Commit Graph

121 Commits

Author SHA1 Message Date
Andreas Jaeger a497e15a00 Retire repository
Fuel (from openstack namespace) and fuel-ccp (in x namespace)
repositories are unused and ready to retire.

This change removes all content from the repository and adds the usual
README file to point out that the repository is retired following the
process from
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project

See also
http://lists.openstack.org/pipermail/openstack-discuss/2019-December/011647.html

Depends-On: https://review.opendev.org/699362
Change-Id: Iaf61f1be5c082af0f602834e86748e667a4273e5
2019-12-18 09:48:37 +01:00
OpenDev Sysadmins 0af2893db1 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:51:29 +00:00
Mikhail 6b1425984e Fix command for waiting completion connections
Change-Id: I5c335fe18ca0db54f423678020a869d1d2d18aaf
2017-03-24 18:41:39 +04:00
Mikhail 972f335ff1 Wait for the completion connections before drop container
Change-Id: Iee4105b6f80239fd6f7f1e13556a88e7260d36a0
2017-03-24 06:22:33 +00:00
Sergey Reshetnyak 49c835ec09 LDAP intergation
This patch adds support LDAP as authentication backend

Change-Id: Ic6d04450dcdc68c41aa503370fcc347c894f0093
2017-03-13 17:16:19 +03:00
Sergey Reshetnyak 6024c6d218 Create admin role in keystone
Change-Id: I30b0eebbf09a37f78182f13e426a5826064c4160
2017-03-13 17:03:42 +03:00
Jenkins 8add67f66c Merge "Store sensitive configs in secret" 2017-03-10 09:55:57 +00:00
Jenkins 0a96afafda Merge "Don't use --upgrade when installing into venv" 2017-03-09 10:38:57 +00:00
Andrey Pavlov ece5b265d7 Store sensitive configs in secret
Change-Id: If03e4560fbedf3d31226eee9ee1e527f90196929
Depends-On: Ie6a9833cdf73b076e24204d47e5898dfb24de43e
2017-03-09 10:14:04 +00:00
Jenkins 4a6ffd6204 Merge "Enable memcache protection for keystone" 2017-03-06 10:21:56 +00:00
Jenkins 80367f32a8 Merge "Rename domain to use correct domain name" 2017-03-06 10:08:47 +00:00
Jenkins c4380d9a73 Merge "Adjust to per-service configuration" 2017-03-03 13:58:55 +00:00
Sergey Kraynev 849f62782d Rename domain to use correct domain name
Previously in configs "default" value was used as domain_id, but now we
use domain name and as result value should be changed to "Default".

Change-Id: Iee433f968b96f1c3b023bf984b9c886efe52da88
2017-03-03 12:01:21 +00:00
Marek Zawadzki d4f3cec629 Enable memcache protection for keystone
Done accordingly to:
* https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#memcache-protection
* https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html

Change-Id: I91b279e5433569393275ff334d63b43b211a014d
2017-03-02 12:39:27 +01:00
Andrey Pavlov b05b455502 Do not depend on local deps
Change-Id: Ifda69b80815cbf8d0b62504edab41a98db90cf49
2017-03-01 14:34:08 +04:00
Andrey Pavlov 44d3f32580 Adjust to per-service configuration
Change-Id: Ibf904393843030511a98bc983e57557ad6a9eb77
Depends-On: Ia4d29167cea6dfd19a1970706aafda51a31d5b24
2017-02-28 11:28:40 +00:00
Dmitry Klenov a797cce765 Restricting access to fernet keys folder
Leaving access to fernet dir for owner only. This improves security
and resolves 'fernet dir is world-readable' warning.

Change-Id: I463a56d41697b8c4c1454758267e906665187b15
2017-02-28 10:46:06 +00:00
Dmitry Klenov be6b501f26 Ability to remove unneeded keys
Kubernetes client merges old and new values. To erase
old keys, it is needed to clean all the data first.

Change-Id: I0b65cb00260114c1260ef89a8768fed055bbfb0e
2017-02-22 12:24:22 +00:00
Jenkins 2557ed0d3e Merge "Moving tls flag from percona to db group" 2017-02-21 06:43:22 +00:00
Andrey Pavlov fd81b5e308 Moving tls flag from percona to db group
Change-Id: I14498d05bebaa632354b588a7b5ec35c6e94b375
Depends-On: I2ff95f7a1cbb14cb1cd9e35677f95c30a4523340
2017-02-20 14:28:06 +00:00
Sergey Kraynev 401b3d6a90 Fix name of nginx container
Change-Id: Ifd46ec5dfef64b64c31a350f9eb20119cafa2a9b
2017-02-20 12:14:05 +00:00
Sergey Kraynev 0a9850e1d4 Add TLS support for Keystone
- Add files for certificates
- Add config file for nginx service
- Update service definition by adding new container for nginx
- Update wsgi to use localhost

This patch requires patches in other repos:
 - fuel-ccp
 - fuel-ccp-entrypoint
 - fuel-ccp-nginx

Co-Authored-By: Artur Zarzycki <azarzycki@mirantis.com>

Depends-On: I65002b7ff9cfa2faf9d5bce470334aae95334d00
Depends-On: I88bc21571589dcd4c31bb5ce5015a75676ed2d85
Depends-On: I0660cc3ca2723bc06871b61f859adfed42c0d807

Change-Id: If796ea145c0a6b1bcb711496a4ad97a0a4ac2fb2
2017-02-17 10:58:57 +00:00
Sergey Reshetnyak 7aaf8cc10b Add DB sync action
It's needed for manual upgrade database schema

Change-Id: If336f3fc58c1caec343ce0c795ede11d73ee74a6
Depends-on: I425e028fcabf326d582a1d2e8fd45f761cd1a66c
2017-02-15 19:57:41 +03:00
Jenkins 0fa07c72fa Merge "Add DB SSL support" 2017-02-15 15:58:54 +00:00
Jenkins 8e43e6445b Merge "Add keystone_authtoken macros" 2017-02-14 10:55:16 +00:00
Jenkins 0563e47d58 Merge "Make service account configurable" 2017-02-14 10:32:58 +00:00
Jenkins efb0046354 Merge "Enable fernet keys generation" 2017-02-14 10:17:29 +00:00
Jenkins ec570f0dc5 Merge "Fernet keys rotation action" 2017-02-14 10:16:43 +00:00
Proskurin Kirill f5127808a9 Add DB SSL support
Change-Id: Ic13c24e32b9259cba432db0b25d7145f0614c248
Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
2017-02-13 12:07:28 +00:00
Sergey Reshetnyak f042f50c0e Add keystone_authtoken macros
Change-Id: Icd3a2276097a52e77a31cb7eeeffb2d5bca8492b
2017-02-13 13:30:20 +03:00
Sergey Reshetnyak c236b0776b Make service account configurable
Change-Id: I7353611fde5a7916d707603315a613607e8b4013
2017-02-10 17:01:53 +03:00
Dmitry Klenov cef1b979ba Enable fernet keys generation
This change effectively enables fernet keys generation and their
usage via the mechanism of k8s secrets. Legacy approach with
pre-generated fernet key is removed.

Change-Id: Ibdf0a0eafb48930d5536f35511be78c1e5df9921
Partial-Bug: #1651392
Partial-Bug: #1651394
Depends-On: Iaaede4ccb94c99d70f3ecad040d5ab6c41428c5e
Depends-On: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37
2017-02-10 13:15:25 +00:00
Dmitry Klenov f6a75158c2 Fernet keys rotation action
Mechanism to rotate fernet keys is added. CCP operator can use one
of two ways to rotate keys:

1. Manual rotation.
Pre-generate keys manually and distribute them to keystone pod(s).
To do it, operator needs to put generated keys to the ccp config file
in the following format:

configs:
    keystone:
        fernet_keys:
            "0": <key-0>
            "2": <key-2>
            "3": <key-3>

Then, execute custom action 'fernet-rotate'. The keys will be placed
to the k8s secret.

2. Automatic rotation.
Do not put keys to config, just execute 'fernet-rotate'. Keys will be
automatically rotated and put to proper secret.

Partial-Bug: #1651392
Partial-Bug: #1651394
Change-Id: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37
2017-02-10 13:10:46 +00:00
Yuriy Taraday d1e5e64a35 Don't use --upgrade when installing into venv
In venv --upgrade does nothing good since venv have constraints-bound
versions of everything installed. It does bad thing though: it tries to
upgrade setuptools (they are not mentioned in upstream constraints.txt)
and break further building.

Change-Id: I93607580fbf74f1570909bc51daacee67ea8ebeb
2017-01-23 17:25:31 -08:00
Kirill Bespalov 80c1725a2f Fix notifications configuration for stable/mitaka
The RPC config required for notifications in stable/mitaka.

Change-Id: I2962cef2a7b54f30fd1b87595f96c2ab23c1dec3
2017-01-19 20:38:16 +03:00
Bartosz Kupidura c48dfa6dbe Add annotations for prometheus
Change-Id: Ib4a74ec02988c68524f62946b0d916de8891edc1
2017-01-19 12:57:11 +01:00
Kirill Bespalov c01a53c6df Add notifications support
The change does not enable notifications, just configure right
transport url for it via oslo_messaging template.

Change-Id: I466404295a34fd7f4232e728469280b188ccf9af
2017-01-17 13:58:53 +00:00
Marek Zawadzki b816b9d22e Add an option to enable notifications in keystone
By this option (disabled by default), user can enable notifications in keystone
and configure their format (basic or CADF: Cloud Auditing Data Federation
standard).

Change-Id: I8dd5c2a24851d71db18399a709794d6c514e02b6
2017-01-16 15:46:41 +01:00
Jenkins 7e702f0675 Merge "Use git.openstack.org url instead of github.com" 2016-12-22 11:13:03 +00:00
Sergey Kraynev e48f4f6eb0 Use git.openstack.org url instead of github.com
Change-Id: Icc85e7d011186a9782221f9e2ab0de8127dfdd28
2016-12-22 11:01:57 +00:00
Andrey Pavlov 647449910c Use "address" func when it's possible
Change-Id: I405a03878faf6a63af151d8b7a3d93e89bace3b7
2016-12-05 09:03:25 +00:00
Jenkins f1c587a383 Merge "Adding minimal dsl version for services" 2016-11-22 11:06:24 +00:00
Jenkins b4be289d02 Merge "Adjust urls with new 'address' functionality" 2016-11-22 09:59:14 +00:00
Andrey Pavlov 6a0acb8133 Adding minimal dsl version for services
Change-Id: I4d4b9f363138b85198222ac2e770930ce7bd6ab5
2016-11-21 12:26:04 +00:00
Sergey Lukjanov aeaa13f05d Add LICENSE file
Change-Id: I24698c913c3ff3b2305a92f88b58e965c61ad9f0
2016-11-19 22:50:21 -08:00
Jenkins c3cc6121ae Merge "Add proper readiness probe" 2016-11-18 20:16:10 +00:00
Jenkins 05853f8f50 Merge "2 sec memcache timeout is way too much. Set it for 1." 2016-11-18 18:05:06 +00:00
Yuriy Taraday 128def6f69 Add proper readiness probe
Also remove liveness one as it does nothing

Depends-On: I8b74906ba3b5cc358f51831d1f87a8a7f0335f02
Depends-On: I2e8aaeeabcb0c2ddfcf605008763a7a938a578b4
Change-Id: I6a59b65966369f2e08e1b3ff3de9ceda703cd26e
2016-11-18 20:08:51 +03:00
Yuriy Taraday e9325bccd5 Specify topology_key for backup command
Depends-On: I3b51b7a957735873b0de098578e1b83c586f111a
Change-Id: I47be74f50c362c7b936255045e6f8e5e66e0dc05
2016-11-18 20:08:51 +03:00
Yuriy Taraday 8ce8211722 Add backup command to upgrade
Depends-On: I3ea3cb4342f66da4ead91e945baaddd799522bcf
Change-Id: I95612568b4bcbad52dba95b3275e7465027f3917
2016-11-18 20:08:51 +03:00