Commit Graph

74 Commits

Author SHA1 Message Date
Takashi Kajinami ba81a15371 Retire puppet-glare - Step 2: Remove Project Content
Depends-on: https://review.opendev.org/790056
Change-Id: Id76e00fafd171f3d77b70817c5cfd103cb207b0e
2021-05-07 01:08:33 +09:00
Thomas Goirand 6d94ffe510 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I674bd4b6db8862668dab8197d86fe99b55e923f5
2021-04-11 23:39:16 +02:00
Takashi Kajinami 2a41b6ee88 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: I522ac2fb7fe289cbcda436119a003850efce2aeb
2021-03-24 16:36:09 +09:00
Takashi Kajinami 18c70a3a69 Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: I1c92094c34baa4a30d10f30e6c2d613030ba93a2
2021-03-21 10:56:18 +09:00
Takashi Kajinami 52bbcd3a5f Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I523ec093324bb991a30930a1352c5930bf220108
2021-01-07 23:21:14 +00:00
ZhongShengping eb72d71b7f Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: Ib07b1a55d5640ff5372b58a412833f81665a33d3
Closes-Bug: #1904962
2020-12-06 11:07:55 +08:00
Takashi Kajinami ba039b45ec Add support for the keystone_authtoken/service_type parameter
Change-Id: Iacf60927f83761973b77dd9b5f876b14a58eb0d6
2020-11-03 17:53:49 +09:00
Zuul 672a40dbd4 Merge "Do not validate database_connection format" 2020-08-31 14:25:17 +00:00
Takashi Kajinami a26d59dd66 Do not validate database_connection format
Currently we validate database_connection in 2 layers, each puppet
modules and puppet-oslo, however this makes it difficult to maintain
validation pattern because we always need to fix both.
This patch removes the validation from each puppet modules so that
we need to maitain only one place, puppet-oslo to update validation
logic.

Change-Id: Iedacb092d2c4427f77e82c9b3e0191a04e0f2278
2020-08-31 00:05:20 +09:00
ZhongShengping 6dfb89f4ce Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I5c5103626e1b5e5b77bb0e07fb81bb69418ea950
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:55:54 +08:00
ZhongShengping 6034694981 Add service_token_roles for keystone authtoken config
Add the ability to configure service_token_roles.

Change-Id: I29e8d699eb34c4d89302d9b0ff08562353c1e4a1
Closes-Bug: #1892284
2020-08-20 10:41:27 +08:00
Lewis Denny ede6fbf786 Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: Idbaf877352d93a9713a87b4ceadd18feb770ad6d
2020-07-16 11:27:40 +10:00
Takashi Kajinami e1ff7923cf Remove password hash generation in each puppet modules
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.

Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I84a6762b1a0ac58c650dadcd36901f914ccd57d5
2020-05-19 23:27:08 +09:00
Takashi Kajinami 76189930cf Drop compatibility for el6
... because it's now really old, and we don't expect any users
use it to run OpenStack.

Change-Id: I8db6b0166759bf535e577d10e8afaa36dcbaff86
2020-04-02 10:03:54 +09:00
ZhongShengping 5ad7236835 Deprecate min_pool_size option
min_pool_size option is not used,see:

https://review.opendev.org/#/c/565090/

Change-Id: Ia6fa74ec2fc0f0e70cb9af111e7a9639322ca902
Closes-Bug: #1868511
2020-03-25 14:53:40 +08:00
ZhongShengping ba292054bd Remove idle_timeout option
The idle_timeout parameter has been deprecated for two releases.
We can remove it.

Change-Id: I5beee515ab6ceb5df7ef54fd35189a5c72ba242f
2020-03-23 14:45:48 +08:00
Tobias Urdin 93d53f4ef2 Convert all class usage to relative names
Change-Id: I8fa05675ae67286bcd3752cbfc46c3cd6ad02a17
2019-12-08 23:06:38 +01:00
ZhongShengping d695e1df44 Remove deprecated pki related options
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.

Change-Id: I3f553352215286eb7dd312037f3466591ba0c287
2019-08-15 11:51:37 +08:00
ZhongShengping 625ef78c6e Deprecate idle_timeout option
The idle_timeout parameter is deprecated, use connection_recycle_time
instead[1].

[1]https://review.opendev.org/#/c/334182/

Change-Id: Iad22c20436222db89d292c960688c97bc5265d4c
Depends-On: https://review.opendev.org/656106/
Closes-Bug: #1826692
2019-04-28 15:00:09 +08:00
ZhongShengping 324b4984d6 Configure vcenter_password as secret
Change-Id: I20bf37e9f20926cb620e5a3a20a80c3731d1d155
Closes-Bug: #1825098
2019-04-17 14:44:44 +08:00
Zuul 82045d7158 Merge "Use validate_legacy" 2019-02-25 17:21:23 +00:00
Tobias Urdin 5bc7e0a115 Use validate_legacy
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.

The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.

This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].

[1] https://review.openstack.org/#/c/568929/

Change-Id: I41d8fc86b439914098a87b4ae6da6c8c672a399d
2019-02-23 14:50:27 +01:00
ZhongShengping ca01ea1047 Service_token_roles_required missing in the server config file
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: Ic7613f0e384bc7ec7e0122b26a1abed5d659dd0a
Closes-Bug: 1778198
2019-02-15 10:03:03 +08:00
Tobias Urdin 6f143c16ad Use puppet 4 compatible mysql functions
These was introduced in 6.0.0 and is required to
support later version of puppetlabs-mysql.

Change-Id: I07066787f021c1985a4708a9dc8c11c2d9ad1ec5
2019-02-08 12:09:47 +01:00
Zuul f54faaf004 Merge "Inherit pyvers from openstacklib::defaults" 2019-01-18 11:42:54 +00:00
Tobias Urdin 580ead284f Inherit pyvers from openstacklib::defaults
Change-Id: I4d27bbbb16f87cf0051f1bbed2429e1c8affd14c
2019-01-17 21:30:39 +01:00
Zuul 572a93dc34 Merge "Dont include logging in init by default" 2018-12-29 20:54:21 +00:00
cuizhengcheng c27ab16cbc Certificate should be changed to certification
Change-Id: I5885b07479d2e38891cb6343e2a5fa0efc48ca02
2018-12-20 11:37:04 +08:00
ZhongShengping 265019a5d0 Fix the port of endpoint
The port is error for endpoint. We should fix it.

Change-Id: I38c5044c506ff4505d18ea046e5f450db3d2daa1
Closes-bug: #1808737
2018-12-18 13:56:21 +08:00
ZhongShengping af77837871 Cleanup documentation
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.

Change-Id: Id7216ed27bf4d7e77e7a1332022fb6c4835afff5
2018-12-13 17:10:01 +08:00
ZhongShengping edb3a0e4ee Install python3 in Fedora or RedHat > 7
Fedora repo [1] has python3 packages, start consuming those.

[1] http://trunk.rdoproject.org/fedora/puppet-passed-ci/

Change-Id: I7dd423e8b15f0d8b98f365ef0562d716068eb3aa
2018-12-12 08:28:33 +08:00
Tobias Urdin 425b50e4d0 Dont include logging in init by default
Change-Id: I862232e4d24a879990bff6626458a4b7a4f72351
2018-11-29 10:22:30 +01:00
Tobias Urdin 3d0a913fcb Remove auth_uri
Change-Id: I55c635d22a92c8d923323ba76ebced5033b9205e
2018-11-29 00:12:54 +01:00
ZhongShengping f67462cce2 Deprecate pki related options
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.

Change-Id: Idf08b1283b64f1d6707fd6d7a87b0b1c39f5d319
Closes-Bug: #1804562
Closes-Bug: #1804720
2018-11-23 10:22:26 +08:00
zhangyunyong efc14de4aa Configure access_key and secret_key as secret
Change-Id: I92baa8ca211ecb85e63888cc2715d688d5274156
Closes-Bug: #1786035
2018-08-08 21:14:03 +08:00
zhubingbing 00a9d1052f Fix annotations
Change-Id: Id5c07ec89fcbf9ce09b75f8203da8e8bb73d0810
2018-06-15 15:07:37 +08:00
Zuul 73cdfab42d Merge "Replace port 35357 with 5000 for "auth_url"" 2018-05-28 03:33:57 +00:00
Tobias Urdin 1230535128 Fix lint, syntax and structuring
Change-Id: Id5400ac336f5a49e5c9b8748f928deb56812e075
2018-05-22 00:00:52 +02:00
melissaml 6afae87cf1 Replace port 35357 with 5000 for "auth_url"
Based on the change in Keystone Install Guide [1],
this patch replace port 35357 with 5000 for "auth_url".

For more details, please check similar changes which have been done
on other projects: Nova [2], Neutron [3], Cinder [4], Glance [5].

[1] https://review.openstack.org/#/c/541857
[2] https://review.openstack.org/#/c/562812
[3] https://review.openstack.org/#/c/566491
[4] https://review.openstack.org/#/c/565464
[5] https://review.openstack.org/#/c/558932

Change-Id: I4663576274830a7d6fa0b1a06d357cae58c771c7
2018-05-21 14:50:53 +08:00
zhubingbing 3bdd62fcc9 neat: missing : in $::os_service_default
Change-Id: Ieda92a6d6b060160c4bc44ef4c135223e320c652
2018-05-11 14:02:39 +08:00
Zuul 67a0ee0f19 Merge "Debian is using python3-glareclient" 2018-04-13 03:13:42 +00:00
zhubingbing b8531ca627 Debian is using python3-glareclient
Change-Id: I7aef5afe2012249a827254ec2de320cc0c017427
2018-04-12 11:13:47 +08:00
ZhongShengping 98651fc002 Deprecate auth_uri option
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.

[1]https://review.openstack.org/#/c/508522/

Change-Id: I5e84034ada8dffad946ae32746a11cb31488bfec
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
2018-04-03 16:55:00 +08:00
ZhongShengping ec780033ae Add pool_timeout option
Add pool_timeout option to configure this value for pool_timeout with
SQLAlchemy.

Change-Id: I79e95919788ac9fc74e99cb53395725087dcb57b
Closes-Bug: #1757581
2018-03-22 11:09:50 +08:00
Zuul 8c8f5ba67a Merge "Drop all qpid related explanations" 2018-03-14 02:36:50 +00:00
ZhongShengping 819ae38f58 Add 'openstack-db' tag to db-sync Exec resource
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.

Change-Id: I6b52256001bd9cefaa92aa2c58db1658cdded5ff
Closes-Bug: #1755102
2018-03-12 16:33:07 +08:00
ZhongShengping 8035224952 Drop all qpid related explanations
Qpid was removed in Mitaka from Oslo Messaging, so we
can remove all qpid related explanations.

Change-Id: I0d86693482975f390ddbfc1fc9b80856fa7877b6
2018-03-09 15:04:23 +08:00
Brad P. Crochet a5f546e5b0 Add glare client install support
Change-Id: I00b9ececdbac3b0769bd32b3205b0bd75345efcf
Related-Bug: #1744972
2018-01-23 11:58:35 -05:00
ZhongShengping b483ef992d Add use_journal option for logging configuration
This enables oslo.log to pass logging records to journald.

Change-Id: I9e660aa635866deb83bb0760452e0ecd397e2ef1
2018-01-15 15:47:22 +08:00
Emilien Macchi 2c7d1ed2bb Add group to policy management
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: Ic2089de7ead1d08ebead7f24f8b50f5116004ae0
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-10 14:22:53 -08:00