Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: If07cac9bc41d173baeadbefb4dad3612c32ee369
The puppetlabs-apache module is enforcing more strict data type
validation[1].
This change updates the default values to adapt to that change.
[1] f41251e336
Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: Ic4160b208ff1d728cab2b77c9261cb18deec8c27
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: Ie5f2669a8686a3546b652251881615e0e18bf433
... because these parameters were deprecated during Yoga cycle[1] and
have had no effect since then.
[1] 7eeb46e04d61189925dbbaa06d3016a0235d6200
Change-Id: I6b2ee2e3e9fb633f5f3c6fa9b2e4106e5430484e
This is follow-up of 7eeb46e04d61189925dbbaa06d3016a0235d6200 and fixes
the following two points.
- tenant_name is deprecated but a proper warning message is missing
- password is deprecated and now is optional, but it is still
validated
Closes-Bug: #1973315
Change-Id: I169d42dee4896843e55d4989dc440ad7e7c7ec94
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I17cd1a7adcc09168d3f53f44787858ef1d89a0a7
This change ensures keystone resources like the mistral service user
are created before completing service setup, so that we can use
the service::end anchor to ensure Zaqar service is fully available.
Change-Id: I5989b330cd55328510cc1bb20b6c00eeac18353b
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Depends-On: https://review.opendev.org/807851
Change-Id: I683f1328ab68839b4877e91513cae206656a6ad2
It turned out defining dependency for openstacklib::wsgi::apache
doesn't properly enforce resource order and the default vhost file
is not purged properly.
This change adds the more explicit dependency to enforce the order
properly.
Change-Id: I5d03a133bb9d6e8a5ed67b7b06ee73608cff37ee
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I2a54b0d0c03a98b3fe7a3a4a28051247eea7e70a
The zaqar::keystone::auth_websocket class has been added to create
an independent keystone endpoint for websocket service but the service
user created by the class has never been used.
This change disables the logic to create the user and the associated
resources like roles and projects, so that only required resources are
created.
Change-Id: Iaa0042acb9fda198f10e6067523301bfd08bf249
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.
- The server class doesn't need access to anything defined in
apache::params
- The following classes are included by the openstacklib::wsgi::apache
resource type, and current inclusions are just redundant.
Change-Id: I7f2f5dbb7f7e07be611da61905201d90baee28ef
Since [1] was merged, not only openstacklib::poliy::base but also
openstacklib::policy::default is included to manage the policy file.
This change ensure openstacklib::policy::default is executed after
the packages are installed.
[1] 9c04deee7f01582a29c805f053bed236d7c2457e
Change-Id: Ie9dce227429a12d893b3cbbe495f604ed1b5620b
This change allows usage of list values to define The *_pipeline
parameters, because these parameters are defined as ListOpt and accept
comma-separated strings.
Change-Id: I03fae4fb56812ca5e421d4bec95c0f74fbdba70e
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I96bae290b599f65b3b03fc5efb8bce3c0459f13a
The zaqar::server_instance resource type allows setting up multiple
instances of zaqar-server by creating /etc/zaqar/{name}.conf .
Currently there is no validation about the name and if it can be set to
'zaqar' which results in conflicting management of zaqar.conf .
This change introduces a simple validation logic to make sure that
the resource type uses a config file different from the base
zaqar.conf .
Change-Id: Idb0eaff24e84121e0c78daf659d5b9f861491faa
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I7e453f3abf08e13d2366ea68af1ce859a88e8448
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into
puppet-nova[1].
[1] 5c38281e1b698f157f03bf1815733277c541c30b
Change-Id: Iae359ee38cac10190f9813b14cd3a2f92a59d1b6
Neutron uses oslo.cache options for caching. This change adds support
for the options implemented in the library.
Change-Id: I8d9930c80c65867ebd220153c20d06cdab0a47b5
Debian based systems (including Ubuntu and other derivatives) always use
/usr/lib/python3 (and not /usr/lib/python3.x), therefore, we shouldn't
use a variable ${pyver3} instead of the 3.
Change-Id: I5c7faa89d0e719b03c9bb47bb45fa5db4487e0e3
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I4a3941c5a21560c6246d22e89d4566dcdc95bfd6
Closes-Bug: #1904962
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I74d848da4f2e923f224786fd55b35cb063bb59a1
... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.
Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I14c7305e36a0d72215da987a7cd0d0207be6d1d0