This fixes the regex to validate the properties property so that value
strings shorter than 3 characters are accepted.
This also removes the heading spaces because these are not stripped but
added to the keys, which likely results in an unexpected result.
Change-Id: I8d703a48060abb61834ecec9c72bb6295eff2b81
Using credentials in keystone_authtoken options for cinder_* resources
was deprecated some cycles ago[1].
[1] 596a77483b
Change-Id: I21fc46f49a143ae1282cad91732925195eda6541
... so that we users can use '<SERVICE DEFAULT>' similarly to
the resource types to manage the <service>.conf files.
Closes-Bug: #1981118
Change-Id: Ie967ffa9e2545d9089aaa4b255b13f479d296ff7
When SRBAC is completely implemented according to the current spec,
each service user no longer has full admin privilege but has access
limited to the actual requirement. This means that we are no longer
able to use service users to create resources.
This change is a prep-work to get rid of usage of the service user,
currently loaded from authtoken parameters in the .conf file. Now
each providers loads clouds.yaml file placed in /etc/openstack/puppet.
Depends-on: https://review.opendev.org/806474
Depends-on: https://review.opendev.org/828025
Change-Id: I80ea9fc1da31696cafa77ff12febfd4054f435bc
The auth_endpoint variable is loaded from cinder.conf, thus it should
be cleared when configurations loaded by cinder.conf is cleared.
Change-Id: Id651d5c5c7cb9794ab159bf2e129422af0a33bfa
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default contents.
Depends-on: https://review.opendev.org/813614
Change-Id: Id764feed8efb5aac08030b1147ce39c112cddc31
There's no validation going on (yet) in cinder as to which characters
are allowed in properties. So this change alters the regex to cast a
wide net catching '-' and other possible valid variations.
Also update unit-test to cover this scenario.
Closes-Bug: #1932272
Change-Id: I564528663a3d2f83136b98ed46e09e373a9ad6de
This replaces the provider implementation of cinder_config type so that
MultiStrOpt, which is used by several options like
- oslo_messaging_notifications/driver
- oslo_policy/policy_dirs
is handled correctly.
Change-Id: If052cde4da84970df4af657136060532ccb422f7
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Cinder API. Therefore, this patch adds a new
cinder_api_uwsgi_config provider as well as a new
cinder::wsgi::uwsgi class.
Change-Id: I6f4c6a51f8e33616069411a926a63ba2b388e25d
This changes the regex for properties managed with
the cinder_type resource so that it supports the
format Cinder needs for multiattach and similar.
multiattach=<is> True
This patch is needed so that cinder_type resources
can set the above.
See regex testing here [1]. Needs to be backported
to older versions so that cinder_type can be
properly used there as well.
[1] https://regexr.com/5imqk
Change-Id: If08fce9443281e65636aaaa99e3139732435f6f7
... because api/os_region_name is not set since [1].
This patch also fixes incorrect lookup about domain parameters.
This patch also removes useless and incorrect handling about keystone
version, so that domain parameters are correctly set.
[1] c2d618cae7
Change-Id: Idaa1c767e8cab645567b920dc9d377abf509ec54
Openstackclient 4.0.0 changed the way some properties are displayed
on screen.
Old:
...,"Properties"
...,"volume_backend_name='BACKEND_1'"
New:
...,"Properties"
...,"{u'volume_backend_name': u'BACKEND_1'}"
or
...,"{'volume_backend_name': 'BACKEND_1'}"
This is breaking idempotency on the cinder_type provider, since it
does not detect them correctly. This patch aims at fixing this, by
trying to detect the new format, and using JSON parsing in that case.
Change-Id: I6a68505d15473b140c85a199a09d2fee45864800
output of culmn name change making failed cinder-qos provider
column name 'Specs' changed to 'Properties'
Change-Id: I9470ed3f60971394740b19a2f42e4b55b5d046ea
Closes-bug: 1806705
Added parameters is_public
- allow create public or private cinder type
boolean: Default to true
Added propertie access_project_ids
- Specify list of project ids which have
access to private cinder type
Change-Id: I7f6aac76b441cb4ac4901901c6d894a1c920d399
When reading credentials from the configuration's keystone_authtoken
section www_authenticate_uri was used as URL for Keystone.
As www_authenticate_uri is a public endpoint that is not necessarily
reachable for the Puppet agent, this change uses the more appropriate
auth_url as Keystone URL.
Change-Id: I16145064b8867c64abddf4a12f460464ee2d9c04
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I7072db60688fdafe122c1a9fd2b06f21f0a695e5
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
If the properties parameter isn't specified, then it defaults to nil.
However, when the provider iterates over the properties, it assumes
properties will be an array, and fails when it's nil.
Change-Id: Ie5342b0dde70394a32639e378aee9c7e6aa64a87
This code moves all deps to an external class so that Cinder can be
installed with mechanisms besides packages (like venv or docker). This
also cleans-up the dependency tree by removing false or confusing
dependencies.
Co-Author: Craig Delatte <craig.delatte@twcable.com>
Change-Id: I55a62f6173fe463fb8fb65df6729c9f509a0fb04
In cinder::api, use keystone::resource::authtoken to configure
keystone_authtoken section in cinder.conf, with all parameters required
to configure keystonemiddleware.
This patch will allow to deploy Cinder to use Keystone v3
authentification.
Some deprecations:
cinder::api::auth_type is deprecated, use cinder::keystone::authtoken::auth_type instead.
cinder::api::identity_uri is deprecated, use cinder::keystone::authtoken::auth_url instead.
cinder::api::auth_uri is deprecated, use cinder::keystone::authtoken::auth_uri instead.
cinder::api::keystone_tenant is deprecated, use cinder::keystone::authtoken::project_name instead.
cinder::api::keystone_user is deprecated, use cinder::keystone::authtoken::username instead.
cinder::api::keystone_password is deprecated, use cinder::keystone::authtoken::password instead.
cinder::api::memcached_servers is deprecated, use cinder::keystone::authtoken::memcached_servers instead.
Closes-Bug: #1604463
Change-Id: I64736457bd8527198a8a81ea784d3bf74284063b
Previously, the cinder_type provider used Credentialsv2_0 when
creating a new type, so it did not support Keystone v3 environments.
Switching th Credentialsv3 to support both Keystone v3.
Change-Id: Iff8e21c922c2d90108053f70cbc053436e3461de
Cinder_type provider was causing an autoload error with puppet.
This change fixes the require line.
Change-Id: I81b9915d1f6493fc996edc7177f54815018bc3a1
Closes-Bug: 1581829
We have define classes, which allow to manage Cinder types and their
properties. This patch switches using of define classes to puppet
providers, based on openstack auth from openstacklib.
related blueprint use-openstackclient-in-module-resources
Change-Id: I4f7e8137fa3e1ad3e141c58eaba110b12101d22c
This change switches the cinder module to use the os_service_default
fact for configuration options that default to '<SERVICE DEFAULT>'.
Change-Id: I8c28f02794fdc7034a85eab80a66a98f664380ea
Depends-On: Ieeb92b4e7fbb556a8d32682fb24284091227c991
With the creation of the new openstack_config provider, some processing
that was done in cinder_config has been centralized in
openstack_config.
Impacted methods are :
* section
* setting
* separator
Also, this commit adds the fact that, when passing a specific string
(ensure_absent_val) the provider will behave as if ensure => absent was
specified. '<SERVICE DEFAULT>' is the default value for
ensure_absent_val.
The use case is the following :
cinder_config { 'DEFAULT/foo' : value => 'bar' } # will work as usual
cinder_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>' } # will mean absent
That means that all the current :
if $myvar {
cinder_config { 'DEFAULT/foo' : value => $myvar }
} else {
cinder_config { 'DEFAULT/foo' : ensure => absent }
}
can be removed in favor of :
cinder_config { 'DEFAULT/foo' : value => $myvar }
If for any reason '<SERVICE DEFAULT>' turns out to be a valid value for
a specific parameter. One could by pass that doing the following :
cinder_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>',
ensure_absent_val => 'foo' }
Change-Id: I10931ea201b567ff6576fd3f87d05f2fd0816166
Depends-On: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
Currently we specify the ordering of config resources wherever it is
necessary based on the presence of the file it will write to, or the
presence of the package in charge of providing the file it will write
to.
Those kind of ordering can be specified directly at the resource level
using the autorequire mechanism. With this patch, any config resource
will make sure the package in charge of providing the file will be
installed first.
Change-Id: I42bc4700302b4c3141345fe442168771c079f712
Hide configuration value from Puppet logs if the secret parameter
is set to true.
Fixes: bug #1173322
Change-Id: I380a86b834c2f6cb6f347cade6137ee2e757f091
This patch allows the usage of Puppet boolean values and still
configure values with OpenStack boolean style: True/False.
Change-Id: I972ac41757f253500f43dc285784f5f8af6ce2ab