... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.
Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart only api service when config files like paste.ini, which
are used only be api service is changed.
Change-Id: Iad138f5d2e8c7427e02b889c43c26f00213636f3
The new openstackclient tag was added so that we can get all resources
about openstack CLI more easily. This adds this tag to barbicanclient
because the package provides some sub-commands.
Change-Id: I8f1f8b4a6de6ca0d95c2f53a89a1d50a6c82d29e
The cleanup logic was added before 2023.1 release so we can assume
these options are purged before a deployment is upgraded.
Change-Id: If6949bb89b01104abe09515c6b93f7d7fed709d5
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: Ibe9d189f1c12a91a7327f819726695aa52417ac7
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.
Change-Id: I669f1a2ff2462d60afe2fbd0c33e607d20cb14fc
The password parameter is not really optional. This makes it
a required parameter to give more sensible validation error.
Change-Id: I482621899616f6e3dc902900b0933ffa58ca519a
This ensures the parameters used by if-else logic accept only boolean
values because non-boolean can result in unexpected behavior.
Change-Id: I963d73e46f82a780486fa282b424151485e43d1e
RDO now provides the package to launch the barbican-retry service[1].
This change ensures the package and the service are configured by
the corresponding class.
[1] https://review.rdoproject.org/r/c/openstack/barbican-distgit/+/40434
Change-Id: I134feadb75b397bc159a8fe9e3dbc87915339785
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I7eb5ab771da3b6e2c446f4d8e83394a544fd147d
These parameters were deprecated during the previous cycle[1] because
these are not actually used by barbican.
[1] 109ea49acb
Change-Id: I6471ed0fe696f2c6455150adc63c9c896037e404
The parameter has had no effect for several cycles and was formally
deprecated during the previous cycle[1].
[1] 6c60f0d67e
Change-Id: Ib94130cf8215e3a832e4d44645ce90a2450627d2
The barbican::wsgi::apache class names a few parameters and resources
differently from the other modules. To make its interface and
implementation consistent with the other implementations, this renames
these inconsistent names. The old parameter names are kept but will be
removed in a future release.
Change-Id: I49ca51e4ea7a2404dfdbd0c88ce39339750da4f6
Currently parameter description of the <module>::wsgi::apache classes
are formatted differently in individual modules, and this is making
the maintenance effort quite difficult.
This change updates the description format following the srandard one
we are globally using in our modules to reduce undesired differences
between modules.
Change-Id: Ifac421c3a74bf600e8b0e596a8449e5f25cda90b
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I77f1d65b1f6085fdb1205de9654a8d6d2da496f5
The old wrong value should be fixed when the deployment is updated to
stable/yoga, and the logic is no longer used in stable/zed and later.
Related-Bug: #1946378
Change-Id: I699847c127e5890857446585ededc9d860b0dc78
The puppetlabs-apache module is enforcing more strict data type
validation[1].
This change updates the default values to adapt to that change.
[1] f41251e336
Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: I9573f53e24dcf0666e4649189ccd8fcab0dbcc26
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: I0e78f2183ffe14c310ee5c5632c203258c8c85cd
These parameters are used by oslo.service library but Barbican does not
provide wsgi servce based on the library.
Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
The bind_host parameter and the bind_port parameter are not implemented
in current Barbican. This change removes these ineffective parameters
from barbican.conf.
Change-Id: I7758a6e852795c5410e6dab023ce612f44ee27fd
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I72cf30d418b99ba06c4d5738544acb1930d4806f