This reverts commit d07a47d2cbc51456a89936c3751013297fac96e9.
Reason for revert:
puppet-postgresql 8.1.0 was released and now the module supports RHEL 9
(and CentOS 9 effectively).
Note:
This change adds the service_provider fact in test fact data because
it is required by puppet-postgresql.
Depends-on: https://review.opendev.org/850705
Change-Id: Ib3e5b82c9685505465d19ab5b12987f020f74076
These default values are same as the actual default values in Trove,
thus we can replace these by $::os_service_default. This saves us
from maintaining our own default.
Change-Id: I557a919be3496d5314baec303764b7e8b99ed2de
The current hard-coded default values are exactly same as the default
values in Trove, thus can be replaced by $::os_service_default.
Change-Id: I241355d278f23ac05f42ef0150f41cc2a5795abb
... because the parameter was deprecated in favor of renaming to
the management_networks[1].
Also, allow usage of an Array value because the parameter is ListOpt.
[1] 44fbcfaaa608aba9184bd8757ba60c6a8155bae1
Change-Id: I4f8215995d098654d9303b54b5687552e94b23b7
... because it was deprecated during Yoga cycle[1] and has had no
effect since then.
[1] ddb0f14f95156c483c499fe95982d2e5777b236f
Change-Id: Ib9eab7d3c174c11932afb05c66138dfe3cbf5a7c
This change removes deprecated parmaeters and classes related to
trove-conductor and trove-taskmanager. These were deprecated during
past cycles and are ready to be removed.
Depends-on: https://review.opendev.org/839061
Change-Id: I250fb4cd098b7aaa6f4b9488e7226ffb27355046
The trove-guestagent service should be run in instances instead of
OpenStack hosts. This change disables the service by default because
we expect these modules are used to deploy hosts, and we don't expect
any use case where this puppet module is used to build the trove guest
image.
Closes-Bug: #1965228
Closes-Bug: #1485397
Change-Id: I57aa6ecd008f1a7a271e7baafc95cd75bf700f54
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.
Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.
Change-Id: I5cad33c4caf1e3b3408dba5328c8b2f67a85b555
... and automated detection of auth_url parameter.
These were deprecated during the Ussuri cycle[1].
[1] 1d3bffd18b903aba95e5590b3c8444334d21a656
Depends-on: https://review.opendev.org/823886
Change-Id: I8304a0fd3bcabaf236a03c98f368b35842c7bff1
Previously puppet-trove creates separate config files for each service
but these individual files have been removed from Trove by [1].
This change follows that decision and merge these three files into
the single trove.conf file.
[1] https://review.opendev.org/679043
Change-Id: I23c01acd9439335abb706f2528684d4ec473247d
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.
Change-Id: I0298c6cd665656b9f70e658a829a61b72157673a
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I6907dd4b41dfe009a69fecd3ee5d8332c4c6a424
... but test interfaces of that resource type. This helps us avoid
direct breakage caused by any change in puppet-keystone.
Change-Id: I3ace0192837442a4d3952cc7b75ed2e93426effa
The authtoken parameters are not managed directly but managed by
the keystone::resource::authtoken class. Thus we should avoid testing
parameters directly otherwise any change in the resource type can
cause test failures.
Change-Id: Ie3be7281aaf218c5e5b943a4b1517ad7b445910d
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: Ib07734e8f3d1ba0ca413d3c68ff6f00ffd0f8a64
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: If5a1becaa44bf082ef4b8430e87348f4df980abe
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I19e62ec5f811b262b464815a5d7b6b7e2ed2eac1
Closes-Bug: #1904962
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: If61e708f68f96ce6c485a681d39e17c3cf737d2a
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.
Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I952e990e1f56d6e0226eac25397ab3062074551f
In CentOS, we expect to have python3 client package in 8.x while we
expect to have python2 in 7.x .
Fix unit tests to expect the correct version according to os major
version.
Change-Id: I4a4e2f2a1d675c5feb25bb6cb2a139cc42d845a6
oslo.messaging RabbitMQ driver have now a new option that allow user to
run the RabbitMQ heartbeat over a native python thread.
These change allow user to use this new option.
Change-Id: Ia2e54453058080f12963dedb18249faa5c9b2424
Closes-Bug: #1840868
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: Ie5ad7f2438c922692b4d7df60cd68a6afadb3a72
Closes-Bug: 1778198