This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I674bd4b6db8862668dab8197d86fe99b55e923f5
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: Ib07b1a55d5640ff5372b58a412833f81665a33d3
Closes-Bug: #1904962
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: Idbaf877352d93a9713a87b4ceadd18feb770ad6d
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.
Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I84a6762b1a0ac58c650dadcd36901f914ccd57d5
In CentOS, we expect to have python3 client package in 8.x while we
expect to have python2 in 7.x .
Fix unit tests to expect the correct version according to os major
version.
Note that this patch also removes broken unit tests which overrides
os release information to test el6 and el7.
Change-Id: I7437538596ad8a5d8a591b629c6982309a25514c
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Ic7613f0e384bc7ec7e0122b26a1abed5d659dd0a
Closes-Bug: 1778198
Remove code that is redundantly tested.
This should not be tested here but in puppet-oslo
where this logic resides.
If we keep this and we do changes in puppet-oslo we
will break these unit tests, this is something we need
to sort out for all modules.
Change-Id: Ibd51254075bcb86a412decb41103720b25bbbb92
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: Idf08b1283b64f1d6707fd6d7a87b0b1c39f5d319
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I5e84034ada8dffad946ae32746a11cb31488bfec
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Add pool_timeout option to configure this value for pool_timeout with
SQLAlchemy.
Change-Id: I79e95919788ac9fc74e99cb53395725087dcb57b
Closes-Bug: #1757581
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.
Change-Id: I6b52256001bd9cefaa92aa2c58db1658cdded5ff
Closes-Bug: #1755102
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.
Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: Ic2089de7ead1d08ebead7f24f8b50f5116004ae0
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.
Change-Id: I9ae04aa57983e60bd902f20a61a91cf1cfbd9c1c
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Icad365825b3c134267493efb3ee692cfce364399
Closes-Bug: #1717144