The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: I0f91c24b97703cc0388e2aa89511b329928aff84
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.
Change-Id: Iba76019586c96cdbc1330ecec7852a7d51c6df13
The cleanup resources were added before 2023.1 release[1] so these
configurations should be removed when a deployment is upgraded to
2023.1.
[1] d5ffaf4cec
Change-Id: I7e2f08fc30cebf7f326ef3d5a3955956b79f11f3
This reverts commit e3f44b4ef5.
Reason for revert:
The original change was wrong because ec2api uses own ssl options
instead of ones imported by oslo.service.
Conflicts:
manifests/api.pp
Closes-Bug: #2011569
Change-Id: I592fc1da6b364f017a7892a30ff42a61d86f4d9f
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I2382514189617edb9454c3d9e8b5f15de9c96237
This parameter was deprecated during the previous cycle by [1] because
the actual parameter no longer exists.
[1] a72e6fe949
Change-Id: Ieb53368b269f3323f54a0d14caf00dcf9b136831
The ssl_* parameters in the [DEFAULT] sections were deprecated and
the [ssl] parameters should be used instead[1].
[1] 2e2940d1e17706b9d6367ff1783bde9d41891bfa
Change-Id: If5ee27626b778bda4d8cb47162691f3cced35955
... because the parameter was already removed[1].
The ssl_ca_file parameter is left because it is still used by
the oslo_service library.
[1] 5fc752ca6fd1588cc04f3073d1c300d985581041
Change-Id: Ia1035589c68790239c6619f4f3f9b33d7b5ae66a
The [DEFAULT] use_tpool parameter has been deprecated in favor of
the new [database] use_tpool parameter. Also, even the new parameter
has been deprecated by during Xena release[2].
[2] 74c6bf266e0b86ceb4726cad9268f134d423bae8
Change-Id: I93fabb8d131e51c18f4a5220f2f0f47ad318bb58
This patch specifies a set of options required to setup the retrying
wrapper feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803747
Co-Authored-By: Hervé Beraud <hberaud@redhat.com>
Depends-On: https://review.opendev.org/826869
Change-Id: I9a7a3ae77d2445cec5470e8bfc9b9b651d37f783
Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.
Change-Id: Ib493021ea91d6dd131d4e506735eb611444f5fef
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Depends-On: https://review.opendev.org/807851
Change-Id: I6156abd69160113113d8e239f7204ba9274a1ee7
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I3858399136f886841c14c2880918cb8e6ee86756
... because now the validations are implemented in puppet-keystone.
Depends-on: https://review.opendev.org/825991
Change-Id: Ida81b3d75601aac35491cdc20df0a281f742ded6
Ec2Api supports caching metadata using the olso.cache library[1]. This
change introduces the new parameter/class to configure that usage.
[1] 7939ce17e4e39cb7b0cd1a36d6626258f06dcc70
Change-Id: Idf122ad2744acdd020de3cedbd0fe099d5997c4a
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.
[1] 89124fb85d
Change-Id: I004fe4cba95f70409e30b82a86b74ba9b5b62f48
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ia4e3b30c1ad7b9aaae2bd9377a539c77899c4f47
This change fixes the following lint errors discovered since we removed
pin of lint packages.
manifests/api.pp:281:WARNING: class included by absolute name
(::$class)
manifests/init.pp:33:WARNING: class included by absolute name
(::$class)
manifests/keystone/auth.pp:79:WARNING: class included by absolute name
(::$class)
manifests/metadata.pp:93:WARNING: class included by absolute name
(::$class)
Change-Id: I5bb85e2e17bcbf4761e9ab765706e3ce070c675e
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: Ia353f278db9426d29617d6c274fef0c8b71c53e1
Closes-Bug: #1904962