Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I1b7b3f894832a067d740bb5a4567e922dcf22af5
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I0cd67cfae48dc072730c1e83d426d73b2efb8183
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: I8c02a3651cf6a749e1039b0a3a9b92800fb4a79e
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I2a5f11d60137708b6e5e1e5aeac58712010cf269
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I16c7a6407d647a25d6093239b30845a212202a5c
... because it was deprecated during Xena cycle[1] in favor of the new
aodh::coordination class.
[1] 16091c8dd6
Change-Id: I0e11987c7d121b2fb639274ed60181c56ce4f6d1
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: I857407802617087f75334c8357055250dcd4cef5
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.
Depends-on: https://review.opendev.org/843503
Change-Id: I7058aa282e76171a701d6cf8bce8b2218d7e6e8d
The parameter was deprecated during Yoga cycle[1] in favor of the new
heartbeat_interval parameter.
[1] 49eb825204
Change-Id: I03d217663445001fc48f9192774ae6b680d2d7f9
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I0f05258885570637aa9d53b2d6a69c1756f375e9
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: I0ebff768ad4ce0ed4a2a8330e4f30dc45342ab0f
All strings are considered as unicode string from Python 3.
This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.
Change-Id: I0acf9d803a2db06991a48a31b11a7108c58146f3
Co-Authored-By: LiZekun <2954674728@qq.com>
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.
Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.
Change-Id: I28ff22b43ea5938056082361c9d0c98f89de1a03
In current puppet, overriding a parameter by "undef" results in
just its default value. There is no chance that undef is honored unless
that is the default.
Change-Id: Icf44e6be4317dc6de973368c4f1aba3f88ea161f
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I672a988e77e58df0addb1ed4a47d609cbcef1331
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: Ib0272c1525a6974894a6101c40b50a7deb7cbea7
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules
Depends-on: https://review.opendev.org/813614
Change-Id: I843154a46ac61c8ea54a7b28a42ad154568a845e
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: Ib07e7278ac74266747a046dd697c5e253cc6710e
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I57fc7fe19cd0f856b3906b08118386ab62a067d8
This change introduces a new option to set batch size for expirer,
which allows limiting number of alamr histories purged in a single run.
Depends-on: https://review.opendev.org/755983
Change-Id: Ie37a3c377c455dbafa9cc57ddecb8b8963fc9a82
This change replaces current implementation about coordination
parameters by oslo::coordination resource type, so that we can gather
all logics related to coordination in a single place.
Depends-on: https://review.opendev.org/791628
Change-Id: Id1a8ef196afe05d8e484c2a69ec92d6ebed7fbe2
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.
Change-Id: I7233e26a16884380c6b248c46d9c91d949ee81d2
This change introduces support for batch_* parameters in notifier,
which are tunable parameters about batch processing of alarms.
Change-Id: I8beee8a794b6607875fbc7a46ccc1e58c0c344b5
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Aodh API. Therefore, this patch adds a new
aodh_api_uwsgi_config provider as well as a new
aodh::wsgi::uwsgi class.
Change-Id: Ib00be314fe5abc262d4c35f5fbc5612fcd18972d
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .
Change-Id: Ibf56bdd22ac741e8fd4a101214fc9f477ed3c132
OpenStack Release Bot
Takashi Kajinami