Commit Graph

570 Commits

Author SHA1 Message Date
Zuul 487539a570 Merge "reno: Update master for unmaintained/xena" 2024-03-12 14:53:00 +00:00
Zuul 0f130c5b04 Merge "reno: Update master for unmaintained/wallaby" 2024-03-12 14:31:26 +00:00
Zuul 977622ba6f Merge "reno: Update master for unmaintained/victoria" 2024-03-12 13:13:15 +00:00
OpenStack Release Bot 8953a43c8e Update master for stable/2024.1
Add file to the reno documentation build to show release notes for
stable/2024.1.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.

Sem-Ver: feature
Change-Id: I9a0eb82d1b495490e6af65a52397105d061ca4a2
2024-03-08 14:21:52 +00:00
OpenStack Release Bot 94e4e3cf49 reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.

Change-Id: I1611c4d7ee5b11110d8a167954dd6452c9b27e0a
2024-03-07 14:24:46 +00:00
OpenStack Release Bot 69ebaef1d3 reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.

Change-Id: I9450ff57d63cd1a91b18ac728e22ac93f040b483
2024-03-07 14:20:32 +00:00
OpenStack Release Bot 72b76b42f0 reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.

Change-Id: Ifc28ea00b23f39b5dc97760695e3416d450bde58
2024-03-07 14:14:48 +00:00
Takashi Kajinami e8de6c9ea5 Fix incomplete exception message
This is follow-up of 76d414e58d and fixes
the incomplete construction of an exception message. This also removes
the translation according to the other messages.

Change-Id: Ie2ed619b06d9d6340eb81fc1fac4dbd21702de19
2024-02-18 02:52:02 +09:00
Zuul 8aba3853ab Merge "redis: Add functional tests" 2024-02-14 13:23:58 +00:00
Zuul 98e8de2ec9 Merge "config: Document backends supporting specific options" 2024-02-14 13:19:29 +00:00
Zuul 44285d9a4c Merge "Prevent potential ReDoS attack" 2024-02-13 15:48:31 +00:00
Zuul 882e2c5414 Merge "Ensure requirements are capped by upper constraints" 2024-02-13 15:06:19 +00:00
Zuul 4136a7107a Merge "Add support for Redis Sentinel backend" 2024-02-13 13:33:01 +00:00
Zuul 85b30d9061 Merge "Add native options for redis backend" 2024-02-13 13:33:00 +00:00
Zuul 50345eb5b6 Merge "memcache: Remove "default" username and password" 2024-02-13 11:27:54 +00:00
Takashi Kajinami 29d1ab7c9f Prevent potential ReDoS attack
Although the logic is used to parse a config value, it'd be better to
eliminate a risk.

Change-Id: I9ef3fedf9d23f8ca8f87a63a55f1f90e5b07d2f1
2024-02-13 09:37:49 +09:00
Zuul c4719afe75 Merge "Automate TLS certificates settings for redis backend" 2024-02-12 15:24:11 +00:00
Zuul 38220921dd Merge "Fail if tls_enabled is True but backend does not support it" 2024-02-12 15:24:10 +00:00
Takashi Kajinami 76d414e58d config: Document backends supporting specific options
... and shows the backend actually picked up in logs.

Change-Id: Ib19fdd289444a8db5ebc682e7cb5723b994ae9dc
2024-02-12 20:33:53 +09:00
Takashi Kajinami 5475c35117 Ensure requirements are capped by upper constraints
Closes-Bug: #1965512
Change-Id: Iff6643f97346862573500d3dce706c3120bea64a
2024-02-11 14:17:47 +09:00
Zuul 6f108bae2f Merge "Display coverage report" 2024-02-07 06:56:17 +00:00
Takashi Kajinami 2318610397 Display coverage report
... for easy reference. Also make sure old data is purged.

Change-Id: I615044add4f4ceaf73f6b57c0450918343273cae
2024-02-07 03:10:35 +00:00
OpenStack Release Bot ce6e4ba4a7 reno: Update master for unmaintained/yoga
Update the yoga release notes configuration to build from
unmaintained/yoga.

Change-Id: Ibd8aeb8074c60a644a2345d6cd8b48dff1736eb4
2024-02-06 14:27:15 +00:00
Takashi Kajinami 6c73ace4f7 redis: Add functional tests
This adds functional tests with redis and redis sentinel, to ensure
the current implementation can initialize clients properly.

Change-Id: I6318f6ad00d5b0ee3db1be5e8671a4c346b9daff
2024-02-04 13:20:54 +00:00
Takashi Kajinami 7bb43bbbd5 Add support for Redis Sentinel backend
This introduces support for Redis Sentinel backend. Users can now
use Redis Sentinel backend instead of Redis backend by configurations
like the example below.

[cache]
enabled = True
backend = dogpile.cache.redis_sentinel
redis_password = <password>
redis_sentinels = 192.0.2.1:26379,192.0.2.2:26379,192.0.2.3:26379

If tls_enabled option is set to True then all the tls settings are
applied for connections to Redis as well as connections to Redis
Sentinel.

Change-Id: Ic3b84fe6810e08337a884c68625ccfed11665269
2024-02-04 13:20:41 +00:00
Takashi Kajinami 28411250da Add native options for redis backend
This introduces a few new redis_* options to simplify the settings
required to use the redis backend. The main aim of this change is to
replace the requirement to inject url by backend_argument.

[cache]
backend=dogpile.cache.redis
redis_server=127.0.0.1:6379
redis_username=default
redis_password=a_big_secret
redis_socket_timeout=1.0

Closes-Bug: #2052351
Change-Id: Id72878f9cddaa99146eab5fb4ee76c8e6a633809
2024-02-04 13:20:18 +00:00
Takashi Kajinami ced97d218b memcache: Remove "default" username and password
Because these are not intentional default. This also adds a validation
logic to catch the case where SASL is requested but username or
password is not given.

Change-Id: Ia98bfc5f9a42c13acfdb2192bb1fa11773f6ccf8
2024-02-04 17:35:38 +09:00
Takashi Kajinami 31201ce71c Automate TLS certificates settings for redis backend
This adds support for configuring certificate/key files used for TLS
connection with Redis using the existing tls_* options.

example)

[cache]
backend=dogpile.cache.backend.redis
backend_arguments=url:rediss://:a_big_secret@localhost:2679
tls_enabled=True
tls_cafile = /etc/pki/tls/certs/ca-bundle.crt

Change-Id: I2ab38b8c88274cb4908791eea8212a79e3d524a2
2024-02-03 20:17:22 +09:00
Takashi Kajinami f1950fdaa9 Fail if tls_enabled is True but backend does not support it
The tls_enabled option works properly only for the following backends.
 - oslo_cache.memcache_pool
 - dogpile.cache.bmemcache
 - dogpile.cache.pymemcache

Currently the tls options are all ignored in case a different backend
is used, but this does not allow users to notice that TLS is not
enabled contrary to their expectations.

This introduces the validation to ensure an appropriate backend is used
when tls is enabled.

NOTE:
The oslo_cache.memcache_pool bakcend supports tls_enabled only when
sasl_enabled is true, which can be fixed separately.

Change-Id: Ib967bf8cb21fb97fff94a6d6cb5983374e4798eb
2024-02-01 02:34:03 +09:00
Zuul 33244f6aae Merge "pre-commit: Integrate bandit" 2024-01-31 15:00:32 +00:00
Zuul 542c9c0088 Merge "pre-commit: Bump versions" 2024-01-31 15:00:31 +00:00
Takashi Kajinami af77d1da80 Fix minor typos in parameter help texts
Change-Id: I38755167fb67b0b78f6e8ea69e6569f13b35cf74
2024-01-30 18:23:56 +09:00
Takashi Kajinami 124d50e1bd pre-commit: Integrate bandit
We also remove these unnecessary linter dependencies from
test-requirements.txt.

Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
Change-Id: I2955b4a99c6963977272e6946058fe8134dfc45a
2024-01-30 13:41:34 +09:00
Takashi Kajinami 7dbde1aa9a pre-commit: Bump versions
hacking now has a native hook.

Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
Change-Id: I7b6fbbcbfc5d7af03d4e2c26718d7eff57ac5221
2024-01-30 13:39:19 +09:00
Takashi Kajinami 8d5eabcdfb Bump hacking (again)
The previous attempt did not update the version in pre commit config
so the old version is still used by pep8 target.

Change-Id: Ib86e124697031f63d1f7ba1ec961d9d8adffa95e
2024-01-26 01:30:12 +09:00
Hervé Beraud f438770767 Add a new option to enforce the OpenSSL FIPS mode
This option ``enforce_fips_mode`` allow us to enforce the FIPS mode
if supported by the version of python in use.

https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards

Change-Id: I220012094d2be3c2c47a444260bc42fb53aaf6bc
2024-01-23 10:55:17 +01:00
Takashi Kajinami a977dd9109 Bump hacking
hacking 3.0.x is too old.

Change-Id: I9100cbb92c404f55944dc96b65cd2577ba4db194
2024-01-16 22:25:37 +09:00
Ghanshyam Mann 3aae0ac7ab Update python classifier in setup.cfg
As per the current release tested runtime, we test
python version from 3.8 to 3.11 so updating the
same in python classifier in setup.cfg

Change-Id: I28b8d0bdc06a9bd12290180f5e5cdc9e9c82be74
2024-01-11 15:36:11 -08:00
Zuul 2d89438051 Merge "Cleanup py27 support" 2024-01-11 19:51:54 +00:00
Zuul 6855ffca1d Merge "Clean-up memcache connection sockets" 2024-01-11 17:46:46 +00:00
Zuul 3694193d6c Merge "Do not mark hosts as alive when they are all dead" 2024-01-05 13:33:55 +00:00
Takashi Kajinami 52e6d23157 Fix wrong path in coveragerc
Change-Id: I91694606bd027eeb3c7711e5b2f4c2458295528f
2023-12-19 20:48:55 +09:00
Zuul d1d673b98b Merge "[cache] memcache_password should be secret" 2023-11-16 17:27:47 +00:00
Thomas Goirand bae5561d4d Clean-up memcache connection sockets
The ConnectionPool currently opens sockets, but never closes them. As a
result, any client using oslo.cache memcache pool leaves sockets in a
CLOSE_WAIT state, with the source port not being re-usable.

In our production system, were we have A LOT of activity, this creates
a storm of non-reusable ports: all source ports are in use, making the
node unuseable for other things.

This patch adds a __del__ destructor closing inactive connections,
fixing the issue.

Closes-Bug: #2043121
Change-Id: I09d632346c76d1aff7c534f0d040162d1985f548
2023-11-13 15:46:59 +01:00
OpenStack Release Bot cb109b023a Update master for stable/2023.2
Add file to the reno documentation build to show release notes for
stable/2023.2.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.

Sem-Ver: feature
Change-Id: I8adbe911c4bfd277c1229ba2c4351eb5a3fa879a
2023-09-07 09:35:52 +00:00
OpenStack Proposal Bot 06f76e582c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I03e5a01dc4785470f07155e8cf923fd3f46b4cb8
2023-06-28 02:53:39 +00:00
Zuul ef57c84985 Merge "Bump bandit" 2023-06-27 14:02:09 +00:00
Hervé Beraud 8d856e1d17 Bump bandit
Change-Id: I36c2cdc9ecbdbfb443c8780494531c84bc7793ca
2023-05-17 16:03:23 +02:00
OpenStack Proposal Bot 7a596b7295 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I1f6dda3418ed89921537539ac94db635acbae19d
2023-05-09 03:09:14 +00:00
Ghanshyam a7200161b0 Revert "Moves supported python runtimes from version 3.8 to 3.10"
This reverts commit 4daef2972e.

Keeping Python 3.10 in setup.cfg classifier and zuul.yaml changes.

Reason for revert:

Needed-By: https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/882175

TC has been discussing about re-adding the python 3.8
testing in current master 2023.2 release testing.

- https://meetings.opendev.org/meetings/tc/2023/tc.2023-04-25-18.00.log.html#l-191
- https://lists.openstack.org/pipermail/openstack-discuss/2023-April/033469.html

While governance changes are under review, TC agreed to add py3.8 testing
so that we do not see more project/lib dropping python 3.8 and make them
uninstalable on python 3.8

- https://meetings.opendev.org/meetings/tc/2023/tc.2023-05-02-18.00.log.html#l-17
- https://review.opendev.org/c/openstack/governance/+/882165

Also adding py3.8 testing back in job https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/882175

Change-Id: Ic6a80cc57730e16cb898bee39672f14ccf038cc0
2023-05-05 18:55:01 +00:00