171 Commits

Author SHA1 Message Date
Takashi Kajinami
37d5b04d78 Remove deprecated amqp_allow_insecure_clients
... because it was deprecated during Wallaby cycle.

Change-Id: I2d7619574f93958ceae15bafea02d77554fb5315
2022-02-09 10:00:20 +09:00
Takashi Kajinami
ff16bee10a Remove some deprecated database parameters left
This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.

Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
2022-02-09 09:59:17 +09:00
Takashi Kajinami
c543bd33ae Clean up deprecated database parameters
Change-Id: I9d77ce1cbbd3fb8f7af2f144101ad064d760934e
2022-02-07 12:08:42 +09:00
Zuul
c160858ee0 Merge "Add socket keepalive options for the pymemcache backend" 2022-01-27 21:29:27 +00:00
Grzegorz Grasza
1fe740c2a9 Add socket keepalive options for the pymemcache backend
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716

Depends-On: https://review.opendev.org/807851
Change-Id: I195d3984248d8402953843bd49bd5e0838bf4fde
2022-01-27 20:23:44 +09:00
Zuul
14c630bffa Merge "Accept system scope credentials for Keystone API request" 2022-01-08 01:02:56 +00:00
Takashi Kajinami
e0f9de35cb Support more tunable parameters of heat-engine
Change-Id: If314e079f45101439751c18eddbead56d0863fbb
2022-01-03 23:09:06 +09:00
Takashi Kajinami
63b791ef4f Add support for [DEFAULT] allow_trusts_redelegation
Change-Id: I4677e89b889f416cc503719286373407a08cffc9
2022-01-03 18:37:41 +09:00
Takashi Kajinami
a06217b838 Use native support to define RequestHeader statement
... instead of injecting it by vhost_custom_fragment.

Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
2021-12-09 00:24:40 +09:00
Takashi Kajinami
d3a63122cb Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
2021-11-26 00:59:17 +09:00
Takashi Kajinami
603f545cbc Prepare to update default of <service>::wsgi::apache::ssl
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.

Based on the following points, false is considered to be the more
reasonable default.
 - Usage of SSL is optional and is not always required
 - There are other methods(like load-balancer) to implement SSL
   termination
 - Enabling SSL doesn't work with the default values currently
   defined, and requires additional parameters like ssl_cert.
 - false is the default value defined in the base implementation in
   puppet-openstacklib.

This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.

Change-Id: I76516e3d0c659fabdb7736ff4a5a6621eed29371
2021-11-03 20:52:09 +09:00
Zuul
a834405610 Merge "Allow customizing separator for api-paste.ini" 2021-10-17 21:36:55 +00:00
Takashi Kajinami
4b39a9330d Allow customizing separator for api-paste.ini
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.

[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone

This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules

Depends-on: https://review.opendev.org/813614
Change-Id: I6c79c6d865648cc309a489f6ef371d33673df93a
2021-10-15 12:00:56 +09:00
Takashi Kajinami
6e8b799ba8 Create a separate class to manage the trustee options
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.

This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.

Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
2021-10-13 22:06:58 +09:00
cdd4493170 Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: Id8dddd75c338a8f2dad1d093522b850270bb69a8
2021-10-07 08:23:11 +00:00
Zuul
ed03476d31 Merge "Allow purging policy files" 2021-09-20 08:22:03 +00:00
ZhongShengping
a1ae65f323 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I2feecb96c4b859584ead37155269cb33d742e9d2
Closes-Bug: #1943212
2021-09-14 16:02:09 +08:00
Takashi Kajinami
b7d4441ce9 Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
2021-09-04 22:03:34 +09:00
Takashi Kajinami
e79e74cd08 Migrate max_stacks_per_tenant to heat::engine
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.

Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
2021-08-07 00:20:17 +09:00
Takashi Kajinami
eaa9b393a2 Drop Fedora support
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.

Change-Id: I9193e4ca93ebb203f88b3a8c888d0d774dcc3854
2021-06-12 23:30:08 +09:00
Thomas Goirand
274e458478 Add support for heat_api_{cfn_,}uwsgi_config in Debian
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.

Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
2021-04-10 22:44:24 +02:00
Zuul
644eeb990a Merge "Allow to configure policy_dirs" 2021-04-06 09:36:52 +00:00
Thomas Goirand
37bd354401 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
2021-04-01 23:01:27 +02:00
50dbb7c70a Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.

Sem-Ver: feature
Change-Id: Ic46bbdb8c64755e5eae750ce12e9066b47964b43
2021-04-01 09:18:35 +00:00
Takashi Kajinami
704c10fce4 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: Ic012fdd97529baebef8840f364084e7f946b6908
2021-03-24 16:38:22 +09:00
Takashi Kajinami
e08f3cd6fe Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: Ice8c1420a2386887965dd587e90b35d3314b0c27
2021-03-16 12:36:29 +09:00
Zuul
2563fda115 Merge "Add support for healthcheck middleware options" 2021-02-23 19:59:33 +00:00
Zuul
bea275a919 Merge "Add TLS options to oslo.cache" 2021-02-10 17:49:28 +00:00
Grzegorz Grasza
42d1e8567d Add TLS options to oslo.cache
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
2021-02-10 21:00:25 +09:00
Takashi Kajinami
72d1b4d137 Add support for healthcheck middleware options
Depends-on: https://review.opendev.org/772202
Change-Id: I3a09b3dcdbece397edb19051683657bec2d411c4
2021-02-01 17:29:53 +09:00
Takashi Kajinami
b4e9a1a6e4 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: Id19b8fc7ded7b3a25a7b028687780caad32deae9
2021-01-07 08:44:59 +00:00
ZhongShengping
c16009b55b Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: I9118a6d4e1553ee0715f3fda72d625ccdcdf1b0f
Closes-Bug: #1904962
2020-11-23 09:27:52 +08:00
ZhongShengping
bb28a6a9a4 Deprecate allow_insecure_clients option
The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: Ia08ce1ffa507572f6eff0ad24415802b0b535a13
Closes-Bug: #1902158
2020-11-02 15:25:27 +08:00
Takashi Kajinami
670ea7c388 Also deprecate the heat::sync_db parameter
... because the actual implementation exists in the heat::db class.

Change-Id: Ife360d77fe041771754d56cf08915f4fd4a50d35
2020-10-27 00:09:05 +09:00
Zuul
b88fa7b204 Merge "Deprecate database options from the heat class" 2020-10-21 09:13:20 +00:00
Takashi Kajinami
6a8e1b15aa Deprecate database options from the heat class
... because these options have been implemented in the heat::db class.

Change-Id: I5724d843607d958bae9cc897899cd78dddd7cdea
2020-10-20 11:28:11 +09:00
Christopher Brown
261f4b1cf6 Add support for the keystone_authtoken/service_type parameter
Change-Id: I2c3a5d3c005963fe490310f6b81619cc85b28cc9
2020-10-18 18:23:41 +10:00
d5ec860bfe Update master for stable/victoria
Add file to the reno documentation build to show release notes for
stable/victoria.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.

Change-Id: I9447bda09b5c11c0c1cec36f5ed71e64ca04b68e
Sem-Ver: feature
2020-10-08 14:40:15 +00:00
ZhongShengping
ac0a3f6df4 Set openstackdocs_auto_name to use 'project' as name
Change-Id: I2e512e2276396c123e00253c731a6d5e93fbada7
2020-09-16 11:05:05 +08:00
ZhongShengping
9fd21cf7cf Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I6392637052f305f6c0b9381923d8e9a69774a51a
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:55:57 +08:00
Zuul
7750d9d2ed Merge "Add support for the interface parameter in authtoken middleware" 2020-07-08 16:43:25 +00:00
Takashi Kajinami
e633bc0ae5 Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: I5325bdfbcec13b53b83ac669fb2b91885c370e60
2020-07-08 11:20:39 +09:00
Thomas Goirand
ac5eaeb657 Add a max_stacks_per_tenant parameter
The default of 100 is barely useable. Let's add a new parameter
max_stacks_per_tenant to allow increasing this.

Change-Id: I2bd9ce729b5e2b5ff6577951989b93390cb3a6bf
2020-07-03 02:41:56 +02:00
Andreas Jaeger
20c9e0b796 Switch to newer openstackdocstheme and reno versions
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems

Update Sphinx version as well.

Disable openstackdocs_auto_name to use 'project' variable as name.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html

Change-Id: I80547dc338f621fc05cd20bf96626511feff5931
2020-06-02 14:39:41 +02:00
0a7ee27021 Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.

Change-Id: I618427a7479f3972413f64f4e4e486b7f069cd9f
Sem-Ver: feature
2020-04-28 14:52:33 +00:00
Takashi Kajinami
7dd8afd35d Deprecate heat::engione::deferred_auth_method
... because its actual parameter in heat was already deprecated[1].

[1] 9723b0dab707bcedc846415b932b2ade5b7c1317

Change-Id: I782d6b3833f450178ccd34736de4c9f861937399
2020-04-26 22:12:11 +09:00
Takashi Kajinami
6c4650f815 Remove heat::engine::heat_watch_server_url
... because it was deprecated a while ago[1].

[1] ae564bbd7c1f94c95c7a0ddbda26219d4f2f8a13

Change-Id: I7fd241112c8bd5ee5cd9edaa6669b162ffbf190c
2020-04-26 22:01:11 +09:00
Zuul
fad1e5af7a Merge "Add support for cache options in specific module" 2020-03-31 15:35:28 +00:00
Takashi Kajinami
3cbb922235 Add support for cache options in specific module
This patch introduces several parameters in heat::cache class, so that
we can configure caching parameters for specific module.

Change-Id: I752c31825ec3f3f23df01a4d24a633b2453bff19
2020-03-29 08:59:23 +09:00
Zuul
9df2d37e69 Merge "Add server_keystone_endpoint_type param to heat::engine" 2020-03-26 23:37:56 +00:00