273 Commits

Author SHA1 Message Date
Lokesh Jain
56cbd7c89b Make heat parameter plugin_dirs configurable
Heat has an additional configuration for plugin_dirs
parameter. This parameter provides a list of directories
to search for plug-ins. This change allows configuration
of plugin_dirs parameter in heat.conf file. This change
will allow a user to set this value, if required. Else
$::os_service_default will be used and the parameter will
not be added to the config file, as it is done today.

Change-Id: I636d52f867ee447eaf0e1e80bf9fdc30c91f4ec1
2018-01-22 18:49:20 -05:00
Sofer Athlan-Guyot
7870a0f8ff Add a parameter to be able to override clients_keystone/auth_uri.
It is usually the same as auth_url which is defined there
$::heat::keystone::authtoken::auth_url.  We can now point this to
another part of the catalog (ie, public vs internal for instance).

Co-Authored-By: Sergii Golovatiuk <sgolovat@redhat.com>
Change-Id: I4429d86d831f49f1bc0fef04379a81ada20b6ab6
2018-01-19 00:35:05 +01:00
ZhongShengping
befa77c079 Add use_journal option for logging configuration
This enables oslo.log to pass logging records to journald.

Change-Id: Iff58d247fe90fa8d81769599d7ce994077c032d9
2018-01-15 15:50:08 +08:00
Emilien Macchi
fd952e2a84 Add group to policy management
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: I748ed0cba392d783e75b2cf16833a687d6152a22
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-11 15:54:59 +00:00
Juan Antonio Osorio Robles
50d7c113f8 Expose use_json logging option
It enables JSON-formatted logging from oslo.log.

Change-Id: I57eaa1209e6942a9e76e7988761fea854c838dc5
2017-11-27 14:54:23 +02:00
ZhongShengping
8befe4fb09 Add customization for wsgi process display name
Change-Id: I952b51508d5ec6ad6d0aab7e19df14f4dcd96ba3
Closes-Bug: #1626550
2017-11-01 15:54:54 +08:00
Juan Antonio Osorio Robles
248de177dd Expose allowing setting log files for apache vhost
Being able to set the log files for the apache vhost was done in a
recent commit [1]. However, that commit missed exposing the
configuration in the service-specific manifests. This adds that.

[1] Ic2ffef73f6a12d6225f87d285003c3deb7541126

Change-Id: Iae6a86cb93305cb3307e058cfd31e0fca3b1be8e
2017-10-30 07:33:38 +02:00
Juan Antonio Osorio Robles
7a137e2355 apache wsgi: Exchange defaults for workers and threads
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.

Instead, we should use several processes, since this approach doesn't
have this limitation.

[1] https://wiki.python.org/moin/GlobalInterpreterLock

Change-Id: I116df85f259528d547a958850b9c3793d01e2a45
2017-10-13 08:49:12 +03:00
Jenkins
23baad4a6a Merge "Allow setting log files for apache vhost" 2017-10-10 08:46:32 +00:00
Juan Antonio Osorio Robles
781c75cebc Allow setting log files for apache vhost
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.

Change-Id: Ic2ffef73f6a12d6225f87d285003c3deb7541126
2017-10-06 14:23:53 +03:00
Juan Antonio Osorio Robles
f12aea2145 Accept empty strings for log_dir
An empty string is an acceptable value of this entry, and it forces
logging to stdout/stderr, which is useful when running on containers.

Change-Id: I8c3a635688ef98e6038c2bee33cd253da8d3baf0
2017-10-06 13:00:15 +03:00
Jenkins
e4b66efe94 Merge "Deprecate revocation_cache_time option" 2017-09-20 23:59:15 +00:00
ZhongShengping
3c5f67488d Deprecate revocation_cache_time option
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.

Change-Id: I2c340522a696c3e436404e1b1403d6cf072d56d3
Closes-Bug: #1717144
2017-09-14 11:31:44 +08:00
Jose Luis Franco Arza
ece5e90fdd Add support for default_user_data_format
Allows specify the value of default_user_data_format
parameter in configuration

Change-Id: I0536b5efd0e1389b05ffdd29acf75f1fa748babb
2017-09-13 10:24:31 +02:00
Benedikt Trefzer
10a7db8463 add parameter to overwrite/add wsgi process options
Add parameter to apache_wsgi to allow overwrite and/or
add additional wsgi process options.

This possibility was added to openstacklib
with Change-Id: I41914ce3361988d5db1695f09d21209772fdf548

Change-Id: I3df74ddc4a258083ccfe4e47180f022742655ba6
2017-09-04 18:38:40 +02:00
Jenkins
c62d27e56e Merge "Changed keystone_ec2_uri to be optional" 2017-08-22 22:43:22 +00:00
Daniel Pawlik
2d78f9253d Changed keystone_ec2_uri to be optional
Param keystone_ec2_uri was providing default value. It was raising an
engine service error on ifras where ec2 endpoint was not created.

Change-Id: I48c47a2c59ec89212a45125b373844e340731fd9
2017-08-22 12:20:46 +00:00
Daniel Pawlik
9fb1ab9414 Param rabbit_heartbeat_timeout_threshold should not be 0
Param heartbeat_timeout_threshold by default is set to 60 in oslo module.
We shouldn't set hardcoded value, but take default one.

Change-Id: Id572fd98846f640d88cbb46c4a74f9fd43813d8b
2017-08-22 12:13:27 +00:00
Andrew Smith
a28c18cc00 Deprecate oslo.messaging rpc_backend option parameter
Oslo.messaging uses the transport_url to represent the rpc and
notification messaging driver to use and its full configuration. The
rpc_backend configuration option is deprecated for removal and
should not gate oslo.messaging driver configuration options.

This patch:
* deprecate rpc_backend
* remove conditional check
* update spec tests
* add release note

Change-Id: I1537c9e0db956d4271c8334a0aa543cd20c57e67
2017-07-26 20:52:06 -04:00
ZhongShengping
6fde1a69d3 Remove deprecated keystone authtoken signing_dir option
Change-Id: Ie89e4385628cd5bfd0b43d7c00124c25dee17936
2017-07-07 09:59:10 +08:00
rabi
1b5eab2809 Add support for reauthentication_auth_method
This adds support for setting reauthentication_auth_method
flag in heat.conf.

Change-Id: I247b02a50bb46ce16ca120961dd9c3df3e6026fd
Partial-Bug: #1683983
2017-04-19 12:54:47 +05:30
Emilien Macchi
27a4d8a0cc Set endpoint_type to <SERVICE DEFAULT>
Now TripleO sets this value, we can use os_service_default for
the default value and we won't have duplicated resource.

Change-Id: I00a47d6dae5be6ea18d93ac8b47c0c0cc58fe43f
2017-03-29 13:46:29 +00:00
Emilien Macchi
b865f447d9 Add support for clients/endpoint_type
Add support for clients/endpoint_type parameter.

Note: Default to False now, because TripleO already sets this resource.
      and we don't want duplicated resource.
      Once we switch TripleO to use this new option, the default will
      become os_service_default.

Change-Id: If707c5623c0e34e9219eeafdafaf0ac42daf5c8d
Closes-Bug: #1675409
2017-03-23 09:20:08 -04:00
Thomas Herve
f24b39c73a Enforce content type in CFN WSGI
This works around a bug in the config tools, not sending a type
properly.

Change-Id: I79b7b19d8c1af6cc34875fc05800dc9da5ac7cad
Related-Bug: #1641589
2017-03-04 15:39:39 +01:00
Juan Antonio Osorio Robles
fe394add6f Add manifests to deploy APIs over httpd
This includes a resource that will generically create the vhost for
the specified API.

Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: I9a9246522810de546a7c460ab1133d6bf9081a15
Change-Id: I253f46f5ad943971dd9ea6995591c72a36953bdb
2017-03-02 14:15:18 +02:00
ZhongShengping
bf2d2fe504 Add notification_topics option
Add notification_topics to configure AMQP topic used for OpenStack
notifications.

Change-Id: Ib441d091b87685f3da77e18b7062fa0fdf116751
2017-02-20 20:45:43 +08:00
Mykyta Karpin
7c86b14059 Add ability to configure cache
Change-Id: I01155b6bc6ad2618a2337c951120ef377cfacf2f
2017-02-16 10:26:03 +02:00
ZhongShengping
40bfe5ac4a Add control_exchange option
Add control_exchange to configure an exchange name for message.

Change-Id: Iac2f30b5a4a70cd44dce9385256339d67d0f40da
2017-01-28 14:08:11 +08:00
ZhongShengping
2416150250 Add oslo::db to dependency chain
All db settings should be applied and all releated packages should be
installed before dbsync starts.

Change-Id: Iec6254f654afbbe1ababb150b47ff5e99b8032b5
2017-01-22 21:43:05 +08:00
Matthew J. Black
12a328d74f Allow python-memcache install from authtoken class
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.

Change-Id: I3a6f847e4d5ff64e09b664dc58b17db4094c814c
2017-01-11 17:37:45 -05:00
ZhongShengping
0540b5c98f Deprecate signing_dir option
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.

Change-Id: I42b35c3cadde3bb22463c82e83168addfd4da99f
Closes-Bug: #1652700
2016-12-28 14:00:55 +08:00
Alex Schultz
b5b48d9863 Fix heat user dependencies
With the heat::deps implementation, we should ensure that the users are
created in before the heat::service::end anchor rather than the service
itself. This can lead to issues when we move the service to httpd and it
is colocated with keystone. Additionally the authtoken class needs to
include the ::heat::deps class.

Change-Id: I0c2b5e0e3671d37fb0450cd25dd6287bebda4dcb
2016-11-23 16:10:37 +00:00
zhangdetong
739a15ffb2 Set trusts_delegated_roles to os_service_default in engine.pp
change trusts_delegated_roles to $::os_service_default,
modified heat_engine_spec.rb and added releasenote.

Change-Id: Ib07a546da74218056bb55f15df1b6114e9f67c45
Closes-Bug: #1634361
2016-11-23 10:56:49 +00:00
Alex Schultz
b865dffaa6 Deprecate rabbitmq connection parameters
The rabbitmq connection parameters have been deprecated in favor of the
transport_url setting.

Change-Id: I7ae5c5a2584eab063b8e647dc34008ac71bd04e0
Related-Bug: #1625198
2016-11-21 16:48:59 -07:00
Jenkins
95db61d071 Merge "Remove old authtoken options" 2016-11-21 22:13:36 +00:00
Steve Baker
edf6623d8c Expose heat::engine::max_nested_stack_depth
This is required for TripleO to use a value other than the default 5.

Change-Id: I998f3a1a89ce4bc4c3926a83adec1929addeab24
2016-11-21 15:41:32 +13:00
Jenkins
41ccdeb852 Merge "Force domain_password parameter to be defined" 2016-11-19 01:05:56 +00:00
Iury Gregory Melo Ferreira
da7bc46203 Remove old authtoken options
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section

Change-Id: I7f18b79b9107baad78129b098246bd9c931420dc
2016-11-16 00:02:12 -03:00
Steven Hardy
6e8ef40483 Don't default metadata server URLs to localhost
These settings are all legacy, as for some time heat has instead supported
deriving the URLs internally using the endpoints from the keystone catalog.

Defaulting these to localhost seems like a bad default, as in
most cases heat will caclulate a more reasonable default (e.g something
derived from the actual heat public endpoint in keystone), and it's somewhat
surprising when you don't pass a value and get localhost instead of the heat
defaults.

They can still be used to override the keystone endpoint, which is sometimes
useful, but in most cases these should no longer be set IMO.

Note the relevant heat commits which make these settings optional are
Id402664e38e3da071ad634233b3a1f8e13af152d and
If8a2d3f37d87c26228e709c20f61969b397f2da0 (present in all Heat releases
since Mitaka)

Closes-Bug: #1641873
Change-Id: I90ccdd881a41d803e28064f44b821ab48a6fa8ea
2016-11-15 22:23:37 +00:00
ZhongShengping
d727cf872f Fix common options position in params.pp
These parameters are common for both systems,
they could be moved out from 'case'.

Change-Id: Ic07c62593d63190b523efcc3f020cba12b5001f3
2016-11-08 10:05:42 +08:00
Xingchao Yu
a6a860106b Align equals in heat::params
Change-Id: Ia94cd822715bf75b9eebb876e17d0b05fdf0da50
2016-11-04 12:32:26 +08:00
Alex Schultz
08488e3686 Ability to manage domain config seperately
This change allows a user of the heat::keystone::domain class to manage
the user creation seperately from the user configuration for the heat
services.

Previously one could disable the management of the users but could not
prevent the configuration file from being updated if all they wanted to
do was create the users.

Change-Id: Iab8204d3dfd727149d41ad86616a8f95a6f720dc
2016-11-03 08:52:12 -06:00
Emilien Macchi
a1f3dfe6a9 Force domain_password parameter to be defined
Having a default value for a password is not acceptable for security
purpose.  We should unset the default value so we make sure catalog fail
if no value is set.  It enforces our users to set a value and stop
opening a security problem.

Change-Id: I41b974f6ece39743bfc2ad922b2f0dad20aec469
2016-11-02 10:46:33 -04:00
Iury Gregory Melo Ferreira
eecda65a11 Remove verbose
Since we are in Ocata we should remove the
verbose option that was deprecated

Change-Id: Ife75d144e7c0bde13ece85472fa446af12c0650e
2016-10-25 20:02:37 -03:00
ZhongShengping
7171d68cc8 Deprecate auth_plugin option
Option "auth_plugin" from group "trustee" is deprecated in Heat.
Use option "auth_type" from group "trustee" instead.

Change-Id: I19024ad7be968c7364dbb8ff94372a168f6f6096
Closes-Bug: #1633282
2016-10-19 08:45:23 +08:00
Mykyta Karpin
468a12493d Fix documentation for log_dir parameter
Change-Id: Ifba8e0b5f9119426a8093a0124e5bb5d4e89b20a
Partial-Bug: #1600294
2016-10-10 16:17:42 +03:00
Sharat Sharma
5e3b5e050f Added retries for db_sync
If db sync fails, it is never retried leading to errors. So, this
patch adds retries for db_sync to avoid sync fails.

Change-Id: I094f592989928cefef0b9cd9c7b9d837f51d03b1
Closes-Bug: #1628580
2016-09-29 12:26:28 +05:30
Dan Prince
0b0f6289e1 Add options to configure yaql settings
Change-Id: Id41001d74ce1008dbb5a98b962d5c53dbf39c903
2016-09-27 11:05:57 -04:00
Jenkins
4d7b5be2e2 Merge "add parameter to configure the name of the node" 2016-09-01 03:22:25 +00:00
Marcus Furlong
b0982fa982 add parameter to configure the name of the node
This may required in instances where socket.gethostname() (the default)
does not return an FQDN and an FQDN (or other identifer) is desired.

Change-Id: Ibb86cdcf7e6304eabc1fe165feec9555bfadb32f
2016-08-30 12:51:09 +10:00