Certificate plugins were removed from barbican during 2024.1 cycle[1]
and we deprecated these parameters during the same cycle[2], so we can
remove these now.
[1] 9833751613c6a552025f50a5dcd280dc6391ec32
[2] d2625af949
Depends-on: https://review.opendev.org/916324
Change-Id: I321b4c2dd70664e5a45c97d1e605283e042f97f9
... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.
Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart only api service when config files like paste.ini, which
are used only be api service is changed.
Change-Id: Iad138f5d2e8c7427e02b889c43c26f00213636f3
The cleanup logic was added before 2023.1 release so we can assume
these options are purged before a deployment is upgraded.
Change-Id: If6949bb89b01104abe09515c6b93f7d7fed709d5
This ensures the parameters used by if-else logic accept only boolean
values because non-boolean can result in unexpected behavior.
Change-Id: I963d73e46f82a780486fa282b424151485e43d1e
These parameters were deprecated during the previous cycle[1] because
these are not actually used by barbican.
[1] 109ea49acb
Change-Id: I6471ed0fe696f2c6455150adc63c9c896037e404
The parameter has had no effect for several cycles and was formally
deprecated during the previous cycle[1].
[1] 6c60f0d67e
Change-Id: Ib94130cf8215e3a832e4d44645ce90a2450627d2
The old wrong value should be fixed when the deployment is updated to
stable/yoga, and the logic is no longer used in stable/zed and later.
Related-Bug: #1946378
Change-Id: I699847c127e5890857446585ededc9d860b0dc78
These parameters are used by oslo.service library but Barbican does not
provide wsgi servce based on the library.
Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
The bind_host parameter and the bind_port parameter are not implemented
in current Barbican. This change removes these ineffective parameters
from barbican.conf.
Change-Id: I7758a6e852795c5410e6dab023ce612f44ee27fd
The current expression is too vague and can match a different parameter
like foobind. This change replaces it by strict one.
Change-Id: Icbe7a96808b8121f26645bb4f67923fe40b2f806
This change adds an independent class for [retry_scheduler] parameters,
because these parameters are used not by the api service but the retry
daemon.
Currently no distro provides a package to install the service so
the new class only set parameters, which is incomplete. This will be
fixed once the packaging issue is resolved.
Change-Id: Ib8b649c2e5ac5fee5e5a3bd52caeb21780fc1f61
Usage of service_name='barbican-api' in RHEL/CentOS was deprecated
during Victoria cycle[1]. This change removes that deprecated usage and
enforces the actual service name which is 'openstack-barbican-api', as
is done in the other modules.
[1] 67e4879c75
Change-Id: I696b3e3b1daa346b6667b288c21b5389d59eeac2
Currently we support usage of distro packages only, and this custom
fact can be simply replaced by the default fact.
Change-Id: Ib8f47ce0bbe34970f9324289210fdb74da6f2098
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.
- The api class doesn't need access to anything defined in
apache::params
- The following classes are included by the openstacklib::wsgi::apache
resource type, and current inclusions are just redundant.
Change-Id: Ib49308e63b18751ac4586f85dbac6d7b2775ca61
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules
Depends-on: https://review.opendev.org/813614
Change-Id: I6d516813cc6aac6012bd598bab73672d7a62c41d
The barbican_api pipeline is not longer used by default and the current
default pipeline, barbican-api, includes the required middleware to
use keystone auth.
This change removes the logic to tweak the barbican_api pipeline when
keystone auth is used.
One remaining knwon issue is that current barbican_api_paste_ini
doesn't support updating the root composite to replace the pipeline
used by the one without keystoneauth.
Currently usage of auth_strategy != 'keystone' just shows warning and
users should manually edit the pipeline.
Closes-Bug: #1946378
Change-Id: I34fecc5265cbc9bc6d5b46b5a96f056b47b64c59
Debian isn't using gunicorn for Barbican, but UWSGI.
Without this patch, this module simply wouldn't work
for Debian.
Change-Id: Iaafc7f4b1499df471a35410228a7ad86938e94cc
Currently the other puppet modules accept actual service name on the
platfomr for api service_name, while puppet-barbican always require
'barbican-api' and doesn't accept 'openstack-barbican-api' even in
Red Hat based OS.
This patch makes sure that we accept actual service name for api
service name, so that the accepted values are consistent among all
puppet modules.
Change-Id: I3ff64113e19a7c784d03afe3cb34865b88f8e39a
oslo.messaging RabbitMQ driver have now a new option that allow user to
run the RabbitMQ heartbeat over a native python thread.
These change allow user to use this new option.
Change-Id: I3debab140115a91f3df7aabf00c87eb1842b293b
Closes-Bug: #1840868
So that we can increase it from the default 114688
Useful in case for example the OS-Federation mapping is too large.
If this limit is breached barbican will return a 413 Entity Too Large
and not log anything to barbican.log.
Change-Id: I2beb72f1ab37130eca340e691ca2dfd15cb5aa61
Closes-Bug: #1835161
Currently, it's not possible to use eventlet in Debian because the test
has been made on $::osfamily == 'Debian' instead of $::os_package_type.
Also, in Debian, the barbican-api service was never stopped before
configuring Apache, therefore, starting Apache just failed.
This patch also adds the $::barbican::params::api_service_name var if
using Debian packages.
Change-Id: Ide559f8fdc58ed3539325acd6696cec23c3de65b
Adds the kombu_failover_strategy option for configuring
oslo.messaging.rabbit. This will determines how the next RabbitMQ node
is chosen in case the one we are currently connected to becomes
unavailable.
Change-Id: I450966c0fc782671c51b8560c162a172f5f315ba
Closes-Bug: #1748353
Oslo.messaging uses the transport_url to represent the rpc and
notification messaging driver to use and its full configuration. The
rpc_backend configuration option is deprecated for removal and
should not gate oslo.messaging driver configuration options.
This patch:
* deprecate rpc_backend
* remove conditional check
* add release note
Change-Id: I00948197fef80ce54a9a382d251b54e39053f7a7
Like we do in other modules, include barbican::policy class in
barbican::api so users can define policies without taking care of the
class.
Change-Id: I5eb4fb17c3ba4a644efdc67ef4b60615c8e6831e
Takashi Kajinami