This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.
Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.
Change-Id: Ie28adb28dba6f8fd04520b1e5deea30fa66d775b
It turned out defining dependency for openstacklib::wsgi::apache
doesn't properly enforce resource order and the default vhost file
is not purged properly.
This change adds the more explicit dependency to enforce the order
properly.
Change-Id: I3f8346d8df6c60b36e2abe281e87163b1e2837e6
Currently we support usage of distro packages only, and this custom
fact can be simply replaced by the default fact.
Change-Id: I11bac6405b94e6616e45dd511b842a4ad358148a
The DEFAULT/trusts_delegated_roles parameter is a ListOpt, which
accepts a list value in a comma-separated list format. This change
allows usage of array to define the list value in a native manner.
Change-Id: I9d74fac8cdc4cfe7c7c6f366dba712b8c331b269
The DB purge operation expects the target database is already
initialized. This change ensures db sync is completed before cron job
is enabled.
Closes-Bug: #1955829
Change-Id: I742ea262bde8b9412627a475c53b27d25e132787
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.
- The api class doesn't need access to anything defined in
apache::params
- The following classes are included by the openstacklib::wsgi::apache
resource type, and current inclusions are just redundant.
Change-Id: I88684f7f246b226844dc724a35d1cec95742704e
... instead of injecting it by vhost_custom_fragment.
Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I76516e3d0c659fabdb7736ff4a5a6621eed29371
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.
This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.
Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: I62c36a4521ca9b3c5062d88fe9a7ee55c748fbd3
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.
Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.
Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.
Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846