This refactors resource dependencies to improve the following points.
- Avoid unnecessary dependencies across services. For example aodh
service does not require cinder db.
- Restart only api service when config files like paste.ini, which
are used only be api service is changed.
Change-Id: I6a4c65e81b97235d0ce8a142245927c92ab6e48d
The password parameter is not really optional. This makes it
a required parameter to give more sensible validation error.
Change-Id: I4fc9a34db162b6c85a5f4bcf50c3fb77b1b6640d
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following three items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
- credential parameters for oslo.limit library
Note that the credential parameters for authtoken middleware are
used in some providers, and these providers still require a project
scope credential. This will be fixed by the subsequent change.
Depends-on: https://review.opendev.org/804325
Depends-on: https://review.opendev.org/823629
Change-Id: Ic7682993b341a7d45b0957f102f5c3dbd52f9043
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: Ic4f451cfbd0145466ae65330729e980f5567795e
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I380868884abe92b35e93c3bf22d877838d0eac55
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: Ib692f55fa267e9fbe17d94c5116f244be02b2107
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: I49828052bdf33391edcd962fc6c4208c715e377a
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ic25814ff5d8a3134de59876c38da2c245c50d7ca
Closes-Bug: #1804562
Closes-Bug: #1804720
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.
Change-Id: Ieb132483803085c0e97a3572fc035af3817467af
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I081c6f8c791ef7d4dc1d5bf8dfc2676c73e66734
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.
Change-Id: If0a614520c4737e489147e18b1e9028e1f671f88
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ia607af51a784113541ac576b9293700dbafba31d
Closes-Bug: #1717144
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: I7de3338061bad949f26ed0d84782124c7b61eb70
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: Ifaad2dffab360df2790dac8d9ad8c9a87f719f6b
Closes-Bug: #1652700
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I4dc0bd544f91fd52ad437b4c3ebbd16a43895726
Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.
Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.
Change-Id: I722a1e41b2cee0b3040c37f07adfd13c33edaa5c
Closes-bug: #1604463