Commit Graph

120 Commits

Author SHA1 Message Date
Takashi Kajinami ced3a19408 Retire puppet-ec2api: Remove Project Content
Depends-on: https://review.opendev.org/c/openstack/project-config/+/912710
Change-Id: If7970a4632ff4bbe7211160f95a4c8b791cd892e
2024-03-13 16:40:36 +09:00
Takashi Kajinami 1d223f97a4 Support [cache] memcache_pool_flush_on_reconnect
Depends-on: https://review.opendev.org/902861
Change-Id: I7ce7568221b59a478e5ea2b5b11ff43b0fd8b829
2023-12-14 18:02:24 +09:00
Takashi Kajinami 8e5598f740 Do not restart services after policy file changes
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.

Change-Id: I0f91c24b97703cc0388e2aa89511b329928aff84
2023-09-11 12:27:32 +09:00
Takashi Kajinami 149988ed64 Ensure purge_config takes a boolean value
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.

Change-Id: Iba76019586c96cdbc1330ecec7852a7d51c6df13
2023-07-18 00:51:45 +09:00
Tobias Urdin 8d522ae1f2 Add per module policy service refresh
Updating the policies for this project should only
refresh the services that reads it.

Change-Id: I306233bb64b1070f722d7897063a700050be0058
2023-06-26 00:04:10 +02:00
Takashi Kajinami 6adf5af558 replace validate_legacy with proper data types
the validate_legacy function is marked for deprecation in
v9.0.0 from puppetlabs-stdlib.

Change-Id: Ic6aff0a3cfd27a7c2f005656c7b1d5a2cb07a199
2023-06-19 16:01:11 +09:00
Takashi Kajinami b65d25120c Remove cleanup of old configurations
The cleanup resources were added before 2023.1 release[1] so these
configurations should be removed when a deployment is upgraded to
2023.1.

[1] d5ffaf4cec

Change-Id: I7e2f08fc30cebf7f326ef3d5a3955956b79f11f3
2023-04-07 01:43:29 +00:00
Takashi Kajinami d5ffaf4cec Revert "Replace deprecated [DEFAULT] ssl_* parameters"
This reverts commit e3f44b4ef5.

Reason for revert:
The original change was wrong because ec2api uses own ssl options
instead of ones imported by oslo.service.

Conflicts:
	manifests/api.pp

Closes-Bug: #2011569
Change-Id: I592fc1da6b364f017a7892a30ff42a61d86f4d9f
2023-03-14 11:15:31 +00:00
Takashi Kajinami 1d11686c5b Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I35dced2e96a4aa3ba29a385b4c81062be4feb48c
2023-03-01 16:09:32 +09:00
Takashi Kajinami f5c271ae44 Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I2382514189617edb9454c3d9e8b5f15de9c96237
2023-01-23 14:28:55 +09:00
Takashi Kajinami f9be89d0b9 Drop deprecated ssl_insecure parameter
This parameter was deprecated during the previous cycle by [1] because
the actual parameter no longer exists.

[1] a72e6fe949

Change-Id: Ieb53368b269f3323f54a0d14caf00dcf9b136831
2023-01-05 18:21:44 +09:00
Takashi Kajinami d57cc885f1 Ensure [DEFAULT] ssl_insecure is removed by default
... instead of leaving the parameter unmanaged.

Change-Id: Ic549c6f05e55d4b1249a2c068935b26cae81401b
2022-07-27 16:14:54 +09:00
Rajesh Tailor 1a1b899275 Fix typos in parameter descriptions
Change-Id: I145c1230a44e352d180a0286865ee1e81ef00c7d
2022-06-21 12:49:04 +05:30
Takashi Kajinami c1b264f37e Remove deprecated use_tpool parameter
... because it was deprecated during Yoga cycle[1].

[1] 1b1e2eb809

Change-Id: I51c0e0f0519a3802adecc8473640bbb5219d87b6
2022-05-17 11:46:06 +09:00
Takashi Kajinami e3f44b4ef5 Replace deprecated [DEFAULT] ssl_* parameters
The ssl_* parameters in the [DEFAULT] sections were deprecated and
the [ssl] parameters should be used instead[1].

[1] 2e2940d1e17706b9d6367ff1783bde9d41891bfa

Change-Id: If5ee27626b778bda4d8cb47162691f3cced35955
2022-04-07 11:28:40 +09:00
Takashi Kajinami a72e6fe949 Deprecate support for [DEFAULT] ssl_insecure
... because the parameter was already removed[1].

The ssl_ca_file parameter is left because it is still used by
the oslo_service library.

[1] 5fc752ca6fd1588cc04f3073d1c300d985581041

Change-Id: Ia1035589c68790239c6619f4f3f9b33d7b5ae66a
2022-04-07 11:28:31 +09:00
Zuul 7abad2bd64 Merge "Deprecate use_tpool parameter" 2022-03-01 23:57:18 +00:00
Takashi Kajinami 1b1e2eb809 Deprecate use_tpool parameter
The [DEFAULT] use_tpool parameter has been deprecated in favor of
the new [database] use_tpool parameter. Also, even the new parameter
has been deprecated by during Xena release[2].

[2] 74c6bf266e0b86ceb4726cad9268f134d423bae8

Change-Id: I93fabb8d131e51c18f4a5220f2f0f47ad318bb58
2022-02-23 20:45:36 +09:00
Zuul 10fc41cd74 Merge "Avoid hard-coding OS user/group in each manifest" 2022-02-22 20:17:22 +00:00
Zuul aae2074b2e Merge "Add socket keepalive options for the pymemcache backend" 2022-02-20 11:52:21 +00:00
Zuul 0df645b2b5 Merge "Add HashClient retry options for the dogpile.cache backend" 2022-02-20 11:52:18 +00:00
Zuul a63d909d6d Merge "Add cache client retry options for the pymemcache backend" 2022-02-20 11:52:16 +00:00
Zuul 497777cd40 Merge "Do not define service resource when service management is disabled" 2022-02-20 11:23:41 +00:00
Takashi Kajinami 5cab8110a4 Avoid hard-coding OS user/group in each manifest
and replace hard-codes by definition in params.pp .

Change-Id: I9c96dc528b86ab8243fffcf408e09876960f882f
2022-02-20 19:24:54 +09:00
Zuul 39c65edecb Merge "Remove deprecated database_min_pool_size" 2022-02-20 06:34:17 +00:00
Takashi Kajinami d6327e99d7 Add HashClient retry options for the dogpile.cache backend
This patch specifies a set of options required to setup the HashClient
retry feature of dogpile.cache cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/824944

Co-Authored-By: Hervé Beraud <hberaud@redhat.com>
Depends-On: https://review.opendev.org/826870
Change-Id: Icecc2329c7f4732ee63dbb34a1b8d9d99a30239a
2022-02-16 11:40:58 +09:00
Takashi Kajinami f2678624ec Add cache client retry options for the pymemcache backend
This patch specifies a set of options required to setup the retrying
wrapper feature of pymemcache (dogpile.cache) cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803747

Co-Authored-By: Hervé Beraud <hberaud@redhat.com>
Depends-On: https://review.opendev.org/826869
Change-Id: I9a7a3ae77d2445cec5470e8bfc9b9b651d37f783
2022-02-16 11:39:06 +09:00
Takashi Kajinami 1ad727890c Do not define service resource when service management is disabled
Change-Id: I63c9c6c4df6cc0968a704546453416431b0fca07
2022-02-16 11:08:12 +09:00
Takashi Kajinami 592f53415f Remove deprecated database_min_pool_size
... because it was deprecated during Ussuri cycle.

Change-Id: I0dba04937b807be2cdcb6fbdee04708b9d06f3ba
2022-02-08 22:34:55 +09:00
Takashi Kajinami a0c29e2420 Simplify definition to ensure keystone resource creation
Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.

Change-Id: Ib493021ea91d6dd131d4e506735eb611444f5fef
2022-02-07 00:04:21 +09:00
Zuul 95519fc3a9 Merge "Fix duplicate (Optional) in parameter description" 2022-01-27 18:16:56 +00:00
Takashi Kajinami 3e13dd80d6 Add socket keepalive options for the pymemcache backend
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716

Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Depends-On: https://review.opendev.org/807851
Change-Id: I6156abd69160113113d8e239f7204ba9274a1ee7
2022-01-27 20:40:32 +09:00
Takashi Kajinami 9242f09254 Fix duplicate (Optional) in parameter description
Trivial-Fix

Change-Id: I9589ac851aba9268601a6869fc3025e6b76221f5
2022-01-27 20:35:59 +09:00
Zuul 066c29cc6d Merge "Fix wrong service user name in parameter description" 2022-01-26 16:13:15 +00:00
Zuul 4e3438aa94 Merge "Remove validations of service_identity parameters" 2022-01-25 10:52:28 +00:00
Takashi Kajinami 5cd288ac3e Fix wrong service user name in parameter description
Change-Id: Ib364ae5efecc47e2a8cbfea009dd30b9168ce878
2022-01-25 10:55:49 +09:00
Takashi Kajinami 630380ce90 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I3858399136f886841c14c2880918cb8e6ee86756
2022-01-24 13:39:57 +09:00
Takashi Kajinami 67a242d693 Remove validations of service_identity parameters
... because now the validations are implemented in puppet-keystone.

Depends-on: https://review.opendev.org/825991
Change-Id: Ida81b3d75601aac35491cdc20df0a281f742ded6
2022-01-24 11:21:14 +09:00
Takashi Kajinami c683b00904 Support configuring oslo.cache to cache metadata
Ec2Api supports caching metadata using the olso.cache library[1]. This
change introduces the new parameter/class to configure that usage.

[1] 7939ce17e4e39cb7b0cd1a36d6626258f06dcc70

Change-Id: Idf122ad2744acdd020de3cedbd0fe099d5997c4a
2022-01-03 11:23:42 +09:00
Zuul 5e42a9d2f4 Merge "Add missing dependency of ec2api_api_paste_ini" 2021-12-08 02:20:14 +00:00
Takashi Kajinami 3fa4e76399 Fix dependencies related to openstacklib::policy
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.

[1] 89124fb85d

Change-Id: I004fe4cba95f70409e30b82a86b74ba9b5b62f48
2021-11-29 09:34:01 +09:00
Takashi Kajinami 7f928e6cc1 Add missing dependency of ec2api_api_paste_ini
Closes-Bug: #1952009
Change-Id: If1a19ebc40402f8f9239a9388e8eeaf2764ebc00
2021-11-24 09:50:32 +09:00
Zuul 861159ff83 Merge "Allow purging policy files" 2021-09-20 08:44:36 +00:00
ZhongShengping 4a068c6787 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I75cd42c0039aa75bb876cfdf8d963f8525b79de5
Closes-Bug: #1943212
2021-09-14 16:02:08 +08:00
Takashi Kajinami 89124fb85d Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ia4e3b30c1ad7b9aaae2bd9377a539c77899c4f47
2021-09-04 21:56:38 +09:00
Takashi Kajinami 443bcebe4b Fix lint errors with the latest lint packages
This change fixes the following lint errors discovered since we removed
pin of lint packages.

manifests/api.pp:281:WARNING: class included by absolute name
(::$class)
manifests/init.pp:33:WARNING: class included by absolute name
(::$class)
manifests/keystone/auth.pp:79:WARNING: class included by absolute name
(::$class)
manifests/metadata.pp:93:WARNING: class included by absolute name
(::$class)

Change-Id: I5bb85e2e17bcbf4761e9ab765706e3ce070c675e
2021-05-11 18:51:48 +09:00
Takashi Kajinami aa9f9c9a40 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: Idf3229914bbd946a6bf04fd84e8015225e733a84
2021-03-24 11:25:28 +00:00
Takashi Kajinami 5804bbeccf Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: I62c5627f9e4a8bdecef111160b4d8979b7a99dee
2021-03-21 10:53:36 +09:00
Takashi Kajinami 3ec9c0f470 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I1b2e963d47b92c9ab0a2da0aa5b115ccbbc54774
2021-01-07 23:19:26 +00:00
ZhongShengping 16eff399ad Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: Ia353f278db9426d29617d6c274fef0c8b71c53e1
Closes-Bug: #1904962
2020-11-23 09:27:52 +08:00