Commit Graph

112 Commits

Author SHA1 Message Date
Takashi Kajinami 99e7f84000 Retire puppet-tacker - Step 2: Remove Project Content
Depends-on: https://review.opendev.org/874539
Change-Id: I50d1b0036ca1ca6509d1cc462856e4a898aafea3
2023-02-27 16:44:50 +09:00
Takashi Kajinami cc18391a05 Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I0bb6c90c38c77942bea7e9cb71cd7fbe6ff64256
2023-01-23 14:42:04 +09:00
Takashi Kajinami 59babeddfe Support more parameters to define/tune api behavior
Change-Id: Ic05d0cddfaccab6759b4d587e0fbc0bcff01977b
2022-03-07 19:15:43 +09:00
Takashi Kajinami caec9bd63e Ensure [DEFAULT] auth_strategy is set
This change ensures the [DEFAULT] auth_strategy is set. Otherwise
setting the parameter to non-default value doesn't take any effect.

Change-Id: I3fddb08c83dc6bbf10d395c8601e9982de79954f
2022-03-07 10:14:25 +00:00
Zuul 769f3fee40 Merge "Avoid hard-coding OS user/group in each manifest" 2022-02-22 15:32:33 +00:00
Takashi Kajinami 85fea36cae Avoid hard-coding OS user/group in each manifest
and replace hard-codes by definition in params.pp .

Change-Id: I58513948f3501a97c04e9fa1474d6e944cf830d2
2022-02-21 01:41:26 +09:00
Zuul a0d9012cad Merge "Remove deprecated database_min_pool_size" 2022-02-18 08:44:01 +00:00
Zuul 6af235aaed Merge "Remove deprecated amqp_allow_insecure_clients" 2022-02-18 08:42:25 +00:00
Takashi Kajinami 10eda6e780 Allow customizing api-paste.ini file
This change introduces a new resource type and the corresponding puppet
parameter to allow managing records in api-paste.ini.

Change-Id: I92df917887da3220dfb7c7ed10fac123f01af1aa
2022-02-13 12:37:52 +09:00
Takashi Kajinami f967136639 Remove deprecated database_min_pool_size
... because it was deprecated during Ussuri cycle.

Change-Id: I96f9a5df709f2b4ed0fbcbe6a3e3831d99d983c5
2022-02-08 22:37:16 +09:00
Takashi Kajinami 2e0acb1cee Remove deprecated amqp_allow_insecure_clients
... because it was deprecated during Wallaby cycle.

Change-Id: Ia151180fb81cf7fbb21455bda1e2cbe06f2c93d2
2022-02-08 22:25:43 +09:00
Takashi Kajinami cb10781964 Ensure keystone resources are created during service startup
This change ensures keystone resources like the mistral service user
are created before completing service setup, so that we can use
the service::end anchor to ensure Mistral service is fully available.

Change-Id: I3457c3746f798548f6026b503f279d6ae94f7c32
2022-02-07 00:21:50 +09:00
Takashi Kajinami 37046e86a4 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I8bd8e455c739d6eaa43d3ea22af86003a7617bc9
2022-01-25 10:53:19 +09:00
Takashi Kajinami b54c607b19 Skip dependency on keystone endpoint if endpoint is not configured
Change-Id: I2a4e57d9f7c5084ed97725562db89c4a23560d10
2022-01-24 14:59:03 +09:00
Zuul c21b9b3bbe Merge "Add service tunable parameters of tacker-conductor" 2022-01-10 19:37:36 +00:00
Zuul 2530f039ca Merge "Add support for [DEFAULT] api_workers" 2022-01-10 19:27:25 +00:00
Takashi Kajinami d37bdac959 Add support for [DEFAULT] api_workers
Change-Id: Ie61b618ecec6f9a3691ac24bb57302b5b26ddab9
2022-01-08 13:18:37 +09:00
Takashi Kajinami dfb2475e18 Add service tunable parameters of tacker-conductor
Change-Id: I9e91a0488407df171cd5b39760eff0b0087d4ee2
2022-01-08 13:17:32 +09:00
Zuul 3d67507059 Merge "Add support for vnf_package/vnf_lcm parameters" 2022-01-07 22:48:00 +00:00
Zuul 84e91f2fe6 Merge "Install coordination backend packages before starting services" 2021-12-07 16:44:04 +00:00
Takashi Kajinami 08cd7cdbf8 Add support for vnf_package/vnf_lcm parameters
Change-Id: Ia12c89fa833410e8be154ece2671184b65476ca3
2021-12-02 20:15:43 +09:00
Takashi Kajinami 95a44f1af9 Install coordination backend packages before starting services
Change-Id: I52f8f0514e9db097a1043d0aa2abf8c4b7a3c5d0
2021-11-29 10:46:45 +09:00
Takashi Kajinami cb3bf87f99 Fix dependencies related to openstacklib::policy
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.

[1] 4372dd4ebc

Change-Id: I437e1bdf665e0e79679464c9dc277979825cea6a
2021-11-29 09:59:12 +09:00
ZhongShengping 217411978a Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I04b708e411b9627aa19653f223e356cc66302e87
Closes-Bug: #1943212
2021-09-14 16:02:09 +08:00
Takashi Kajinami 4372dd4ebc Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I702ddaa8a88e804ea378d686fbbe7ea89ca62823
2021-09-04 22:19:28 +09:00
Zuul b21c512e31 Merge "Add support for the tacker-conductor service" 2021-08-24 07:40:39 +00:00
Takashi Kajinami f10b246ac0 Add support for coordination parameters
Recent Tacker uses the tooz library to synchronize vnf action tasks[1].
This change introduces the new tacker::coordination class which manages
coordination parameters and backend packages using oslo::coordination
resource type.

[1] cff8c756822da5a8a7b92eec536db4532d31c408

Depends-on: https://review.opendev.org/791628
Change-Id: I3cb36be7fe6b43133f09ed6edce3f258786d7dc2
2021-07-06 13:18:29 +09:00
Takashi Kajinami 64c557c32d Add support for the tacker-conductor service
Change-Id: I5a6c295bb30141eed2949bdd198b91b7865e7f96
2021-07-06 13:04:24 +09:00
Thomas Goirand ae0a25f1ed Get rid of the $pyvers variable
Since everyone has switched to Python3, it's time for the removal of the
$pyvers variable.

Change-Id: I0dd38974a07d76b003688c57258aaa37a8b6ed32
2021-06-14 09:48:47 +02:00
Thomas Goirand 478293eedc Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I006c137e78c1bac99202ced38fd6f82a07ad65e3
2021-04-11 23:47:10 +02:00
Takashi Kajinami 197df465ec Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: I4e7c8b875aaec1a7d6c72f52f653bbf0ba6320ad
2021-03-24 17:14:08 +09:00
Takashi Kajinami eae0cb1e88 Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: I0a9814ccb864b64d73a83f2fe866b19577cf7798
2021-03-21 15:58:33 +09:00
Takashi Kajinami df693ba1de Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I51a7d4a5106ec9d6377166a0c79e5116f86d64ec
2021-03-21 15:58:30 +09:00
ZhongShengping a90ce49015 Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: I3e075edf9e97995ff9d014f41bea72ad758c72e2
Closes-Bug: #1904962
2020-11-23 09:27:52 +08:00
Takashi Kajinami 175a1468ec Add support for the keystone_authtoken/service_type parameter
Change-Id: If3afa412a8237205de705e495d8ef88783bf3380
2020-11-19 02:53:23 +00:00
ZhongShengping 98be9843fc Deprecate allow_insecure_clients option
The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Note this patch disables litums tests since it is broken by the issue
with database sync, to unblock the gate.

Change-Id: Ica04d19587fc2c27eba194ea33f2ffca53c4be5f
Closes-Bug: #1902158
2020-11-19 11:24:15 +09:00
Takashi Kajinami 637fb051fa Do not validate database_connection format
Currently we validate database_connection in 2 layers, each puppet
modules and puppet-oslo, however this makes it difficult to maintain
validation pattern because we always need to fix both.
This patch removes the validation from each puppet modules so that
we need to maitain only one place, puppet-oslo to update validation
logic.

Change-Id: Ie3891da0e6a518d328d9a0367fe16f963ee6a6ba
2020-08-31 17:57:20 +09:00
ZhongShengping 4602236e2f Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I1a6a386a2082efd9ee8b109eb068414742fc8dd5
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:56:34 +08:00
ZhongShengping 9c9f14516c Add service_token_roles for keystone authtoken config
Add the ability to configure service_token_roles.

Change-Id: Ie60c7f08326712fed4458f9bee48ff1598eec224
Closes-Bug: #1892284
2020-08-20 10:41:27 +08:00
Lewis Denny c10b870dd2 Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: I13166e0bc38cce220f3ccc735d85f7a00a4e163e
2020-07-16 17:16:33 +10:00
Zuul 5a1a1a6f69 Merge "Fix faulty comment default value" 2020-06-01 17:47:28 +00:00
Tobias Urdin c473ff2521 Fix faulty comment default value
Change-Id: I2ff1e6a82885dc8ce2da657d3610a2719e4f4bc9
2020-05-30 09:15:08 +02:00
Takashi Kajinami ab553068e5 Remove password hash generation in each puppet modules
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.

Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I94ba7e56e9549f7db10395031b8d98851b59f9c0
2020-05-20 08:26:23 +09:00
ZhongShengping 1288f2d820 Deprecate min_pool_size option
min_pool_size option is not used,see:

https://review.opendev.org/#/c/565090/

Change-Id: I75139cc57469827bfa6452883f7d1bd13be48e08
Closes-Bug: #1868511
2020-03-25 14:53:41 +08:00
ZhongShengping 6147d3e431 Remove idle_timeout option
The idle_timeout parameter has been deprecated for two releases.
We can remove it.

Change-Id: I83335788f308da40067d66b2d783d27936896a9b
2020-03-23 14:45:49 +08:00
Tobias Urdin e47ff1ca8a Convert all class usage to relative names
Change-Id: I411a1654d83d73998d50c713441958492cec396c
2019-12-08 23:21:57 +01:00
ZhongShengping 0fb9c10264 Introduce the new rabbit_heartbeat_in_pthread option
oslo.messaging RabbitMQ driver have now a new option that allow user to
run the RabbitMQ heartbeat over a native python thread.

These change allow user to use this new option.

Change-Id: Ifb1985b466254e62075cd85d7168a75d4e9a8ead
Closes-Bug: #1840868
2019-08-21 14:24:21 +08:00
ZhongShengping ae15c2e8e8 Remove deprecated pki related options
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.

Change-Id: I63720b319337c9bfa422491f35db54c81eff70bd
2019-08-15 11:51:37 +08:00
ZhongShengping 1736d10a74 Deprecate idle_timeout option
The idle_timeout parameter is deprecated, use connection_recycle_time
instead[1].

[1]https://review.opendev.org/#/c/334182/

Change-Id: Id7a9dc5687ae4c17507d017fdf2d9f5a1cbc5a68
Depends-On: https://review.opendev.org/656106/
Closes-Bug: #1826692
2019-04-28 15:00:13 +08:00
Zuul 051ce983a6 Merge "Provide more useful fail message" 2019-04-25 15:28:10 +00:00