205 Commits

Author SHA1 Message Date
Takashi Kajinami
89a5440fd4 Revert "CentOS 9: Disable unit tests dependent on puppet-postgresql"
This reverts commit d07a47d2cbc51456a89936c3751013297fac96e9.

Reason for revert:
puppet-postgresql 8.1.0 was released and now the module supports RHEL 9
(and CentOS 9 effectively).

Note:
This change adds the service_provider fact in test fact data because
it is required by puppet-postgresql.

Depends-on: https://review.opendev.org/850705
Change-Id: Ib3e5b82c9685505465d19ab5b12987f020f74076
2022-07-24 01:02:16 +09:00
Zuul
8b7be73088 Merge "api: Remove redundant default values" 2022-06-28 14:37:55 +00:00
Zuul
0dbb89d797 Merge "Avoid hard-coding default of http_*_rate parameters" 2022-06-28 14:23:57 +00:00
Takashi Kajinami
f28094de53 api: Remove redundant default values
These default values are same as the actual default values in Trove,
thus we can replace these by $::os_service_default. This saves us
from maintaining our own default.

Change-Id: I557a919be3496d5314baec303764b7e8b99ed2de
2022-06-24 18:20:25 +09:00
Takashi Kajinami
df1c3e258e Avoid hard-coding default of http_*_rate parameters
The current hard-coded default values are exactly same as the default
values in Trove, thus can be replaced by $::os_service_default.

Change-Id: I241355d278f23ac05f42ef0150f41cc2a5795abb
2022-06-24 18:15:18 +09:00
Takashi Kajinami
74881548a4 Rename default_neutron_networks
... because the parameter was deprecated in favor of renaming to
the management_networks[1].

Also, allow usage of an Array value because the parameter is ListOpt.

[1] 44fbcfaaa608aba9184bd8757ba60c6a8155bae1

Change-Id: I4f8215995d098654d9303b54b5687552e94b23b7
2022-05-21 06:48:52 +00:00
Takashi Kajinami
18a4e46704 Remove use_neutron parameter
... because it was deprecated during Yoga cycle[1] and has had no
effect since then.

[1] ddb0f14f95156c483c499fe95982d2e5777b236f

Change-Id: Ib9eab7d3c174c11932afb05c66138dfe3cbf5a7c
2022-05-21 12:24:20 +09:00
Takashi Kajinami
4d87fa2c69 Clean up deprecated items related to conductor/taskmanager
This change removes deprecated parmaeters and classes related to
trove-conductor and trove-taskmanager. These were deprecated during
past cycles and are ready to be removed.

Depends-on: https://review.opendev.org/839061
Change-Id: I250fb4cd098b7aaa6f4b9488e7226ffb27355046
2022-04-22 13:42:46 +00:00
Zuul
59b44a838d Merge "Avoid testing details of oslo::messaging(::*)" 2022-03-18 21:50:08 +00:00
Takashi Kajinami
9d0381ab81 Avoid testing details of oslo::messaging(::*)
... so that any change in puppet-oslo would not directly break unit
tests.

Change-Id: Iba0599ff4485668ace1b044e6a922b2dafec6d3b
2022-03-18 13:50:07 +09:00
Takashi Kajinami
4c6e5c9d76 Disable trove-guestagent service by default
The trove-guestagent service should be run in instances instead of
OpenStack hosts. This change disables the service by default because
we expect these modules are used to deploy hosts, and we don't expect
any use case where this puppet module is used to build the trove guest
image.

Closes-Bug: #1965228
Closes-Bug: #1485397
Change-Id: I57aa6ecd008f1a7a271e7baafc95cd75bf700f54
2022-03-17 15:23:59 +09:00
Takashi Kajinami
f35dc66ff3 Globally support system scope credentials
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I5cad33c4caf1e3b3408dba5328c8b2f67a85b555
2022-03-11 05:17:13 +00:00
Takashi Kajinami
967522885a Clean up deprecated keystone v2 parameters
... and automated detection of auth_url parameter.

These were deprecated during the Ussuri cycle[1].

[1] 1d3bffd18b903aba95e5590b3c8444334d21a656

Depends-on: https://review.opendev.org/823886
Change-Id: I8304a0fd3bcabaf236a03c98f368b35842c7bff1
2022-03-11 05:17:03 +00:00
Takashi Kajinami
ddb0f14f95 Deprecate the use_neutron parameter
... because nova-network was removed a while ago and now neutron should
be used always.

Change-Id: Icc23d46b18c0bdc0564219d3773f2a3b5d99a829
2022-03-07 23:57:24 +00:00
Takashi Kajinami
f1c11c68d5 Use single trove.conf for api, conductor and taskmanager
Previously puppet-trove creates separate config files for each service
but these individual files have been removed from Trove by [1].

This change follows that decision and merge these three files into
the single trove.conf file.

[1] https://review.opendev.org/679043

Change-Id: I23c01acd9439335abb706f2528684d4ec473247d
2022-03-07 23:56:02 +00:00
Takashi Kajinami
d07a47d2cb CentOS 9: Disable unit tests dependent on puppet-postgresql
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.

Change-Id: I0298c6cd665656b9f70e658a829a61b72157673a
2022-02-16 00:29:43 +09:00
Takashi Kajinami
95f5169393 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I6907dd4b41dfe009a69fecd3ee5d8332c4c6a424
2022-01-25 10:54:14 +09:00
Zuul
2eb937c16c Merge "Add support for [keystone_authtoken] service_type" 2022-01-24 18:50:27 +00:00
Zuul
d922697212 Merge "Do not test authtoken parameters directly" 2022-01-24 17:41:49 +00:00
Takashi Kajinami
2a28f521ec Do not test detail of keystone::auth::service_identity
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.

Change-Id: I3ace0192837442a4d3952cc7b75ed2e93426effa
2022-01-24 15:25:00 +09:00
Takashi Kajinami
8b5cb8c0a3 Add support for [keystone_authtoken] service_type
Change-Id: Id7048f2b1bfed8641c9a6f6b7508a88282c25cf2
2022-01-24 13:12:55 +09:00
Takashi Kajinami
69eca59c78 Do not test authtoken parameters directly
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.

Change-Id: Ie3be7281aaf218c5e5b943a4b1517ad7b445910d
2022-01-24 13:12:55 +09:00
ZhongShengping
3c26187e67 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I888a398b156239804feb31010894e400b2c04f2f
Closes-Bug: #1943212
2021-09-14 16:02:09 +08:00
Takashi Kajinami
53ac7d78a3 Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ib07734e8f3d1ba0ca413d3c68ff6f00ffd0f8a64
2021-09-04 22:20:01 +09:00
Thomas Goirand
4d2d6bfe8e Get rid of the $pyvers variable
Since everyone has switched to Python3, it's time for the removal of the
$pyvers variable.

Change-Id: Iebaeb757d2b989f8307a47f57d7aff6071527836
2021-06-14 09:38:24 +02:00
Thomas Goirand
a4f4412946 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: If5a1becaa44bf082ef4b8430e87348f4df980abe
2021-04-11 23:49:39 +02:00
Takashi Kajinami
8591466c66 Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: I0e6cfc05eb948cdfbb6433b8b6311292ea96d35e
2021-03-24 18:37:45 +09:00
Takashi Kajinami
77fb34e43e Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: I7d7776d81f61ebc133185e1d1bc55f84fc58b078
2021-03-24 18:36:37 +09:00
Takashi Kajinami
19a2402389 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I1457e6da6d3bb582b081208df9d9dad56a656ee6
2021-01-07 23:08:29 +00:00
Sam Morrison
67d06ede87 Support new max_ram_per_tenant quota option
Change-Id: If77f2123174f7d55530c181350c5517dcf084b9b
2020-12-07 16:20:06 +11:00
ZhongShengping
0cb3a8b007 Allow db sync timeouts to be configurable
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.

Change-Id: I19e62ec5f811b262b464815a5d7b6b7e2ed2eac1
Closes-Bug: #1904962
2020-11-23 09:27:52 +08:00
ZhongShengping
8cee8b5eca Deprecate allow_insecure_clients option
The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: Ibc83b18732269ce72ae51cbd5218e1ce772ae6a8
Closes-Bug: #1902158
2020-11-02 15:33:44 +08:00
ZhongShengping
ad0746de5b Include deps class in unit test for postgresql
Change-Id: I9bafbff58643af7734c883326e819faa4bbddbb3
2020-10-10 09:31:12 +08:00
ZhongShengping
c57da574d0 Include deps class in unit test for mysql
Change-Id: I53889b0a57ea79c70ba7cdf1a62c719af2b427d2
2020-10-09 09:59:55 +08:00
ZhongShengping
f6d7eb8794 Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: I36c37be9c17cad076fb261457c5ee5ee3fb50cf7
Depends-On: https://review.opendev.org/#/c/748067
Closes-Bug: #1892952
2020-08-26 11:56:36 +08:00
ZhongShengping
1afa1afac1 Add service_token_roles for keystone authtoken config
Add the ability to configure service_token_roles.

Change-Id: Ia19efd5737c57ccf0f7922c037cce47adf9a2fd6
Closes-Bug: #1892284
2020-08-20 10:41:27 +08:00
Lewis Denny
7585243d3f Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.

Change-Id: If61e708f68f96ce6c485a681d39e17c3cf737d2a
2020-07-16 21:28:49 +10:00
Zuul
9a1b5dac6c Merge "Remove password hash generation in each puppet modules" 2020-05-20 04:57:32 +00:00
Takashi Kajinami
8a733cddad Remove password hash generation in each puppet modules
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.

Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I952e990e1f56d6e0226eac25397ab3062074551f
2020-05-19 21:51:56 +09:00
Takashi Kajinami
1d3bffd18b Use service credential parameters to define keystone v3 auth
Change-Id: I67ac8b41365e1d6f90b8982659b9fd52744d2ad7
2020-05-06 21:36:00 +09:00
Takashi Kajinami
ce810936d3 Expect python3 client package in CentOS8
In CentOS, we expect to have python3 client package in 8.x while we
expect to have python2 in 7.x .
Fix unit tests to expect the correct version according to os major
version.

Change-Id: I4a4e2f2a1d675c5feb25bb6cb2a139cc42d845a6
2020-04-07 12:35:25 +09:00
ZhongShengping
b4fa0d647c Deprecate min_pool_size option
min_pool_size option is not used,see:

https://review.opendev.org/#/c/565090/

Change-Id: I40787084340ec84679d03728c25b5806e56fcefd
Closes-Bug: #1868511
2020-03-25 14:53:41 +08:00
Tobias Urdin
a053d4e86e Convert all class usage to relative names
Change-Id: Ic7b8f4e584e3f1ed1d5c6c568cc6caf67493cdda
2019-12-08 23:24:12 +01:00
ZhongShengping
818193f578 Introduce the new rabbit_heartbeat_in_pthread option
oslo.messaging RabbitMQ driver have now a new option that allow user to
run the RabbitMQ heartbeat over a native python thread.

These change allow user to use this new option.

Change-Id: Ia2e54453058080f12963dedb18249faa5c9b2424
Closes-Bug: #1840868
2019-08-21 14:24:26 +08:00
ZhongShengping
742ce235d3 Fix client spec test
Change-Id: I66fb7aba97276da11443565207f42a3ac0755990
2019-05-20 11:03:21 +08:00
ZhongShengping
321a15b342 Add openstackclient installation to the client class
The repo is inside the openstackclient plugin commands[1].

[1]https://docs.openstack.org/python-openstackclient/latest/cli/plugin-commands.html

Change-Id: I1f571d7fac536e95c1acc0ddd9d463672dc25a37
2019-05-17 16:31:21 +08:00
ZhongShengping
2cbfbf7d5f Deprecate idle_timeout option
The idle_timeout parameter is deprecated, use connection_recycle_time
instead[1].

[1]https://review.opendev.org/#/c/334182/

Change-Id: Ifb876685e27df60f400105564b62eaf06be30287
Depends-On: https://review.opendev.org/656106/
Closes-Bug: #1826692
2019-04-28 15:00:14 +08:00
ZhongShengping
4212800852 Service_token_roles_required missing in the server config file
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: Ie5ad7f2438c922692b4d7df60cd68a6afadb3a72
Closes-Bug: 1778198
2019-02-15 10:03:10 +08:00
ZhongShengping
dcc0c9b9f2 Fix lint issue
Change-Id: Ic35c2a86c4cd4f764d4d3d25b45f39683831d21a
2019-01-25 12:23:46 +08:00
Zuul
bbc9f81bdc Merge "Inherit pyvers from openstacklib::defaults" 2019-01-19 04:15:58 +00:00