The default_transport_url parameter should be configured appropriately
so that the ceilometer middleware can send notifications.
Change-Id: I4fb26670668073619ad3629ea47194ddc33981f0
The mechanism to load additional config files for oslo.messaging option
was introduced to ceilometermiddleware. Use this mechanism to inject
oslo.messaging options so that we can customize behavior of the library
like use_ssl.
Depends-on: https://review.opendev.org/904328
Change-Id: I5a82a52ddea610b4dda6658378d78a6cf13e3bb2
ceilometermiddleware does not require access to local resources owned
by the ceilometer group but communicate with ceilometer over rpc.
Thus we don't need to add the swift user to the ceilometer group.
Change-Id: I3666c5b3d45ba99a5716cfbe5174202b53ad4950
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following three items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
- credential parameters for s3token middleware
- credential parameters for ceilometer middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I1923a5aed12a503f450c7d2e4a7784e4746fb46c
This change fixes the package name of ceilometermiddleware and ensures
that proper name (python- or python3-) is used according to the default
python version.
Change-Id: I7c99aaf5f02b29a5901aee3e1d9f581079375f17
This patch reverts If7b88bf51046317171f6fa85bb8c01390fa26a37.
ceilometermiddlware is supposed to use the same logger as proxy-server
and doesn't directly touch log files but rely on rsyslog.
Change-Id: I3e2a8ec96cb7b3befa6d840b0944b6f50203dd9e
Currently puppet-swift provides default values for some password
parameters, but this is not ideal from security perspective and we
should expect operators to set their own password explicitly.
This patch deprecates the usage of these default values and adds
warning message which appears for missing password defined, so that
we can remove current default values in next cycle.
Change-Id: I6e7721d04ae2bf2e2a2ea3f02ebfcbded58692e2
auth_uri parameter is not used in ceilometermiddleware, so deprecate
puppet parameter according to it.
Change-Id: Id8738a52d0ad0c6aaa4cbab70a0b3461870017dd
Add region_name parameters for keystone authentication in authtoken
middlleware and ceilometer middleware, so that we can specify the
keystone region where we expect keystone resources like swift user
are created.
Change-Id: I977ebb769eb79c715e0b19e97b9087bcbf578809
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.
Change-Id: I518cc1e80f870122ecff450f792f6a16ca56a9a3
Moves all spec tests over to using rspec-puppet-facts
and runs the tests for all our supported operating systems.
Change-Id: Ie2d60acac835affaf46a5276c9755640a723bca4
Set the default to services tenant. Without this, ceilometer
db gets hammered with gnocchi swift events. Keystone creds
are required so middleware can qwuery for id.
This support is added in https://review.openstack.org/#/c/464559/
Change-Id: I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1
The configuration is done via the oslo::messaging::rabbit resource
from puppet-oslo. We should be checking for the resource that we're
using instead of the underlying configuration file.
Change-Id: I60cc9bbe655d8dc7d08dd7a0d6466c7774b8f5a8
This enables the basic SSL options (enabling SSL and setting the
certificates) for the notifications emitted by the ceilometermiddleware
that's in front of swift-proxy. This was enabled for the rabbitmq and
the amqp drivers.
Change-Id: If23d1f0d20264faaddc2e5ad54863483fa43ed41
As amqp_url option contains password info,
it should not keep plaintext in logs.
Change-Id: I5061235d2ede23e5c80e06624298f8e39196b65b
Closes-Bug: #1640809
The rabbitmq connection parameters have been deprecated in favor of a
transport url setting.
Change-Id: I6aa29f7a70c4c1bfce8a09d8da5f88bb148d7d49
Related-Bug: #1625198
The reseller admin role has the ability to create and delete accounts.
Set the default as undef, so that new config is not added until
a user wants to add it.
Also clean up leftover concat items from proxy spec tests.
Change-Id: I5936fe30b1cb7197bf37748f204a054b1e49e430
This allows to send Ceilometer notifications in a background thread, no
longer blocking Swift proxy if the RabbitMQ is not available.
This patch does not change the default behavior.
Change-Id: Iad1f69f273fe80176c6010f8f3cc24313d7c5ab4
Maintains full backward compatibility.
Use swift_proxy_config ini provider to mange proxy-server.conf.
Remove all erb templates. Move all template logic into proxy
middleware classes. To purge proxy.conf of settings that are
not specified set the new paramater "purge_config" to "true".
Change-Id: I0a143cf812043ea0f9a008a6e5c60ec87f9a4e9a
In cases where ceilometer and proxy server are not running on
the same node this breaks things. Let the installers handle
the dependency based on where these services run.
Change-Id: Ided6c1229178059a5e3ecc54442170b54ac7c421
Now for using Ceilometer notifications from Swift we should
use Ceilometer middleware. Hence we need update template for Swift
to account for incoming and outgoing traffic notifications.
[1] I686e5d94fb72fd2a00973c91673edc417142ee2f
[2] http://docs.openstack.org/developer/oslo.messaging/transport.html#oslo_messaging.TransportURL
Change-Id: Ib6efd4a1ab4b76c74cffc546383f5382c24a8c43
Related-bug: #1510064
In OpenStack Infra, we would like to run Puppet unit tests that
sometimes depends on other Puppet OpenStack modules.
Example: a patch in puppet-openstacklib that needs to be tested in puppet-nova.
This patch modifies the Rakefile to:
* clean spec_prep and spec_clean Rake tasks
* use openstack/puppet-openstack-integration/install_modules_unit.sh script
to clone modules.
* do not use .fixtures.yaml file to clone modules and rely on
zuul-cloner or git.
* Add openstack/ in gitignore so we never commit the
puppet-openstack-integration repository (can happen when spec_clean
did not run but you want to submit the patch anyway)
* Allow to run a custom Puppetfile if PUPPETFILE env is exported. It
will allow people to test the module with the dependencies they like,
feature we had with .fixtures.yaml.
Also add 'r10k' to Gemfile.
That way, we will be able to use zuul dependencies and run tests accross
modules like we do with functional testing.
It also fix proxy/ceilometer rspec syntax for Puppet 3.x. This change
could not be in a separated patchset since it's related to this patch.
Change-Id: I8d20b5297dde8a2ecfcaf3d21d221735bc9df8d6
When running Ceilometer in WSGI, 'httpd' service will need to be allowed
to write in /var/log/ceilometer.
Instead of hardcoding 'swift' user for being part of 'ceilometer' group,
create a new parameter 'group' so we can override which user we want
part of 'ceilometer' group.
Change-Id: Ib4c63ea386e93161cddb44c0a588f8e658c214e4
This change removes all SSH-related components, their configuration
options, and tests.
SSH is such a low-level service (from the perspective of any operator
deploying a cloud), that it is reasonable to assume that (or provide
direction that) SSH must be installed and configured prior to usage of
the puppet-swift module.
Without this change, there is a significant liklihood of confusion
occurring in the likely case of SSH being managed elsewhere.
Change-Id: I0f695788b2784669a3fb285e4bedf0159c4cb89a
Closes-Bug: 1447259
This patch aim to update our specs test in order to work with the
rspec-puppet release 2.0.0, in the mean time, we update rspec syntax
in order to be prepared for rspec 3.x move.
In details:
* Use shared_examples "a Puppet::Error" for puppet::error tests
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of puppetlabs_spec_helper)
* Remove un-used puppet-lint (name_containing_dash config)
Change-Id: I5488507176d4665895eef65ddb4b6f0fb4eda3e7
Card: https://trello.com/c/eHXc1Ryd/4-investigate-the-necessary-change-to-be-rspec-puppet-2-0-0-compliant
The Swift ceilometer middleware needs to be able to
write its log file in the /var/log/ceilometer
directory. Not all distributions set permissions
on this directory such that the swift user/group
can write into the ceilometer log directory. This
can cause the swift-proxy to fail to startup due
to permissions issues.
This patch updates the swift::proxy::ceilometer so
that we create an empty /var/log/ceilometer/swift-proxy-server.log
file with proper permissions before starting the swift-proxy
service.
Change-Id: If7b88bf51046317171f6fa85bb8c01390fa26a37
Including only ssh::server::install class in init.pp give too small scope
and cause warnings about inability to look up ssh::server::ensure.
Closes-Bug: 1355873
Change-Id: I443c9f006b47c609e4a05da38b4a2124acbf886e
concat::setup has been made a private class and can no longer be
included from modules outside concat itself.
concat::setup is already included by the concat define. Removing
its inclusion from puppet-swift classes shouldn't result in breakage
or loss of functionality.
Change-Id: I7566e09bd4e93aec719a495279cf92d8a898057e
Closes-bug: #1245936
Takashi Kajinami