- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/heat/heat.conf] to
resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/706157
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/713285
Change-Id: Ifb3a9de9eecc370e46f43a73ed77008a7b21594b
This updates all references of let(:chef_run) to cached(:chef_run) to
speed up tests. By doing this, we have to create a new cached(:chef_run)
block whenever we need to adjust node attributes for testing.
Speed was improved from 5 minutes 36 seconds to 48.07 seconds
Change-Id: I4e88431d863450b6f41d6711612bfb12d4024683
I noticed this was missing during some upgrade testing when I noticed the heat
services didn't start back up after shutting them down for the upgrade and
running chef. I'm not sure why this was set to enable only.
Change-Id: I8048270047767bda7414b2baee176f7bc9ab7a8b
Signed-off-by: Lance Albertson <lance@osuosl.org>
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Depends-On: https://review.opendev.org/682918
Change-Id: Ic989d9b4c20b6e578e96394dade4e7bef5ae6b58
This provides a collection of fixes required to converge properly:
- fog-openstack-1.x already appends "auth/tokens" so we no longer need
to do that
- Remove references to deprecated
node['openstack']['api']['auth']['version'] attribute
- Remove creation of admin deprecated endpoints
- Add python-heat to common packages on Debian system so that the
heat-manage binary is available
- Remove and refactor use of deprecated identity_uri_transform function
Change-Id: Idfd9aed09ccd5c3871cac71dbe0b51c921f1ec0e
Signed-off-by: Lance Albertson <lance@osuosl.org>
This patch grants heat_domain_admin the admin role in the heat domain
(rather then in the service project).
We use :grant_domain instead of :grant_role, because we are setting a
role in a domain, not in a project.
Note that for the user to actually exist in the heat domain, a
sufficiently recent openstackclient cookbook is required -- otherwise
the domain_name attribute is ignored during user creation.
Also, we remove the user_name attribute (gets ignored by resource
action).
Change-Id: I747e2dedbc517cc3deb2675590fb982459c560a0
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the heat user
the role intended for its project for the domain (i.e., for the Default
domain instead of for the service project).
We add the domain_name attribute that creates the heat user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the heat user is to be created
in the Default domain).
Change-Id: Ifa3d344a3d9094dd1272b126a4dc9ab951c00972
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).
Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.
Change-Id: Ic45dd42453d9f8ae2a8c4d04f830cff67740cac6
In the keystone_authtoken section, the key has already been changed
from auth_plugin to auth_type. This patch does the same for the trustee
section (see [1]).
[1] https://docs.openstack.org/heat/pike/install/install-ubuntu.html
Change-Id: Idd82170107043bc2497261c34859844343e783a1
- currently non-admin user aren't able to create stacks with i.e.
Resource OS::Heat::SoftwareDeployment
- added heat domain
heat domain_admin
heat_stack_owner and user role
- added missing configuration options
- fixed some smaller ruby /cookstyle offenses
Change-Id: I6ae544dcc6260050304e66e227383e0e944a6bb6
- Switched default linter to cookstyle
- Renamed rake tasks to better conform with Chef conventions
- Normalized template banner
Change-Id: Icc3eca4b2d17a6d1ef66c1c7e75513de0ee3cac9
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- updated readme
Change-Id: If5c3758c786b2d11cec6d64dc57530367acd2976
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
In contrast to other identity URIs, the auth_uri in the client_keystone
section of heat.conf must be the unversioned identity endpoint,
otherwise most resources will not work.
Change-Id: I9888e0b69c3ba2a60e3ac7bb84261ace6688b9e3
* use new logic for heat.conf template
* move all attributes that are used in heat.conf to
attributes/heat_conf.rb
* remove all attributes that are just setting default values
* add new default attributes so that the authorisation setup will be
functional again
* refactored endpoint and bind_service logic to fit the new common
cookbook
* adapt specs accordingly
* removed qpid as a messaging option (can be included in a wrapper)
* removed fedora as supported platform
* removed deprecated Gemfile
* removed logic for setting up a dedicated domain for Heat, should be
done in a wrapper
* update README.md accordingly (still incomplete)
Implements: blueprint cookbook-refactoring
Change-Id: I16a29e28068d106f0edcbe04cb529aabbbed1ac5
In order to allow components to better handle and respond to mq failures,
oslo has some heartbeat options that are useful.
Change-Id: I453b04c90e6caba7c00cf239035af05199bb5c36
Partial-Bug: #1462438
Oslo.message using rabbit_max_retries and rabbit_retry_interval to
define reconnect rabbitmq server times and interval when can not
connect to rabbitmq server.
Change-Id: I261d3f31aa89f845d88ee4cbd1acb56c9131ba47
Closes-bug: #1439968
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I75515d7b1faadb6de6377081fc7d5281a4c64c7d
Allow the various workers to be configured as attributes.
The engine one is based upon cpu, so default is nil just like
in Compute. The others default to zero, so used that.
Change-Id: Id7382ceeb4daeb6136e4b10546eed26901fbc3eb
Closes-Bug: #1452734
- deprecated Gemfile
- updated TESTING and README
- updated Rakefile to use chef exec instead of bundle exec
- replaces Runner by SoloRunner in specs
Change-Id: Idb2180fb0cfd48b2c2c22e531b1f1320a0ab247b
When use_syslog is false, heat will use log_dir to store log files,
but default value of log_dir is none in heat, so heat will output
log to stdout.
This patch set the log_dir's default value to /var/log/heat/.
Closes-Bug: #1446963
Change-Id: Ia53b557d56662994e095ccd1e2c3ca583460b55d
Move rabbit related options to section [oslo_messaging_rabbit],
and qpid related options to section [oslo_messaging_qpid].
Change-Id: I4b3e66ec445b2f242c8b1ab8a4bb6006cb7d076a
Closes-Bug: #1439981
Remove deprecated keys and use identity_uri via the new transform
helper method.
Change-Id: I988a902d42942109047bcc69d4b02ec4ba66ae41
Implements: blueprint identity-uri