The python-redis package is an optional dependency and needs to be
installed explicitly in Ubuntu or Debian. (The zaqar package in RDO
has additonal dependency to require python-redis now).
Change-Id: I5c768a4ed60909f2e764ed6a39c372814b50c58b
The oslo.cache 3.7.0 release introduced some options for redis backend
and redis sentinel backend. This introduces support for these
parameters.
Depneds-on: https://review.opendev.org/910629
Change-Id: I88b6b3c41b6f8691720b6bf9ccd5999d7a24f68c
This refactors resource dependencies to avoid unnecessary dependencies
across services. For example zaqar service does not require cinder db.
Change-Id: I8b2c64ab4896c6fbb407eaa58e99056da3b5170c
This patch specifies a set of options required to setup the retrying
wrapper feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803747
Co-Authored-By: Hervé Beraud <hberaud@redhat.com>
Depends-On: https://review.opendev.org/826869
Change-Id: Ia0fa98ff49d63332eff8e4e377402d2527b1c595
... because it is actually required so that zaqar can authenticate with
keystone.
Depends-on: https://review.opendev.org/903852
Change-Id: I8e5ea733f10abfdcc5da0699311222cfbe6cbf4e
Some of the backends supported by sqlalchemy (eg mysql + pymysql)
require additional packages. This ensures the required packages are
installed using the oslo::db defined type.
Change-Id: I7fc4cea95a0a7ecba7def9db4f01c16ef1cfa2f3
The oslo.policy library has implementations to detect change in policy
rules and reload the new rules without service restart.
Change-Id: I96e2447ddf1a3e5c043bbc3529cdd7dcc3316d2d
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.
Change-Id: Ie504006737f094704bbff8499ac9ddbb9e8f75f5
The password parameter is not really optional. This makes it
a required parameter to give more sensible validation error.
Change-Id: I2df5e93dc3e428928d85b70d8666b8b44155298b
This ensures the parameters used by if-else logic accept only boolean
values because non-boolean can result in unexpected behavior.
Change-Id: I8c2bd97681130da33974e4ea707f77f44e160ce2
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: Iac1ebf8af8900e9e351ef359f1c5c2e4c1704d00
Currently parameter description of the <module>::wsgi::apache classes
are formatted differently in individual modules, and this is making
the maintenance effort quite difficult.
This change updates the description format following the standard one
we are globally using in our modules to reduce undesired differences
between modules.
Change-Id: I73044b81e5ea8b41693718c3f3b900237300698e
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: If07cac9bc41d173baeadbefb4dad3612c32ee369
The puppetlabs-apache module is enforcing more strict data type
validation[1].
This change updates the default values to adapt to that change.
[1] f41251e336
Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: Ic4160b208ff1d728cab2b77c9261cb18deec8c27
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: Ie5f2669a8686a3546b652251881615e0e18bf433
... because these parameters were deprecated during Yoga cycle[1] and
have had no effect since then.
[1] 7eeb46e04d
Change-Id: I6b2ee2e3e9fb633f5f3c6fa9b2e4106e5430484e
This is follow-up of 7eeb46e04d and fixes
the following two points.
- tenant_name is deprecated but a proper warning message is missing
- password is deprecated and now is optional, but it is still
validated
Closes-Bug: #1973315
Change-Id: I169d42dee4896843e55d4989dc440ad7e7c7ec94
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I17cd1a7adcc09168d3f53f44787858ef1d89a0a7
This change ensures keystone resources like the mistral service user
are created before completing service setup, so that we can use
the service::end anchor to ensure Zaqar service is fully available.
Change-Id: I5989b330cd55328510cc1bb20b6c00eeac18353b
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Depends-On: https://review.opendev.org/807851
Change-Id: I683f1328ab68839b4877e91513cae206656a6ad2
It turned out defining dependency for openstacklib::wsgi::apache
doesn't properly enforce resource order and the default vhost file
is not purged properly.
This change adds the more explicit dependency to enforce the order
properly.
Change-Id: I5d03a133bb9d6e8a5ed67b7b06ee73608cff37ee
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I2a54b0d0c03a98b3fe7a3a4a28051247eea7e70a
The zaqar::keystone::auth_websocket class has been added to create
an independent keystone endpoint for websocket service but the service
user created by the class has never been used.
This change disables the logic to create the user and the associated
resources like roles and projects, so that only required resources are
created.
Change-Id: Iaa0042acb9fda198f10e6067523301bfd08bf249
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.
- The server class doesn't need access to anything defined in
apache::params
- The following classes are included by the openstacklib::wsgi::apache
resource type, and current inclusions are just redundant.
Change-Id: I7f2f5dbb7f7e07be611da61905201d90baee28ef
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.
[1] 9c04deee7f
Change-Id: Ie9dce227429a12d893b3cbbe495f604ed1b5620b