The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I0bb6c90c38c77942bea7e9cb71cd7fbe6ff64256
This change ensures the [DEFAULT] auth_strategy is set. Otherwise
setting the parameter to non-default value doesn't take any effect.
Change-Id: I3fddb08c83dc6bbf10d395c8601e9982de79954f
This change introduces a new resource type and the corresponding puppet
parameter to allow managing records in api-paste.ini.
Change-Id: I92df917887da3220dfb7c7ed10fac123f01af1aa
This change ensures keystone resources like the mistral service user
are created before completing service setup, so that we can use
the service::end anchor to ensure Mistral service is fully available.
Change-Id: I3457c3746f798548f6026b503f279d6ae94f7c32
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I8bd8e455c739d6eaa43d3ea22af86003a7617bc9
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.
[1] 4372dd4ebc
Change-Id: I437e1bdf665e0e79679464c9dc277979825cea6a
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I702ddaa8a88e804ea378d686fbbe7ea89ca62823
Recent Tacker uses the tooz library to synchronize vnf action tasks[1].
This change introduces the new tacker::coordination class which manages
coordination parameters and backend packages using oslo::coordination
resource type.
[1] cff8c756822da5a8a7b92eec536db4532d31c408
Depends-on: https://review.opendev.org/791628
Change-Id: I3cb36be7fe6b43133f09ed6edce3f258786d7dc2
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I006c137e78c1bac99202ced38fd6f82a07ad65e3
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I3e075edf9e97995ff9d014f41bea72ad758c72e2
Closes-Bug: #1904962
The allow_insecure_clients has been deprecated[1].
[1]https://review.opendev.org/#/c/417629/
Note this patch disables litums tests since it is broken by the issue
with database sync, to unblock the gate.
Change-Id: Ica04d19587fc2c27eba194ea33f2ffca53c4be5f
Closes-Bug: #1902158
Currently we validate database_connection in 2 layers, each puppet
modules and puppet-oslo, however this makes it difficult to maintain
validation pattern because we always need to fix both.
This patch removes the validation from each puppet modules so that
we need to maitain only one place, puppet-oslo to update validation
logic.
Change-Id: Ie3891da0e6a518d328d9a0367fe16f963ee6a6ba
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I13166e0bc38cce220f3ccc735d85f7a00a4e163e
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.
Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I94ba7e56e9549f7db10395031b8d98851b59f9c0
oslo.messaging RabbitMQ driver have now a new option that allow user to
run the RabbitMQ heartbeat over a native python thread.
These change allow user to use this new option.
Change-Id: Ifb1985b466254e62075cd85d7168a75d4e9a8ead
Closes-Bug: #1840868
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I63720b319337c9bfa422491f35db54c81eff70bd