f51
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
* removed rubocop exceptions in recipes and regenerated the
.rubocop_todo.yaml containing all remaining exceptions
* removed fedora, suse as supported platform
* adapted optimized endpoint logic
* moved endpoints from openstack-common to default attr
* bumbed openstack-common and identity to higher version
due to refactoring
* moved version up to 13.0.0
* adapt the specs (unit tests) to work again
* added new logic into templates/default/glance-*.conf.erb
* refactored attributes throughout all recipes that were connected to
the attributes used for the glance-*.conf.erb template to adapt the new
template attribute syntax
* moved all attibutes/default.rb that were used in glance-*.conf.erb to
attributes/glance_*_conf.rb
* removed all attributes from default.rb and glance-*.conf.erb which are set
as default in attributes, openstack doc and used to render the template
* seperated filestore config and deployment from default api recipe and made it
optional (e.g. swift_store)
* removed service config templates in favor of openstack-service.conf.erb from
common cookbook
* removed default support for most filestore backends in favor of an easily
wrappable cookbook structure which allow the configuration of filestore
backends in wrappers
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Implements: blueprint cookbook-refactoring
Change-Id: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4
* current logic with 'directory ::File.dirname node.attr' will create resources
with the same name 'directory '/var/cache/glance', but different parameters
(so only the first one will be executed) (recipes/api and /registry)
* fixed logic and specs to actually use the full node attributes and create the
two caching directories
Change-Id: I6289bf7a8b7b1a998ad4cefef04021ec02fe4172
After this path has been merged : https://review.openstack.org/#/c/190265/
The compute service has the ability to copy the image data from the mountpoint
directly which can save image download time.
This patch make the metadata file can be generated automatically if user
specify the id and mountpoint.
Change-Id: Ibd4cc2d15a97f8018fc7f0aa19e4f2c9d1da285c
The ['openstack']['image']['ssl']['enabled'] was being used for
both the API/Regsitry services AND the APIs internal connection
to the registry.
Need to allow for separate control for enabling SSL for API and Registry.
Added attributes to cover this.
And the APIs internal connection to the registry needs to be
configured correctly based upon the Registry's internal endpoint scheme
(http or https).
Change-Id: Ieed28ad891192d81356c0d40ba48d70517087950
Closes-Bug: #1462388
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I6097cd1032a5b2305d9a6ca8cb2e2b19f6a57a1e
With change to use the correct "service" role for service users,
they can no longer create public images.
For this recipe, need to use admin for public images.
Added a public flag to the lwrp such that other non-admin
accounts can create images. Made a note in the client cookbook
patch that this support needs to be merged in there.
Change-Id: I99e2febfdbf6f4bab260d897216f4ae768cf3315
Related-Bug: #1436050
Closes-Bug: #1441292
Remove deprecated keys and use identity_uri via the new transform
helper method.
Also, cleanup specs for endpoint testing to make sure Common is
fully tested.
Change-Id: I979593906733e2c56b0114de298aa84d19227e59
Implements: blueprint identity-uri
Since we have no attribute overrides for api-paste.ini, no
need to have a template resource for it. Until we need to
have some attribute, removing this will take away burden of
keeping in sync with base openstack code.
Change-Id: I8ebf93a04916789afc8125303e372ed285b0d799
Related-Bug: #1433152
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are (nearly) working, these are the
changes to use them in the openstack-image recipes.
Partial-Bug: 1412919
Change-Id: If81fc2a56f540a460325de879555e95d108aac77
Create the cache dir or update the owner/group for cache dir,
in order to ensure that the image cache dir has the right
permission, avoid breaking the glance cache feature.
Change-Id: If7ba126af284c7fd53adbdb8270a7cf20a941ace
Related-Bug: 1416245
The upstream ceph cookbook already hooks into chef for environment information.
This patch utilizes the client LWRP to create or add ceph keys for RBD support.
This patch also changes some default attribute names for more sane organization
Partial-Bug: #1409943
Change-Id: If37159524c237eec6ca1561e2979cd44e6dfac92
The other cookbooks already have this same support, but it was missing
from the image cookbook.
Change-Id: I228e84917fc538c3883d27725a5bc9cbbf98a967
Closes-Bug: #1385400
Glance cookbook does not have some configurable attributes for
cinder storage backend, so add them to avoid issues when using
'glance.store.cinder.Store'.
Change-Id: Ieaff14c5c24c4cbd194c70d46d376dc7d170d946
Closes-Bug: #1384044
Image upload provider already has a image type, but was not
used to handle the other common image types that have a simple
bare container format. Expanded the list of types and allowed
the existing upload_image recipe to also take advantage of this
new provider disk type support in an optional way. Backward
compatible.
Change-Id: I1f5983150aa648837c9bcd256f0ceb4bf73d4b52
Closes-Bug: #1383079
glance switch to use oslo.messaging and some of the attributes have
changed or been replaced.
Change-Id: I7f3d56eb03942ad4c87c43f47bbacc838a2b41f9
Closes-Bug: #1382110
Glance registry is started using the glance userid.
The owner/group of the glance registry conf and paste ini
should be glance user attribute, not hardcoded to root.
Change-Id: I7472e44c61e3d338a2d0bd5fca10511302d4ca43
Closes-Bug: #1375963
Some of glance configuration files contain secrete information like
qpid_password,db connection. To avoid unauthorized users to access it,
change those file permission to 640.
Closes-Bug:#1372330
Change-Id: Id0dfc250ca98759c5c134f5d163d862889f35259
*_python_packages attributes are being moved to -common in order to
remove the duplication from all the cookbooks which are using them
Change-Id: Ie26ceb713ad07f28d70a6711198a229cd45f777a
Implements: blueprint move-python-db-client-attrs-to-common
Before this change, a non-vmware user would (without developer mode)
have to create a data bag item for this pass even when not using it,
because otherwise the get_secret's call would fail.
Now the lookup happens when the vmware_server_host is set, which seams
quite reasonable (I couldn't make out a "real" config driver switch to
put there instead.)
Also did some refactoring of the vmware specs into a parameterised
shared_examples block, with some additions.
Implements: blueprint vmware-password-databag
Change-Id: I8b34ef11eb01a668eddc41894d10c7c240f56e21
Data Bag items must have an id matching /^[\.\-[:alnum:]_]+$/
But in recipes/api.rb file, it is "service:glance".
Change-Id: I0aef71c10cc6d7ca30d58c168044c4dbbcfafad1
Closes-bug: 1319286