This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.
Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
... instead of injecting it by vhost_custom_fragment.
Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I76516e3d0c659fabdb7736ff4a5a6621eed29371
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules
Depends-on: https://review.opendev.org/813614
Change-Id: I6c79c6d865648cc309a489f6ef371d33673df93a
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.
This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.
Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: Id8dddd75c338a8f2dad1d093522b850270bb69a8
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.
Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.
Change-Id: I9193e4ca93ebb203f88b3a8c888d0d774dcc3854
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.
Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
Add file to the reno documentation build to show release notes for
stable/wallaby.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.
Sem-Ver: feature
Change-Id: Ic46bbdb8c64755e5eae750ce12e9066b47964b43
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.
Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I9118a6d4e1553ee0715f3fda72d625ccdcdf1b0f
Closes-Bug: #1904962
Add file to the reno documentation build to show release notes for
stable/victoria.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.
Change-Id: I9447bda09b5c11c0c1cec36f5ed71e64ca04b68e
Sem-Ver: feature
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I5325bdfbcec13b53b83ac669fb2b91885c370e60
The default of 100 is barely useable. Let's add a new parameter
max_stacks_per_tenant to allow increasing this.
Change-Id: I2bd9ce729b5e2b5ff6577951989b93390cb3a6bf
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Disable openstackdocs_auto_name to use 'project' variable as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I80547dc338f621fc05cd20bf96626511feff5931
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I618427a7479f3972413f64f4e4e486b7f069cd9f
Sem-Ver: feature
... because its actual parameter in heat was already deprecated[1].
[1] 9723b0dab707bcedc846415b932b2ade5b7c1317
Change-Id: I782d6b3833f450178ccd34736de4c9f861937399
This patch introduces several parameters in heat::cache class, so that
we can configure caching parameters for specific module.
Change-Id: I752c31825ec3f3f23df01a4d24a633b2453bff19