325 Commits

Author SHA1 Message Date
Takashi Kajinami
ff16bee10a Remove some deprecated database parameters left
This is follow-up of c543bd33ae2389e64f932441c719fcc105a2f2da and
removes some deprecated database parameters still left.

Change-Id: I6325c5d8d290bf6176d17e4aea9058f85feea2f3
2022-02-09 09:59:17 +09:00
Zuul
8c660c594b Merge "Use consistent spelling, OpenStack, instead of Openstack" 2022-01-27 21:29:29 +00:00
Zuul
c160858ee0 Merge "Add socket keepalive options for the pymemcache backend" 2022-01-27 21:29:27 +00:00
Grzegorz Grasza
1fe740c2a9 Add socket keepalive options for the pymemcache backend
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.

Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716

Depends-On: https://review.opendev.org/807851
Change-Id: I195d3984248d8402953843bd49bd5e0838bf4fde
2022-01-27 20:23:44 +09:00
Takashi Kajinami
525d58d621 Use consistent spelling, OpenStack, instead of Openstack
Change-Id: I5f0320959ecae3ba3724114d91e7f89406f6404f
2022-01-24 16:28:42 +09:00
Takashi Kajinami
ed6e54bf51 Avoid testing details of oslo::messaging(::*)
... so that any change in puppet-oslo would not directly break unit
tests.

Change-Id: Ib6b2dbe5301604dac0f6790843931c6e367dcbec
2022-01-21 10:49:38 +09:00
Zuul
14c630bffa Merge "Accept system scope credentials for Keystone API request" 2022-01-08 01:02:56 +00:00
Takashi Kajinami
e0f9de35cb Support more tunable parameters of heat-engine
Change-Id: If314e079f45101439751c18eddbead56d0863fbb
2022-01-03 23:09:06 +09:00
Takashi Kajinami
63b791ef4f Add support for [DEFAULT] allow_trusts_redelegation
Change-Id: I4677e89b889f416cc503719286373407a08cffc9
2022-01-03 18:37:41 +09:00
Takashi Kajinami
0f9986e566 Accept array for DEFAULT/trusts_delegated_roles
The DEFAULT/trusts_delegated_roles parameter is a ListOpt, which
accepts a list value in a comma-separated list format. This change
allows usage of array to define the list value in a native manner.

Change-Id: I9d74fac8cdc4cfe7c7c6f366dba712b8c331b269
2022-01-03 18:26:56 +09:00
Takashi Kajinami
67139207a9 Enable DB purge cron job after database is initialized
The DB purge operation expects the target database is already
initialized. This change ensures db sync is completed before cron job
is enabled.

Closes-Bug: #1955829
Change-Id: I742ea262bde8b9412627a475c53b27d25e132787
2021-12-28 10:39:22 +09:00
Takashi Kajinami
a06217b838 Use native support to define RequestHeader statement
... instead of injecting it by vhost_custom_fragment.

Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
2021-12-09 00:24:40 +09:00
Takashi Kajinami
d3a63122cb Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I1429b2cc6f3c01c07ec26b1a7242e451072be368
2021-11-26 00:59:17 +09:00
Takashi Kajinami
2d1311f1c6 cfn: Do not test detail of keystone::resource::service_identity
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.

Change-Id: I68c8a1870c2940e2934ca3b11a71a75f5db179c2
2021-11-25 16:33:45 +09:00
Takashi Kajinami
b3685e6e13 Use consistent spelling, OpenStack, instead of Openstack
Change-Id: I6ad5fecb4accd51d3de3e9ee2594bf96483c5f63
2021-11-18 14:30:47 +00:00
Zuul
93d2d31f07 Merge "aph/api_cfn: Clear the related parameters when ssl is disabled" 2021-11-12 12:21:25 +00:00
Takashi Kajinami
8645f8d70c aph/api_cfn: Clear the related parameters when ssl is disabled
... instead of leaving these parameters unmanaged.

Change-Id: I046b32f01eb73e6989b3b18390e4103aab970554
2021-11-11 08:13:26 +09:00
Takashi Kajinami
3703f8805a Do not manage services when manage_service is disabled
Change-Id: I40e3ef55255eeb13dd3d27d91570b955801aa99e
2021-11-10 22:41:47 +09:00
Takashi Kajinami
6e8b799ba8 Create a separate class to manage the trustee options
This change introduces the new heat::trustee class to manage
the parameters in the [trustee] options. These options have been set
according to authtoken parameters but it makes maintenance complicated
and the logic doesn't work properly when noauth is used.

This change also removes the [trustee] project_domain_name parameter
because the parameter has never been used actually.

Change-Id: I694a8ea771cc4d4dcfbf8384ece2be10d83ab3f0
2021-10-13 22:06:58 +09:00
Takashi Kajinami
dd9b003af0 Do not test detail of keystone::resource::service_identity
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.

Change-Id: Icaf4eaabb2249145bfbfb51541d9c9ced1e745bf
2021-09-27 11:41:55 +09:00
Zuul
ed03476d31 Merge "Allow purging policy files" 2021-09-20 08:22:03 +00:00
ZhongShengping
a1ae65f323 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I2feecb96c4b859584ead37155269cb33d742e9d2
Closes-Bug: #1943212
2021-09-14 16:02:09 +08:00
Takashi Kajinami
b7d4441ce9 Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ife9db20f914ae773881f4c78871b8232ecf42d17
2021-09-04 22:03:34 +09:00
Zuul
93bc3cf679 Merge "Do not test authtoken parameters directly" 2021-09-03 07:57:35 +00:00
Zuul
71c8a85409 Merge "Use a 'params' hash for authtoken parameters" 2021-09-02 18:13:51 +00:00
Takashi Kajinami
849af0e11f Do not test authtoken parameters directly
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.

Change-Id: I293c28cc9e7decc2149b44b8f9154f088ebf09db
2021-08-27 06:33:35 +09:00
Takashi Kajinami
79ee6b5c8f Use a 'params' hash for authtoken parameters
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].

[1] 5c38281e1b698f157f03bf1815733277c541c30b

Change-Id: I62c36a4521ca9b3c5062d88fe9a7ee55c748fbd3
2021-08-26 22:15:34 +09:00
Zuul
c46813b1e2 Merge "Migrate max_stacks_per_tenant to heat::engine" 2021-08-24 09:46:26 +00:00
Takashi Kajinami
b362f4e026 Do not test details of oslo::cache
... but test interface of oslo::cache, to make these test cases robust
for any change in oslo::cache.

Change-Id: Ic84202156f487e1b4605b665d02a1ebbecc509aa
2021-08-23 14:36:47 +09:00
Takashi Kajinami
e79e74cd08 Migrate max_stacks_per_tenant to heat::engine
... because the max_stacks_per_tenant parameter is used by heat-engine,
and the very similar max_resources_per_stack parameter is implemented
in heat::engine.

Change-Id: I57a8e8b9643d999c8ed379895f998ee1d09fb1a8
2021-08-07 00:20:17 +09:00
Thomas Goirand
131476ca2b Get rid of the $pyvers variable
Since everyone has switched to Python3, it's time for the removal of the
$pyvers variable.

Change-Id: Ie5052433ff584d75fcf58c0058f16a05dc97eeaa
2021-05-21 11:22:52 +02:00
Takashi Kajinami
aadfcfc087 Do not test detail of oslo::cors
This change makes unit test cases for heat::cors, so that these tests
do not test behavir of oslo::cors but how oslo::cors resource type is
called by heat::cors.

Change-Id: Ic1bdb8f8d9b397b17db8c1d7a64a2e2d88e94b62
2021-05-12 00:24:37 +09:00
Thomas Goirand
274e458478 Add support for heat_api_{cfn_,}uwsgi_config in Debian
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.

Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
2021-04-10 22:44:24 +02:00
Thomas Goirand
37bd354401 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: I9dea409a46bd8d22388853582de8f64034cf0d03
2021-04-01 23:01:27 +02:00
Takashi Kajinami
704c10fce4 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: Ic012fdd97529baebef8840f364084e7f946b6908
2021-03-24 16:38:22 +09:00
Takashi Kajinami
e08f3cd6fe Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: Ice8c1420a2386887965dd587e90b35d3314b0c27
2021-03-16 12:36:29 +09:00
Zuul
2563fda115 Merge "Add support for healthcheck middleware options" 2021-02-23 19:59:33 +00:00
Zuul
bea275a919 Merge "Add TLS options to oslo.cache" 2021-02-10 17:49:28 +00:00
Grzegorz Grasza
42d1e8567d Add TLS options to oslo.cache
This patch specifies a set of options required to build a TLS context.
The context built from those options can later on be passed to any of
the oslo.cache backends that supports TLS connections.

Depends-on: https://review.opendev.org/761604
Change-Id: I92552d013db98b972124db901f3f35a326110846
2021-02-10 21:00:25 +09:00
Takashi Kajinami
72d1b4d137 Add support for healthcheck middleware options
Depends-on: https://review.opendev.org/772202
Change-Id: I3a09b3dcdbece397edb19051683657bec2d411c4
2021-02-01 17:29:53 +09:00
Takashi Kajinami
b4e9a1a6e4 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: Id19b8fc7ded7b3a25a7b028687780caad32deae9
2021-01-07 08:44:59 +00:00
ZhongShengping
c16009b55b Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: I9118a6d4e1553ee0715f3fda72d625ccdcdf1b0f
Closes-Bug: #1904962
2020-11-23 09:27:52 +08:00
ZhongShengping
bb28a6a9a4 Deprecate allow_insecure_clients option
The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: Ia08ce1ffa507572f6eff0ad24415802b0b535a13
Closes-Bug: #1902158
2020-11-02 15:25:27 +08:00
Zuul
b88fa7b204 Merge "Deprecate database options from the heat class" 2020-10-21 09:13:20 +00:00
Takashi Kajinami
6a8e1b15aa Deprecate database options from the heat class
... because these options have been implemented in the heat::db class.

Change-Id: I5724d843607d958bae9cc897899cd78dddd7cdea
2020-10-20 11:28:11 +09:00
Christopher Brown
261f4b1cf6 Add support for the keystone_authtoken/service_type parameter
Change-Id: I2c3a5d3c005963fe490310f6b81619cc85b28cc9
2020-10-18 18:23:41 +10:00
ZhongShengping
b1ba1d6376 Include deps class in unit test for sync
Change-Id: I629f6031dcf27edacb9681f86fa7b0dd1433af2e
2020-10-12 10:46:40 +08:00
ZhongShengping
e891e3604b Include deps class in unit test for postgresql
Change-Id: I9004657f9ed0da8f53029d2f07d597bd1fdb5d36
2020-10-10 09:31:12 +08:00
ZhongShengping
0e63859379 Include deps class in unit test for mysql
Change-Id: I16aa8e1d51c9c2c49d7e180a8d809460a7261d5f
2020-10-09 09:59:55 +08:00
ZhongShengping
9fd21cf7cf Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I6392637052f305f6c0b9381923d8e9a69774a51a
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:55:57 +08:00