If CEILOMETER_USE_MOD_WSGI is True then the API app will
run under mod wsgi. The default is false (for now).
The changes are modeled on keystone's use of apache.
Note that these changes are dependent on
https://review.openstack.org/#/c/121823/ in ceilometer.
Using mod_wsgi allows the ceilometer api to handle "concurrent"
requests. This is extremely useful when trying to benchmark
various aspects of the service.
Change-Id: I4c220c3b52804cd8d9123b47780a98e0346ca81e
* DEFAULT.fixed_range isn't a valid option in nova anymore
* DEFAULT.osci_compute_workers was never a thing, it should be
DEFAULT.osapi_compute_workers
Change-Id: Ib08f3e20e4685b331385431276f890205fa76da6
Nova v3 API has disappeared in Juno cycle, and we don't test the API
now on the gate since If63dcdb2d05aa0fab0b6848a1248b6678f1ee9ad .
This patch removes the endpoint of Nova v3 API.
Change-Id: I85f87b37558a15d1eaaa781b02fec5b02bd2ab44
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.
To enable SSL via proxy, in local.conf add
ENABLED_SERVICES+=,tls-proxy
This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.
To enable SSL natively, in local.conf add:
USE_SSL=True
Native SSL by default will also use the devstack-generate root and
subordinate CA.
You can override this on a per-service basis by setting
<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca
You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
- Horizon no longer has "enable_security_group" setting
so we need to remove it.
- There is no need to set enable_lb/firewall/vpn to True
when q-lbaas/q-fwaas/q-vpn is enabled because Horizon now checks if
Neutron ext-list and enables corresponding dashboards accordingly.
Change-Id: I37073d73e4cba0103ab1a3d935302f1cd0ef73c5
The Cisco Nexus monolithic plugin does not work without the Open
vSwitch plugin. The Open vSwitch plugin is scheduled to be removed
as per #1323729. This patch removes the Nexus Hardware switch
related code from devstack. The N1KV virtual switch related code
will still remain in the tree as it doesn't depend on Open vSwitch
plugin.
Closes-Bug: #1350387
Change-Id: I82ebb09c64589fc9b7bb790982541bc87c66e6e3
The current default (/var/www) leads to:
AH01797: client denied by server configuration:
/var/www/keystone/admin
For /var/www the needed permissions on SUSE are not set.
For /srv/www/htdocs/ the permissions are correct on SUSE systems.
Change-Id: I3f2df896daecdfe510d45ff121af2a8433a4d5be
The Keystone server and auth_token middleware were enhanced to
support a configurable hash algorithm.
With this change, the user can set
KEYSTONE_TOKEN_HASH_ALGORITHM=sha256
in their localrc to use the SHA256 algorithm rather than the
default md5. Any hash algorithm supported by Python's hashlib can
be used. The MD5 algorithm doesn't provide enough protection from
hash collisions and some security standards mandate a SHA2 hash
algorithm.
Change-Id: I8b373291ceb760a03c4c14aebfeb53d8d0dfbcc1
Closes-Bug: #1174499
Each project was configuring the auth_token middleware using several
lines of inisets. Since all the projects should configure the
auth_token middleware in the same way create a function and call it.
Change-Id: I3b6727d5a3bdc0ca600d8faa23bc6db32bb32260
The API_WORKERS option wasn't setting the number of admin workers
for the Keystone server when running in eventlet mode. This will
allow for control of throughput and memory usage.
Change-Id: Iecbce4a601f93784164e53d8b0c542d48f7b5650
Zaqar is a messaging service which provides support for different
messaging patterns and messaging related semantics.
This fix changes the old API name -queuing- to a more accurate name, -messaging-.
Change-Id: I07ca6ca704a4f07d88c192a5ce1a7c626de1fcea
Keep the default to 1 instead of going wild, cause Swift really would
kill the VM if we let it go (and keeps the old behavior).
Change-Id: I7449c1bb485459169b8870c871b887cbab8be865
MySQL-python is needed for keystone and we were installing it
implicitely only for apts and not for rpms. Fix keystone only devstack
install on a pristine vm.
Change-Id: I0d117513af4e2ad58635f7a7b22f7a6e3ff36a38
libvirtd is the new name of the init script in Debian testing.
libvirt-bin is still in use on Debian Wheezy.
Since I222b71962f49896063910ff2a25e4f57be4bf819, libvirtd is the
default for Debian, this break the compatibility with Debian Wheezy.
With this patch, we use libvirt-bin only if there is no
/etc/init.d/libvirtd init script.
Change-Id: I13694fef93d36c2e128e15e7dbfaec9230335585
command isn't properly parsed after switch to run_process. this
patch corrects the regression
Change-Id: Ib28d4bbf6f150854fc5aa04e3fa4eed92005ce19
Closes-Bug: #1370673
