Commit Graph

274 Commits

Author SHA1 Message Date
Zuul 4ce5025534 Merge "Expose rabbit_transient_quorum_queue" 2024-03-14 18:08:35 +00:00
Takashi Kajinami 06ff4862ca Expose rabbit_transient_quorum_queue
Depends-on: https://review.opendev.org/911021
Change-Id: I363931363160fb4a51307e1c789a776563ec0cd8
2024-03-13 02:30:17 +09:00
Takashi Kajinami b3016e3bf3 Stop hard-coding config file for db sync
The aodh-dbsync command by default loads /etc/aodh/aodh.conf. Removing
the override allows us to use additional paths such as aodh.conf.d in
the future.

Change-Id: Ic3bf121611d7221209c006872ab98b0682aa2273
2024-03-05 03:24:59 +00:00
Takashi Kajinami 9d14c5f8e1 healthcheck: Expose ignore_proxied_requests parameter
Depends-on: https://review.opendev.org/909807
Change-Id: Ifb42750a7767579bb31f79a68f4042c8f6e8caa1
2024-02-22 03:04:40 +00:00
Zuul 4d1bb57b75 Merge "Refactor resource dependencies" 2024-02-16 16:09:55 +00:00
Takashi Kajinami fb448c80b5 Refactor resource dependencies
This refactors resource dependencies to improve the following points.

 - Avoid unnecessary dependencies across services. For example aodh
   service does not require cinder db.

 - Restart only api service when config files like paste.ini, which
   are used only be api service is changed.

Change-Id: Ie9922c101e7981801c4c8c8753f0ce54ac8e5fe3
2024-01-31 01:07:57 +00:00
Takashi Kajinami 0acf300e12 Add support for oslo.reports options
Depends-on: https://review.opendev.org/804804
Change-Id: I3ed546597f3db58919e0c0a195025022bc00f6e2
2024-01-29 12:16:25 +09:00
Takashi Kajinami 39d3dcc438 healthcheck: Expose allowed_source_ranges
... which was added to puppet-oslo recently.

Depends-on: https://review.opendev.org/905557
Change-Id: I28bfa93296cf1a1cb2f69da3e92ad86d64b08ab5
2024-01-17 02:50:43 +09:00
Takashi Kajinami c93a1be851 Use new openstackclient tag
The new openstackclient tag was added so that we can get all resources
about openstack CLI more easily. This adds this tag to aodhclient
because the package provides some sub-commands.

Change-Id: Iaa9e1b818e8cb337e41688dc956a17193656ed3e
2023-11-20 01:11:17 +09:00
Takashi Kajinami 564dff87ae Remove usage of deleted manifest_dir
Recent update in rspec-puppet removed some of the config interfaces for
old puppet versions[1]. This drops usage of these interfaces to resolve
the following error in unit tests.

```
An error occurred while loading ./spec/unit/provider/manila_spec.rb.
Failure/Error: c.manifest_dir = File.join(fixture_path, 'manifests')

NoMethodError:
  undefined method `manifest_dir='...
```

[1] 316d95923c

Change-Id: I7198659909294242c3a0d524abdaab422cee7b65
2023-10-11 11:06:31 +09:00
Takashi Kajinami 193d0e6cd2 RabbitMQ: Add support for quorum queue options
Depends-on: https://review.opendev.org/894866
Change-Id: I644af1c7d7f4721b200fc0b771ad84609e2eb4b6
2023-09-14 10:42:33 +09:00
Tobias Urdin 366abb9ccd Add per module policy service refresh
Updating the policies for this project should only
refresh the services that reads it.

Change-Id: I7dc9f4a9849043624359eb97775af20d1885103a
2023-06-26 00:03:15 +02:00
Takashi Kajinami 3bf38f8403 Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I2a52329948becfcfb799f034847db9eae7bd903d
2023-03-01 16:47:43 +09:00
Takashi Kajinami df3fce9e6b Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I8c02a3651cf6a749e1039b0a3a9b92800fb4a79e
2023-01-23 14:27:43 +09:00
Takashi Kajinami e59df58cdd Enable memcached and redis in acceptance tests
... because these are required as cache/coordination backend.

Change-Id: I0ece8d5053b41a86a59edd439917735c01023bd0
2022-08-31 00:49:10 +09:00
Takashi Kajinami c8c59f1e9a Add Apache WSGI logging parameters for pipe/syslog
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)

Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I16c7a6407d647a25d6093239b30845a212202a5c
2022-08-26 14:31:43 +09:00
Zuul c64f4251c5 Merge "Remove deprecated aodh::evaluator::coordination_url" 2022-08-12 08:10:07 +00:00
Zuul 99307d1bf1 Merge "Adapt to new type validation in puppetlabs-apache" 2022-08-08 19:25:54 +00:00
Takashi Kajinami 97682cfa99 Remove deprecated aodh::evaluator::coordination_url
... because it was deprecated during Xena cycle[1] in favor of the new
aodh::coordination class.

[1] 16091c8dd6

Change-Id: I0e11987c7d121b2fb639274ed60181c56ce4f6d1
2022-08-05 01:15:54 +09:00
Takashi Kajinami 976196bce3 Adapt to new type validation in puppetlabs-apache
The puppetlabs-apache module is enforcing more strict data type
validation[1].

This change updates the default values to adapt to that change.

[1] f41251e336

Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: I9261c53fdb930fd9ff5e2c06e91eb312d665bb9a
2022-08-02 14:38:30 +09:00
Zuul 6b33b3226b Merge "Expose headers option of apache::vhost" 2022-07-30 15:16:12 +00:00
Takashi Kajinami 358924dbca Revert "CentOS 9: Disable unit tests dependent on puppet-postgresql"
This reverts commit 0f1d26cdb6.

Reason for revert:
puppet-postgresql 8.1.0 was released and now the module supports RHEL 9
(and CentOS 9 effectively).

Note:
This change adds the service_provider fact in test fact data because
it is required by puppet-postgresql.

Depends-on: https://review.opendev.org/850705
Change-Id: Id71237bc97e04f6c83403f60605d3bff44bc944a
2022-07-24 00:23:49 +09:00
Zuul 8dd89d5aa2 Merge "Add acceptance tests for config management resources" 2022-07-15 20:28:16 +00:00
Takashi Kajinami 1e06f1f762 Fix wrong test description
The value with a white space should be accepted instead of being
rejected. This change fixes the wrong test case description and makes
sure the description explains what is actually tested.

Change-Id: I15addb494305b5576bc9a19078ededf962bc0dd7
2022-07-11 23:24:04 +09:00
Takashi Kajinami a1f73ef040 Add acceptance tests for config management resources
Change-Id: Id133526308d84a45ba234b8dbef392aff784ade5
2022-07-10 12:33:01 +09:00
Takashi Kajinami 0c8d02c758 Expose headers option of apache::vhost
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I857407802617087f75334c8357055250dcd4cef5
2022-06-30 08:20:42 +09:00
Takashi Kajinami c58c36d927 Update section of the evaluation_interval parameter
The evaluation_interval parameter in the [DEFAULT] section has been
deprecated and it was migrated to the [evaluator] section.

This change updates the parameter section accordingly.

Depends-on: https://review.opendev.org/837864
Change-Id: If41e9e21771ea236ec18379790fe5427dcb6e8af
2022-06-13 17:08:13 +09:00
Takashi Kajinami 4ec7119fc6 apache+mod_wsgi: Disable SSL by default
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I0f05258885570637aa9d53b2d6a69c1756f375e9
2022-05-06 20:35:57 +09:00
Takashi Kajinami 9400853421 listener: Add support for tunable parameters
Change-Id: Iaa9199dde153cfd218171a0b23c724bad421529c
2022-04-13 11:24:09 +09:00
Takashi Kajinami 442e6965ed Globally support system scope credentials
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I28ff22b43ea5938056082361c9d0c98f89de1a03
2022-03-04 01:15:53 +09:00
Takashi Kajinami 0f1d26cdb6 CentOS 9: Disable unit tests dependent on puppet-postgresql
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.

Change-Id: I8b3d2308689bbb5453c4f2762bf67c3ba3624f1a
2022-02-16 00:17:08 +09:00
Takashi Kajinami 2bf346a6dd Use generated script instead of app.wsgi
Change-Id: I0dd1bf37160e76856d8055e033aa0d0c3ca4a244
2022-02-04 09:16:04 +09:00
Takashi Kajinami d398887c51 Avoid testing details of oslo::messaging(::*)
... so that any change in puppet-oslo would not directly break unit
tests.

Change-Id: I511a71b3e25e8cd8c2a7cb0b242d961ce8e916fd
2022-01-20 23:30:26 +09:00
Zuul 49df15f709 Merge "Accept system scope credentials for Keystone API request" 2022-01-07 23:36:32 +00:00
Zuul b15ab2d5cb Merge "Enable aodh-expirer cron job after database is initialized" 2021-12-30 21:56:32 +00:00
Zuul 0615e8e724 Merge "Remove deprecated aodh::auth" 2021-12-30 21:53:46 +00:00
Zuul c2e0cea92d Merge "Do not assert indirect import of the apache class" 2021-12-30 20:51:12 +00:00
Takashi Kajinami 0f02d2408a Enable aodh-expirer cron job after database is initialized
The aodh-expirer command expects the target database is already
initialized. This change ensures db sync is completed before cron job
is enabled.

Closes-Bug #1955829
Change-Id: Ieff011ca2bd415d25df227fb7287c0878ec72220
2021-12-28 13:06:13 +09:00
Takashi Kajinami 0b9c0368ed Remove deprecated aodh::auth
... because it was deprecated during Wallaby cycle[1].

[1] e05af2b3f1

Change-Id: I81833bb36737cfdf2372a02c798e1b60832af9f1
2021-12-27 21:22:44 +09:00
Takashi Kajinami c472051cc8 Do not assert indirect import of the apache class
This is follow-up of c0075580a5 and
removes the remaining unit test case to ensure the apache class is
included, because the class is no longer included directly.

Change-Id: I0ba813e637689004f03699426f2ec637e93e5010
2021-12-27 13:29:27 +09:00
Takashi Kajinami 15dd36c991 Load libraries in a single place
This change refactors how the dependent libraries are loaded during
unit tests, and load the libraries in the base spec_helper to avoid
duplicate and redundant implementations.

Change-Id: I91357ee3ac39a42b64304c7d9cd585a6be308184
2021-12-27 10:28:51 +09:00
Takashi Kajinami c0075580a5 Clean up direct dependencies on puppetlabs-apache
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.

- The api class doesn't need access to anything defined in
  apache::params

- The following classes are included by the openstacklib::wsgi::apache
  resource type, and current inclusions are just redundant.

Change-Id: Ie0c61d21b5a64210c79765dc3ebd3c39d4d98c5d
2021-12-08 22:33:03 +09:00
Takashi Kajinami e13c2c9713 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I672a988e77e58df0addb1ed4a47d609cbcef1331
2021-11-25 22:50:55 +09:00
Zuul e14e5f12f9 Merge "Replace deprecated [coordination] heartbeat" 2021-11-17 04:55:32 +00:00
Takashi Kajinami 89ddb1b8f2 Add support for [DEFAULT] additional_ingestion_lag
Change-Id: I2b367c92125b0a08d0da1795eda080727bcfa1e5
2021-11-10 07:20:38 +00:00
Takashi Kajinami 09c0b80937 Add support for the [DEFAULT] event_alarm_cache_ttl parameter
Change-Id: I38389fffaf8128f5ac10b150332f546c609b7b9a
2021-11-10 11:38:13 +09:00
Takashi Kajinami 49eb825204 Replace deprecated [coordination] heartbeat
... by the new heartbeat_interval parameter.

Depends-on: https://review.opendev.org/799600
Change-Id: I1a5e49e72a5082cdeaff79b3739d4246e7f01879
2021-10-25 22:15:44 +09:00
Takashi Kajinami 7b52ec3cac Simplify package management
Currently all packages are defined using ensure_resource but it is
redundant because we don't expect these aodh packages are managed
outside of puppet-aodh. This replaces usage of ensure_resource by
the normal package resource, to make implementations more simple.

Change-Id: I0a92669b2f9a41e10a49c7db0865343453045c7b
2021-09-24 16:45:27 +09:00
Zuul 1eb2e38a41 Merge "Allow purging policy files" 2021-09-20 07:31:19 +00:00
ZhongShengping 3d8d273099 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I523716887b1a981ff8e73e4b24198a36b9efd5a3
Closes-Bug: #1943212
2021-09-14 16:02:08 +08:00