This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I674bd4b6db8862668dab8197d86fe99b55e923f5
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: Ib07b1a55d5640ff5372b58a412833f81665a33d3
Closes-Bug: #1904962
Currently we validate database_connection in 2 layers, each puppet
modules and puppet-oslo, however this makes it difficult to maintain
validation pattern because we always need to fix both.
This patch removes the validation from each puppet modules so that
we need to maitain only one place, puppet-oslo to update validation
logic.
Change-Id: Iedacb092d2c4427f77e82c9b3e0191a04e0f2278
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: Idbaf877352d93a9713a87b4ceadd18feb770ad6d
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.
Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I84a6762b1a0ac58c650dadcd36901f914ccd57d5
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I3f553352215286eb7dd312037f3466591ba0c287
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.
The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.
This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].
[1] https://review.openstack.org/#/c/568929/
Change-Id: I41d8fc86b439914098a87b4ae6da6c8c672a399d
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Ic7613f0e384bc7ec7e0122b26a1abed5d659dd0a
Closes-Bug: 1778198
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.
Change-Id: Id7216ed27bf4d7e77e7a1332022fb6c4835afff5
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: Idf08b1283b64f1d6707fd6d7a87b0b1c39f5d319
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I5e84034ada8dffad946ae32746a11cb31488bfec
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
Add pool_timeout option to configure this value for pool_timeout with
SQLAlchemy.
Change-Id: I79e95919788ac9fc74e99cb53395725087dcb57b
Closes-Bug: #1757581
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.
Change-Id: I6b52256001bd9cefaa92aa2c58db1658cdded5ff
Closes-Bug: #1755102
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.
Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: Ic2089de7ead1d08ebead7f24f8b50f5116004ae0
Co-Authored-By: Alex Schultz <aschultz@redhat.com>