Commit Graph

71 Commits

Author SHA1 Message Date
Takashi Kajinami ba81a15371 Retire puppet-glare - Step 2: Remove Project Content
Depends-on: https://review.opendev.org/790056
Change-Id: Id76e00fafd171f3d77b70817c5cfd103cb207b0e
2021-05-07 01:08:33 +09:00
Thomas Goirand 6d94ffe510 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I674bd4b6db8862668dab8197d86fe99b55e923f5
2021-04-11 23:39:16 +02:00
Takashi Kajinami 2a41b6ee88 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: I522ac2fb7fe289cbcda436119a003850efce2aeb
2021-03-24 16:36:09 +09:00
Takashi Kajinami 18c70a3a69 Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: I1c92094c34baa4a30d10f30e6c2d613030ba93a2
2021-03-21 10:56:18 +09:00
Takashi Kajinami 52bbcd3a5f Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I523ec093324bb991a30930a1352c5930bf220108
2021-01-07 23:21:14 +00:00
ZhongShengping eb72d71b7f Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: Ib07b1a55d5640ff5372b58a412833f81665a33d3
Closes-Bug: #1904962
2020-12-06 11:07:55 +08:00
Takashi Kajinami ba039b45ec Add support for the keystone_authtoken/service_type parameter
Change-Id: Iacf60927f83761973b77dd9b5f876b14a58eb0d6
2020-11-03 17:53:49 +09:00
ZhongShengping b0cf8a88cd Include deps class in unit test for sync
Change-Id: I01d8c01ba6d31841dee8cb1741a6bf7159b2e11f
2020-10-12 10:46:40 +08:00
ZhongShengping f2ad1f37d3 Include deps class in unit test for postgresql
Change-Id: I896a8c5e6d959c6d38535ec01bed3c52ff40a580
2020-10-10 09:31:12 +08:00
ZhongShengping 9b0ea1d87e Include deps class in unit test for mysql
Change-Id: I1921cae8f1f77c38fa1c3ade351ef7edb8de6f5c
2020-10-09 10:36:36 +08:00
Tobias Urdin fc7177125e Add Puppet Litmus
Depends-On: https://review.opendev.org/#/c/740601/
Change-Id: Id254fa48ca1c7024a36114b9aa8b3aae3d051ccd
2020-08-31 21:22:41 +02:00
ZhongShengping 6dfb89f4ce Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I5c5103626e1b5e5b77bb0e07fb81bb69418ea950
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:55:54 +08:00
ZhongShengping 6034694981 Add service_token_roles for keystone authtoken config
Add the ability to configure service_token_roles.

Change-Id: I29e8d699eb34c4d89302d9b0ff08562353c1e4a1
Closes-Bug: #1892284
2020-08-20 10:41:27 +08:00
Lewis Denny ede6fbf786 Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: Idbaf877352d93a9713a87b4ceadd18feb770ad6d
2020-07-16 11:27:40 +10:00
Takashi Kajinami e1ff7923cf Remove password hash generation in each puppet modules
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.

Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I84a6762b1a0ac58c650dadcd36901f914ccd57d5
2020-05-19 23:27:08 +09:00
Zuul 851f437480 Merge "Add CentOS8 to nodesets" 2020-05-11 22:27:45 +00:00
Takashi Kajinami a2b9cdb704 Add CentOS8 to nodesets
Change-Id: Ib80418c17151f06b7bf90171965163c736ba5dbc
2020-05-10 21:45:01 +09:00
Takashi Kajinami 34841f8d19 Use anchor to require necessary packages
... so that correct packages are required without re-defining them in
resource implementations.

Change-Id: I28a7f592781c8308dd9030f71c592508a990eef3
2020-05-04 15:34:37 +09:00
Takashi Kajinami b0f16625f5 Expect python3 client package in CentOS8
In CentOS, we expect to have python3 client package in 8.x while we
expect to have python2 in 7.x .
Fix unit tests to expect the correct version according to os major
version.

Note that this patch also removes broken unit tests which overrides
os release information to test el6 and el7.

Change-Id: I7437538596ad8a5d8a591b629c6982309a25514c
2020-04-02 10:03:54 +09:00
ZhongShengping 5ad7236835 Deprecate min_pool_size option
min_pool_size option is not used,see:

https://review.opendev.org/#/c/565090/

Change-Id: Ia6fa74ec2fc0f0e70cb9af111e7a9639322ca902
Closes-Bug: #1868511
2020-03-25 14:53:40 +08:00
Tobias Urdin 93d53f4ef2 Convert all class usage to relative names
Change-Id: I8fa05675ae67286bcd3752cbfc46c3cd6ad02a17
2019-12-08 23:06:38 +01:00
ZhongShengping 625ef78c6e Deprecate idle_timeout option
The idle_timeout parameter is deprecated, use connection_recycle_time
instead[1].

[1]https://review.opendev.org/#/c/334182/

Change-Id: Iad22c20436222db89d292c960688c97bc5265d4c
Depends-On: https://review.opendev.org/656106/
Closes-Bug: #1826692
2019-04-28 15:00:09 +08:00
ZhongShengping 324b4984d6 Configure vcenter_password as secret
Change-Id: I20bf37e9f20926cb620e5a3a20a80c3731d1d155
Closes-Bug: #1825098
2019-04-17 14:44:44 +08:00
ZhongShengping ca01ea1047 Service_token_roles_required missing in the server config file
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: Ic7613f0e384bc7ec7e0122b26a1abed5d659dd0a
Closes-Bug: 1778198
2019-02-15 10:03:03 +08:00
ZhongShengping 96e5483986 Fix lint issue
Change-Id: I3c3186690e585b59d321af28751be68e54f40220
2019-01-25 12:23:43 +08:00
Zuul 890b23abec Merge "Remove redundantly tested code" 2019-01-19 00:00:01 +00:00
Zuul f54faaf004 Merge "Inherit pyvers from openstacklib::defaults" 2019-01-18 11:42:54 +00:00
Tobias Urdin 6df93a38bd Remove redundantly tested code
Remove code that is redundantly tested.

This should not be tested here but in puppet-oslo
where this logic resides.

If we keep this and we do changes in puppet-oslo we
will break these unit tests, this is something we need
to sort out for all modules.

Change-Id: Ibd51254075bcb86a412decb41103720b25bbbb92
2019-01-18 10:32:13 +01:00
Tobias Urdin 580ead284f Inherit pyvers from openstacklib::defaults
Change-Id: I4d27bbbb16f87cf0051f1bbed2429e1c8affd14c
2019-01-17 21:30:39 +01:00
Zuul 572a93dc34 Merge "Dont include logging in init by default" 2018-12-29 20:54:21 +00:00
ZhongShengping 265019a5d0 Fix the port of endpoint
The port is error for endpoint. We should fix it.

Change-Id: I38c5044c506ff4505d18ea046e5f450db3d2daa1
Closes-bug: #1808737
2018-12-18 13:56:21 +08:00
Tobias Urdin 425b50e4d0 Dont include logging in init by default
Change-Id: I862232e4d24a879990bff6626458a4b7a4f72351
2018-11-29 10:22:30 +01:00
ZhongShengping f67462cce2 Deprecate pki related options
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.

Change-Id: Idf08b1283b64f1d6707fd6d7a87b0b1c39f5d319
Closes-Bug: #1804562
Closes-Bug: #1804720
2018-11-23 10:22:26 +08:00
Tobias Urdin 5e74fd3009 Convert spec testing to rspec-puppet-facts
Change-Id: Idfa63de05d32838d9e73a7e260e82a0c7e1f4a98
2018-11-08 13:41:59 +01:00
zhangyunyong efc14de4aa Configure access_key and secret_key as secret
Change-Id: I92baa8ca211ecb85e63888cc2715d688d5274156
Closes-Bug: #1786035
2018-08-08 21:14:03 +08:00
Tobias Urdin 42eee20297 modulesync: sync and add nodepool-bionic for beaker
Change-Id: Ib8dc0e25b4ba0200947cee576ffb489511f221e9
2018-07-18 16:18:00 +02:00
melissaml 6afae87cf1 Replace port 35357 with 5000 for "auth_url"
Based on the change in Keystone Install Guide [1],
this patch replace port 35357 with 5000 for "auth_url".

For more details, please check similar changes which have been done
on other projects: Nova [2], Neutron [3], Cinder [4], Glance [5].

[1] https://review.openstack.org/#/c/541857
[2] https://review.openstack.org/#/c/562812
[3] https://review.openstack.org/#/c/566491
[4] https://review.openstack.org/#/c/565464
[5] https://review.openstack.org/#/c/558932

Change-Id: I4663576274830a7d6fa0b1a06d357cae58c771c7
2018-05-21 14:50:53 +08:00
Zuul 67a0ee0f19 Merge "Debian is using python3-glareclient" 2018-04-13 03:13:42 +00:00
zhubingbing b8531ca627 Debian is using python3-glareclient
Change-Id: I7aef5afe2012249a827254ec2de320cc0c017427
2018-04-12 11:13:47 +08:00
ZhongShengping 98651fc002 Deprecate auth_uri option
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.

[1]https://review.openstack.org/#/c/508522/

Change-Id: I5e84034ada8dffad946ae32746a11cb31488bfec
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
2018-04-03 16:55:00 +08:00
ZhongShengping ec780033ae Add pool_timeout option
Add pool_timeout option to configure this value for pool_timeout with
SQLAlchemy.

Change-Id: I79e95919788ac9fc74e99cb53395725087dcb57b
Closes-Bug: #1757581
2018-03-22 11:09:50 +08:00
ZhongShengping 819ae38f58 Add 'openstack-db' tag to db-sync Exec resource
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.

Change-Id: I6b52256001bd9cefaa92aa2c58db1658cdded5ff
Closes-Bug: #1755102
2018-03-12 16:33:07 +08:00
Brad P. Crochet a5f546e5b0 Add glare client install support
Change-Id: I00b9ececdbac3b0769bd32b3205b0bd75345efcf
Related-Bug: #1744972
2018-01-23 11:58:35 -05:00
ZhongShengping b483ef992d Add use_journal option for logging configuration
This enables oslo.log to pass logging records to journald.

Change-Id: I9e660aa635866deb83bb0760452e0ecd397e2ef1
2018-01-15 15:47:22 +08:00
Emilien Macchi 2c7d1ed2bb Add group to policy management
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: Ic2089de7ead1d08ebead7f24f8b50f5116004ae0
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-10 14:22:53 -08:00
ZhongShengping de289e84af Expose use_json logging option
It enables JSON-formatted logging from oslo.log.

Change-Id: If47b4de8da5736130600197f41ea1b82a1aada16
2017-11-28 09:28:19 +08:00
ZhongShengping 7c15fd5d0f Configure *_domain_name to Default by default
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.

Change-Id: I9ae04aa57983e60bd902f20a61a91cf1cfbd9c1c
2017-10-13 14:33:16 +08:00
ZhongShengping d9d775fc51 Deprecate revocation_cache_time option
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.

Change-Id: Icad365825b3c134267493efb3ee692cfce364399
Closes-Bug: #1717144
2017-09-14 11:28:01 +08:00
ZhongShengping 53d08911fd Fix unit test
The db_backend_package name has changed in puppet-oslo[0], so fix it.

[0]: https://review.openstack.org/#/c/467582/

Change-Id: I648faf04072a1c4f79e611ac0a87e0d69c942d5f
Closes-Bug: #1693403
2017-05-25 11:18:37 +08:00
ZhongShengping 106ae55131 oslo policy: check puppet resource instead of actual config in spec
Change-Id: I6791feeb04ca0ac5fa4ddf775352184c0dbd71a6
2017-05-23 14:57:48 +08:00