Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.
Change-Id: Iec6917c4ca352f7b8d18a3c823768a9599b86109
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following three items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
- credential parameters for oslo.limit library
Note that the credential parameters for authtoken middleware are
used in some providers, and these providers still require a project
scope credential. This will be fixed by the subsequent change.
Depends-on: https://review.opendev.org/804325
Depends-on: https://review.opendev.org/823629
Change-Id: Ic7682993b341a7d45b0957f102f5c3dbd52f9043
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.
Change-Id: I1b54aefa27a929946aaf91c6f863466df8b13107
Glare service is now totally dropped from Glance [1] and now should
be configured only with puppet-glare module.
[1] https://review.openstack.org/#/c/427535/
Change-Id: I695ad518285a92a80dd7a9d5bebd11e804359224
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If683fbd098e701a3c4da91941cf818b18b41b209
This patch switches the service name from 'Image Service' to
just 'glance' so that it matches what we do for other services.
Typically we use the project (auth) name for the service_name.
Not having a consistent catalog can cause failure to find
endpoints for some services. Mistral for example would fail
to lookup the glance endpoint due to it being set as 'Image Service'
rather than 'glance'.
Change-Id: I17116c0f995ab76ed79bd8b2df57629c1ed4e4d0
Closes-bug: #1584229
This change updates glance::keystone::auth to include the
user-provided auth_name as a parameter for the service_identity
provider. Hardcoding the namevar of that resource as was agreed. the
service_name parameter was not undef as in other resources, so the
name was left as-is. And we no longer pick a service_name out of the
service_name and auth_name; now only the service_name is taken into
account.
Closes-Bug: #1590040
Change-Id: I757930e05b6e14cb15139840c9e4a513c9af5d17
The README file refers to an invalid *_address parameters
when *_url parameters should be used. The example in the
manifest does not show a password listed (which is required).
Change-Id: I03eb31f0c660afca1688e6fc7a992cfb70317706
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare and it has own endpoint. This patch adds it.
Change-Id: Ibea50c249e6f0f33dbcfae4bf7cf3569f27c21e5
Related-bug: #1555697
In Liberty, we sent a warning if service_name was not set (and auth_name
was configured as the service name), with the goal to define the correct
default value during Mitaka.
This patch set the service_name parameter to 'Image Service' by default
to match with Keystone's default catalog.
Note: if you already run OpenStack, when you'll run Puppet after this
change, the old service will still be present and you'll have to drop it
manually. Though the Glance endpoint will be updated with the new
service.
Change-Id: I740a9ad32361e6a78277ea0667fba7f631eb64af
Closes-bug: #1506061
Collect glance service resources by title instead of name. The service
name differs across distributions but the resource title does not.
These collectors were silently ignored when they did not match any
services on Red Hat systems.
Change-Id: I9c17395576b35920eda1f57d93ef684a00253c53
Closes-Bug: 1511891
When running Keystone in WSGI, Glance_image is not run in the right
moment.
This patch aims to make sure Glance_image is run after creating Glance
endpoint Keystone resource by using the Puppet chain arrow.
Keystone_endpoint is actually the latest resource created by Keystone
providers to make Glance working.
If Glance_image resource is in the catalog, it will be executed when
keystone & glance are actually ready and not before.
Closes-Bug: #1488277
Change-Id: I97d1a77c5f4a67914738514d773ecbd4bfb2196c
This change deprecates the following parameters:
- port (replaced by public/internal/admin_url)
- public_protocol (replaced by public_url)
- public_address (replaced by public_url)
- internal_protocol (replaced by internal_url)
- internal_address (replaced by internal_url)
- admin_protocol (replaced by admin_url)
- admin_address (replaced by admin_url)
Add deprecation warnings if any of those values are provided
while maintaining full backward compatibility.
Closes-bug: #1274979
Change-Id: Iac152347534874f8763d8df4f81d1568d3c5e222
The previous commit that changed the service description
from Openstack to OpenStack actually introduced a bug that means
that users cannot upgrade between those two versions of the code.
An attempt to use this manifest to upgrade from earlier versions
of the code before this change was made is currently not supported
because keystone_service does not support updating it's description.
This commit adds the service description as a class parameter so that
folks using older version of the module can update it to the incorrectly
spelled version.
Change-Id: Id8b01c7456b067c19fcf6cc1503c22a11b7d3fd9
Previously when you set $configure_endpoint to false and did not have a
keystone_endpoint resource with the same name as is defined by
glance::keystone::auth, the catalog would not be compiled. This was
because a relationship was being established where one resource in the
relationship didn't exist.
This changes this so that the relationship involving the Keystone
endpoint is only defined if $configure_endpoint is set to true.
Also, the test for when $configure_endpoint is false was set to check
for an endpoint that doesn't get created even if $configure_endpoint is
true. Fixed so that it checks for an endpoint that has the correct name
(the same as when using the default values to call the class).
Change-Id: I6631a656a888d0df7ab173705bea0598bd2b2f58
Closes-Bug: 1368686
Add puppet parameters lint (with puppet-lint-param-docs gem) and fix
missing documentations, this commit also fix metadata.json file (SPDX
license, and open dependencies).
Change-Id: I0d590b930a8d0263c3a74d861b9786770be7d183
Refactorise the code of Keystone resources management with backward
compatibility since we don't modify the unit tests.
Change-Id: If15a56de62d5d87d456cdc6aed1602aee5984124
Implements: blueprint common-openstack-identity-resource
In some cases it is useful to be able to just configure
the service in Keystone and not the service user. This
is the case when e.g. a read only LDAP backend is used.
Added parameters configure_user and configure_user_role
(default to true).
Change-Id: If9bb802ff2bb0b3ece55f36df773059ba9c7e9de
Closes-Bug: 1360232
Instead of forcing the name of the service in the service catalog to
match auth_name, this allows the ability to explicitly set the service
name, separately from auth_name.
Change-Id: I142b9e944eacdeba8a029d7f15f067ef5f1f87a4
This gives the ability to specify https endpoint for
internal and/or admin endpoints.
Change-Id: I1f7d96693a5bc2140041658e77cc7920f9577eac
backport: havana
This patch ensures that in the case where keystone and
glance-api are on the same node, nova-api is not started
until the keystone catalog contains the image service
and endpoint required to use glance.
Change-Id: I48ae07b2d7789d549a4412a21e842a1222a48caa
* Fix following warnings:
* double quoted string containing no variables
* indentation of => is not properly aligned
* quoted boolean value found
* variable not enclosed in {}
* Fix following errors:
* two-space soft tabs not used
* Remove quotes around class in include/require statements
* Remove some comments from the code, they added no value
Change-Id: I341b37f2c6795951f3285037b2fa612d767a4474
As said in [1], “This is useless and causes problem with library using
glanceclient. Glance has already a workaround for this […]”
[1] https://review.openstack.org/#/c/18325/
This refactor of glance::keystone::auth adds additional
class parameters to make it easier to configure the resulting
keystone objects.
Adds the following class parameters:
- admin_address = '127.0.0.1',
- internal_address = '127.0.0.1',
- region
Removes the following parameters:
- address (which has been replaced by the above parameters)
Renames the following paramters:
- service => service_type
This commit updates the service definitions for the
image service.
Removes dependencies that are no longer necessary (b/c I added
autorequires)
Specify ensure explicitly.
The ppas are currently coded in the keystone module.
This code adds them to the glance example to ensure that
we get the latest version of the glance packages.
Rajesh Tailor