411 Commits

Author SHA1 Message Date
Takashi Kajinami
e5cc108c00 Avoid hard-coding OS user/group in each manifest
and replace hard-codes by definition in params.pp .

Change-Id: I4fc49eab447ef2b7e4f0d6cbd75f193cff7719b9
2022-02-20 19:39:47 +09:00
Takashi Kajinami
37d5b04d78 Remove deprecated amqp_allow_insecure_clients
... because it was deprecated during Wallaby cycle.

Change-Id: I2d7619574f93958ceae15bafea02d77554fb5315
2022-02-09 10:00:20 +09:00
Takashi Kajinami
ff16bee10a Remove some deprecated database parameters left
This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.

Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
2022-02-09 09:59:17 +09:00
Zuul
ea93973b79 Merge "Clean up deprecated database parameters" 2022-02-07 17:45:55 +00:00
Takashi Kajinami
c543bd33ae Clean up deprecated database parameters
Change-Id: I9d77ce1cbbd3fb8f7af2f144101ad064d760934e
2022-02-07 12:08:42 +09:00
Takashi Kajinami
6ce889d3f2 Simplify definition to ensure keystone resource creation
Use the whole resource type instead of its individual resources, to
rely on interface instead of implementation of the dependent module.

Change-Id: Ie28adb28dba6f8fd04520b1e5deea30fa66d775b
2022-02-07 00:08:43 +09:00
Zuul
8c660c594b Merge "Use consistent spelling, OpenStack, instead of Openstack" 2022-01-27 21:29:29 +00:00
Zuul
c160858ee0 Merge "Add socket keepalive options for the pymemcache backend" 2022-01-27 21:29:27 +00:00
Grzegorz Grasza
1fe740c2a9 Add socket keepalive options for the pymemcache backend
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716

Depends-On: https://review.opendev.org/807851
Change-Id: I195d3984248d8402953843bd49bd5e0838bf4fde
2022-01-27 20:23:44 +09:00
Takashi Kajinami
525d58d621 Use consistent spelling, OpenStack, instead of Openstack
Change-Id: I5f0320959ecae3ba3724114d91e7f89406f6404f
2022-01-24 16:28:42 +09:00
Zuul
0961b98387 Merge "Fix dependency to purge default vhost config" 2022-01-12 17:50:03 +00:00
Takashi Kajinami
fdaced52dc Fix dependency to purge default vhost config
It turned out defining dependency for openstacklib::wsgi::apache
doesn't properly enforce resource order and the default vhost file
is not purged properly.
This change adds the more explicit dependency to enforce the order
properly.

Change-Id: I3f8346d8df6c60b36e2abe281e87163b1e2837e6
2022-01-11 18:43:42 +09:00
Zuul
14c630bffa Merge "Accept system scope credentials for Keystone API request" 2022-01-08 01:02:56 +00:00
Zuul
7744ef8963 Merge "Remove usage of custom os_package_type fact" 2022-01-07 20:53:42 +00:00
Takashi Kajinami
213b30a43f Remove usage of custom os_package_type fact
Currently we support usage of distro packages only, and this custom
fact can be simply replaced by the default fact.

Change-Id: I11bac6405b94e6616e45dd511b842a4ad358148a
2022-01-05 22:32:32 +09:00
Takashi Kajinami
e0f9de35cb Support more tunable parameters of heat-engine
Change-Id: If314e079f45101439751c18eddbead56d0863fbb
2022-01-03 23:09:06 +09:00
Takashi Kajinami
63b791ef4f Add support for [DEFAULT] allow_trusts_redelegation
Change-Id: I4677e89b889f416cc503719286373407a08cffc9
2022-01-03 18:37:41 +09:00
Takashi Kajinami
0f9986e566 Accept array for DEFAULT/trusts_delegated_roles
The DEFAULT/trusts_delegated_roles parameter is a ListOpt, which
accepts a list value in a comma-separated list format. This change
allows usage of array to define the list value in a native manner.

Change-Id: I9d74fac8cdc4cfe7c7c6f366dba712b8c331b269
2022-01-03 18:26:56 +09:00
Takashi Kajinami
67139207a9 Enable DB purge cron job after database is initialized
The DB purge operation expects the target database is already
initialized. This change ensures db sync is completed before cron job
is enabled.

Closes-Bug: #1955829
Change-Id: I742ea262bde8b9412627a475c53b27d25e132787
2021-12-28 10:39:22 +09:00
Takashi Kajinami
43105f3130 Clean up direct dependencies on puppetlabs-apache
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.

- The api class doesn't need access to anything defined in
  apache::params

- The following classes are included by the openstacklib::wsgi::apache
  resource type, and current inclusions are just redundant.

Change-Id: I88684f7f246b226844dc724a35d1cec95742704e
2021-12-09 10:21:14 +09:00
Takashi Kajinami
a06217b838 Use native support to define RequestHeader statement
... instead of injecting it by vhost_custom_fragment.

Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
2021-12-09 00:24:40 +09:00
Zuul
64d8a691fb Merge "Add missing dependency of heat_api_paste_ini" 2021-12-08 08:10:38 +00:00
Zuul
d308d4fc66 Merge "Fix missing dependency of heat_api_cfn_uwsgi_config" 2021-12-08 05:28:03 +00:00
Takashi Kajinami
953d6d1c83 Fix missing dependency about policy config
Change-Id: Id2d55cb87f6663cd1b250f1961af139fbf514e40
2021-11-29 09:38:15 +09:00
Takashi Kajinami
d3a63122cb Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
2021-11-26 00:59:17 +09:00
Takashi Kajinami
3404969768 Add missing dependency of heat_api_paste_ini
Closes-Bug: #1952009
Change-Id: I2f9ea5b6c18c921e7c1e2f19740208700501e34b
2021-11-24 09:42:39 +09:00
Takashi Kajinami
4d350a851a Fix missing dependency of heat_api_cfn_uwsgi_config
... and duplicate dependencies of heat_api_wsgi_config.

Change-Id: I318b8241469934d362085ed33b1456a6ff3d1267
2021-11-24 09:31:41 +09:00
Takashi Kajinami
b3685e6e13 Use consistent spelling, OpenStack, instead of Openstack
Change-Id: I6ad5fecb4accd51d3de3e9ee2594bf96483c5f63
2021-11-18 14:30:47 +00:00
Zuul
93d2d31f07 Merge "aph/api_cfn: Clear the related parameters when ssl is disabled" 2021-11-12 12:21:25 +00:00
Takashi Kajinami
8645f8d70c aph/api_cfn: Clear the related parameters when ssl is disabled
... instead of leaving these parameters unmanaged.

Change-Id: I046b32f01eb73e6989b3b18390e4103aab970554
2021-11-11 08:13:26 +09:00
Takashi Kajinami
3703f8805a Do not manage services when manage_service is disabled
Change-Id: I40e3ef55255eeb13dd3d27d91570b955801aa99e
2021-11-10 22:41:47 +09:00
Takashi Kajinami
603f545cbc Prepare to update default of <service>::wsgi::apache::ssl
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.

Based on the following points, false is considered to be the more
reasonable default.
 - Usage of SSL is optional and is not always required
 - There are other methods(like load-balancer) to implement SSL
   termination
 - Enabling SSL doesn't work with the default values currently
   defined, and requires additional parameters like ssl_cert.
 - false is the default value defined in the base implementation in
   puppet-openstacklib.

This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.

Change-Id: I76516e3d0c659fabdb7736ff4a5a6621eed29371
2021-11-03 20:52:09 +09:00
Takashi Kajinami
6e8b799ba8 Create a separate class to manage the trustee options
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.

This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.

Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
2021-10-13 22:06:58 +09:00
Zuul
ed03476d31 Merge "Allow purging policy files" 2021-09-20 08:22:03 +00:00
ZhongShengping
a1ae65f323 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I2feecb96c4b859584ead37155269cb33d742e9d2
Closes-Bug: #1943212
2021-09-14 16:02:09 +08:00
Takashi Kajinami
b7d4441ce9 Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
2021-09-04 22:03:34 +09:00
Zuul
71c8a85409 Merge "Use a 'params' hash for authtoken parameters" 2021-09-02 18:13:51 +00:00
Takashi Kajinami
79ee6b5c8f Use a 'params' hash for authtoken parameters
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].

[1] 5c38281e1b698f157f03bf1815733277c541c30b

Change-Id: I62c36a4521ca9b3c5062d88fe9a7ee55c748fbd3
2021-08-26 22:15:34 +09:00
Takashi Kajinami
e79e74cd08 Migrate max_stacks_per_tenant to heat::engine
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.

Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
2021-08-07 00:20:17 +09:00
Thomas Goirand
131476ca2b Get rid of the $pyvers variable
Since everyone has switched to Python3, it's time for the removal of the
$pyvers variable.

Change-Id: Ie5052433ff584d75fcf58c0058f16a05dc97eeaa
2021-05-21 11:22:52 +02:00
Takashi Kajinami
032a4751b1 Fix a typo in file header
Change-Id: Iaaa23098d975f2dc8de00e9c8e22acd29e39d36c
2021-04-21 01:07:48 +09:00
Thomas Goirand
274e458478 Add support for heat_api_{cfn_,}uwsgi_config in Debian
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.

Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
2021-04-10 22:44:24 +02:00
Thomas Goirand
37bd354401 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
2021-04-01 23:01:27 +02:00
Takashi Kajinami
704c10fce4 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: Ic012fdd97529baebef8840f364084e7f946b6908
2021-03-24 16:38:22 +09:00
Takashi Kajinami
e08f3cd6fe Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: Ice8c1420a2386887965dd587e90b35d3314b0c27
2021-03-16 12:36:29 +09:00
Zuul
2563fda115 Merge "Add support for healthcheck middleware options" 2021-02-23 19:59:33 +00:00
Zuul
bea275a919 Merge "Add TLS options to oslo.cache" 2021-02-10 17:49:28 +00:00
Grzegorz Grasza
42d1e8567d Add TLS options to oslo.cache
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
2021-02-10 21:00:25 +09:00
Takashi Kajinami
72d1b4d137 Add support for healthcheck middleware options
Depends-on: https://review.opendev.org/772202
Change-Id: I3a09b3dcdbece397edb19051683657bec2d411c4
2021-02-01 17:29:53 +09:00
Takashi Kajinami
b4e9a1a6e4 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: Id19b8fc7ded7b3a25a7b028687780caad32deae9
2021-01-07 08:44:59 +00:00