Commit Graph

161 Commits

Author SHA1 Message Date
Takashi Kajinami 9a728d5a5d Expose rabbit_transient_quorum_queue
Depends-on: https://review.opendev.org/911021
Change-Id: Icdc456fb132d74037dff7ce5c502994103061258
2024-03-13 16:14:10 +09:00
Takashi Kajinami d2625af949 Deprecate parameters for certificate plugins
... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.

Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
2024-03-08 13:41:21 +09:00
Takashi Kajinami 33492bfc70 Support [queue] asynchronous_workers option
... which determines number of processes launched in barbican-worker.

Change-Id: Ia31a7d440ba3102afa7b5972fe893cfb4f1817a1
2024-02-25 16:54:46 +00:00
Takashi Kajinami 276812bec6 healthcheck: Expose ignore_proxied_requests parameter
Depends-on: https://review.opendev.org/909807
Change-Id: Id5c5cb90a50983357d0c8001eedefedb3fd60f4d
2024-02-22 03:04:48 +00:00
OpenStack Release Bot ce4ec934ef reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: I416555000af29749a62695a6ca7bb1d693d77b98
2024-02-21 16:43:04 +00:00
Takashi Kajinami 7c460507f2 healthcheck: Expose allowed_source_ranges
... which was added to puppet-oslo recently.

Depends-on: https://review.opendev.org/905557
Change-Id: I5d81635643b0cb8ceac80702e2d539db73c598e9
2024-01-17 02:39:52 +09:00
OpenStack Release Bot bbf38b6939 Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: I5489002d9978bbf0815ed3fcd3ab591d7efda573
2023-10-16 15:15:02 +00:00
Takashi Kajinami 122686e238 RabbitMQ: Add support for quorum queue options
Depends-on: https://review.opendev.org/894866
Change-Id: I55b5eb5d6139f464f633d5c13827fea91378e3b7
2023-09-14 22:48:48 +09:00
Takashi Kajinami e1f09fece0 Remove support for Puppet 6
... because Puppet 6 reached its EOL in February 2023.

Change-Id: Id9664008696c94cd0029c01792f7af9def87e11d
2023-05-22 03:20:34 +00:00
OpenStack Release Bot 362da39e95 Update master for stable/2023.1
Add file to the reno documentation build to show release notes for
stable/2023.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.

Sem-Ver: feature
Change-Id: Iba74b22fcaec8635bf77bf9bb2ea20c6e3a16341
2023-04-05 15:28:23 +00:00
Takashi Kajinami 626681f04d CentOS: Install barbican-retry service
RDO now provides the package to launch the barbican-retry service[1].
This change ensures the package and the service are configured by
the corresponding class.

[1] https://review.rdoproject.org/r/c/openstack/barbican-distgit/+/40434

Change-Id: I134feadb75b397bc159a8fe9e3dbc87915339785
2023-02-26 15:14:03 +09:00
Zuul 0480d0a292 Merge "apache: Clean up deprecated public_* parameters" 2023-01-24 11:48:47 +00:00
Takashi Kajinami acd9bf3373 Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I7eb5ab771da3b6e2c446f4d8e83394a544fd147d
2023-01-23 14:27:53 +09:00
Takashi Kajinami 5b17af21a7 apache: Clean up deprecated public_* parameters
These were deprecated during the previous cycle so can be removed now.

Change-Id: I4e2e29d98803015b50c0f11678645cd5166e7d3c
2023-01-23 10:16:58 +09:00
Takashi Kajinami fb2bca25fa Switch to Ubuntu Jammy (22.04)
... because Focal no longer supports the recent releases such as Zed.

Change-Id: I4b74a04fc0eccb0065608481d5e0e4f65d01d11c
2023-01-15 22:17:31 +09:00
Takashi Kajinami 9c6f3af402 api: Remove deprecated ssl parameters
These parameters were deprecated during the previous cycle[1] because
these are not actually used by barbican.

[1] 109ea49acb

Change-Id: I6471ed0fe696f2c6455150adc63c9c896037e404
2023-01-06 13:06:17 +09:00
Takashi Kajinami a79ac82ef2 Remove deprecated client_package_ensure
The parameter has had no effect for several cycles and was formally
deprecated during the previous cycle[1].

[1] 6c60f0d67e

Change-Id: Ib94130cf8215e3a832e4d44645ce90a2450627d2
2023-01-06 13:04:51 +09:00
OpenStack Release Bot 30b8c1e1ae Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I31c91decbc3a7c84cc98fcbc6c47542ad2dc3bd9
2022-10-20 11:01:44 +00:00
Takashi Kajinami eb2b84ea8f Fix inconsistent parameter/resource names of wsgi::apache
The barbican::wsgi::apache class names a few parameters and resources
differently from the other modules. To make its interface and
implementation consistent with the other implementations, this renames
these inconsistent names. The old parameter names are kept but will be
removed in a future release.

Change-Id: I49ca51e4ea7a2404dfdbd0c88ce39339750da4f6
2022-08-26 15:46:37 +09:00
Takashi Kajinami 38981908d8 Add Apache WSGI logging parameters for pipe/syslog
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)

Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I77f1d65b1f6085fdb1205de9654a8d6d2da496f5
2022-08-26 15:00:26 +09:00
Zuul 50d44acc7c Merge "Clean up baribcan::api::retry_scheduler_* parameters" 2022-08-01 09:11:37 +00:00
Zuul b50eb0a28a Merge "Remove support for [p11_crypto_plugin] token_label" 2022-08-01 08:46:43 +00:00
Takashi Kajinami 72299ab60d Expose headers option of apache::vhost
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I0e78f2183ffe14c310ee5c5632c203258c8c85cd
2022-06-30 11:11:50 +09:00
Takashi Kajinami f606fd1ca3 Remove support for [p11_crypto_plugin] token_label
... because it was deprecated during Wallaby cycle[1].

[1] 4403fe7247

Change-Id: Ia9b89d92256f51d5a48a19849715335f6856e839
2022-06-23 12:41:44 +09:00
Takashi Kajinami 237c4b2fb0 Clean up baribcan::api::retry_scheduler_* parameters
... because these were deprecated during Yoga cycle[1].

[1] 0d4580b27d

Change-Id: I781d06e3ba9c9b9ab7fd8360095cdb67917f016c
2022-06-23 12:36:32 +09:00
Zuul 3e6ddb70fc Merge "Remove support for CentOS 8 Stream" 2022-06-01 05:01:13 +00:00
Takashi Kajinami fdb4d4a4cc Remove support for CentOS 8 Stream
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.

Depends-on: https://review.opendev.org/843503
Change-Id: I8c5b682b4ab977a2c6ed747229ae553be471481f
2022-05-27 02:20:37 +09:00
Takashi Kajinami 109ea49acb api: Deprecate unused ssl parameters
These parameters are used by oslo.service library but Barbican does not
provide wsgi servce based on the library.

Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
2022-05-19 14:47:45 +09:00
Zuul fdda2d13a4 Merge "apache+mod_wsgi: Disable SSL by default" 2022-05-08 13:38:33 +00:00
Takashi Kajinami 6e8df9739a apache+mod_wsgi: Disable SSL by default
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I72cf30d418b99ba06c4d5738544acb1930d4806f
2022-05-06 20:41:43 +09:00
Zuul 236aa15d7a Merge "Deprecate unused client_package_ensure" 2022-05-06 04:48:27 +00:00
Takashi Kajinami 700b5e4148 Add general basic functionality to the base barbican class
This is the prep work to migrate some common parameters from the api
class to the base class, and implements basic functionality so that
the base class provides consistent functionality in all modules.

Change-Id: I0e20b135e8c29f1d27d39d2940d49ea30a1f512c
2022-04-26 10:06:23 +09:00
Takashi Kajinami 6c60f0d67e Deprecate unused client_package_ensure
This parameter is not actually used by any implementation.

Change-Id: I07bc7892a150f893d466a00cccbad731f728e833
2022-04-26 08:38:55 +09:00
OpenStack Release Bot 7558739921 Update master for stable/yoga
Add file to the reno documentation build to show release notes for
stable/yoga.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.

Sem-Ver: feature
Change-Id: I6aae792b573dbc4f158b7e453f183b83ef4418d3
2022-04-05 09:08:47 +00:00
Takashi Kajinami 0d4580b27d Create a separate class for [retry_scheduler] parameters
This change adds an independent class for [retry_scheduler] parameters,
because these parameters are used not by the api service but the retry
daemon.

Currently no distro provides a package to install the service so
the new class only set parameters, which is incomplete. This will be
fixed once the packaging issue is resolved.

Change-Id: Ib8b649c2e5ac5fee5e5a3bd52caeb21780fc1f61
2022-03-14 09:39:01 +09:00
Takashi Kajinami cafa5e99f2 remove unicode literal from code
All strings are considered as unicode string from Python 3.

This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.

Change-Id: Ide1b433a4251c16fc383b6143b33284392455e30
Co-Authored-By: LiZekun <2954674728@qq.com>
2022-03-08 09:03:29 +09:00
Takashi Kajinami c68695dd7a Add CentOS/RHEL 9 to supported operating systems
... because these operating systems are now verified by unit tests and
integration tests.

Change-Id: I09fb4f7de3a301a7a46a11755f91d8d860d531b8
2022-02-23 01:07:27 +09:00
Takashi Kajinami fe51d18781 Remove deprecated database_min_pool_size
... because it was deprecated during Ussuri cycle.

Change-Id: I8b6ec1d9d4b4302a49c169966ad6c949f4a462f9
2022-02-08 22:31:32 +09:00
Zuul 3927d78089 Merge "Stop converting service name in RHEL/CentOS" 2022-01-10 20:18:54 +00:00
Zuul bdded914ce Merge "Accept system scope credentials for Keystone API request" 2022-01-08 00:11:53 +00:00
Takashi Kajinami d0f34f0d30 Stop converting service name in RHEL/CentOS
Usage of service_name='barbican-api' in RHEL/CentOS was deprecated
during Victoria cycle[1]. This change removes that deprecated usage and
enforces the actual service name which is 'openstack-barbican-api', as
is done in the other modules.

[1] 67e4879c75

Change-Id: I696b3e3b1daa346b6667b288c21b5389d59eeac2
2022-01-08 00:15:30 +09:00
Takashi Kajinami f6c1a66e9d Stop replacing the default apache config file
The apache class by default purge all default vhost config files, and
the other modules expect the default files are purged by that behavior.

This change removes the logic to replace the default vhost config file,
which is implemented only in a few modules, to make implementation
of all modules more consistent.

Change-Id: I0160bd0b7b8d5495031838119d401e44b3ddf7fa
2022-01-05 06:17:03 +00:00
Takashi Kajinami d6bbb2c583 Install and enable keystone-listner
To use the keystone notification feature, we need an independent
keyston-listner service. This change implements the missing capability
to manage the service and its package.

Closes-Bug: #1956397
Change-Id: Iedda0e9fe7b091b510ea9033db86921e4d2b4184
2022-01-05 15:16:19 +09:00
Takashi Kajinami e3a92d7798 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: Ifbdde0718d1b6a6782c4f098fd152c3f636aa2c4
2021-11-25 21:11:50 +09:00
Takashi Kajinami f6ca184ac0 Add support for [DEFAULT] *_limit_paging
Change-Id: Ie8a5a259444b6a816977a4d296a1fe1ec4b181ad
2021-11-11 21:37:33 +09:00
Takashi Kajinami 90694cd674 Prepare to update default of <service>::wsgi::apache::ssl
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.

Based on the following points, false is considered to be the more
reasonable default.
 - Usage of SSL is optional and is not always required
 - There are other methods(like load-balancer) to implement SSL
   termination
 - Enabling SSL doesn't work with the default values currently
   defined, and requires additional parameters like ssl_cert.
 - false is the default value defined in the base implementation in
   puppet-openstacklib.

This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.

Change-Id: I0e802f714405a2dda6ead11be70090a8d754b059
2021-11-03 11:42:17 +09:00
Takashi Kajinami c94b67a6d1 Allow customizing separator for api-paste.ini
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.

[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone

This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules

Depends-on: https://review.opendev.org/813614
Change-Id: I6d516813cc6aac6012bd598bab73672d7a62c41d
2021-10-14 22:28:31 +09:00
OpenStack Release Bot deeac557a9 Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: I1184a7e7e71deddeaf927d12a55f6303902329a1
2021-10-07 08:20:50 +00:00
Zuul 9885d6c067 Merge "Allow purging policy files" 2021-09-20 08:09:37 +00:00
ZhongShengping aa73bc3f02 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I703cd1bccea8e14da5c228de02a341b0f6e9bc46
Closes-Bug: #1943212
2021-09-14 16:02:08 +08:00