Commit Graph

190 Commits (master)

Author SHA1 Message Date
OpenStack Release Bot 876004f6fe Update master for stable/2023.2
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I1b7b3f894832a067d740bb5a4567e922dcf22af5
2023-10-16 15:14:51 +00:00
Takashi Kajinami 193d0e6cd2 RabbitMQ: Add support for quorum queue options
Change-Id: I644af1c7d7f4721b200fc0b771ad84609e2eb4b6
2023-09-14 10:42:33 +09:00
Takashi Kajinami 0b1c3d9232 Remove support for Puppet 6
... because Puppet 6 reached its EOL in February 2023.

Change-Id: I672ddf20550d4b7d0ec8d8faee72faaf9691754d
2023-05-22 03:20:26 +00:00
OpenStack Release Bot 446b14a65d Update master for stable/2023.1
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I0cd67cfae48dc072730c1e83d426d73b2efb8183
2023-04-05 15:28:13 +00:00
Takashi Kajinami df3fce9e6b Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I8c02a3651cf6a749e1039b0a3a9b92800fb4a79e
2023-01-23 14:27:43 +09:00
Takashi Kajinami c2f586d2ad Switch to Ubuntu Jammy (22.04)
... because Focal no longer supports the recent releases such as Zed.

Change-Id: I5ccadd4a868eb456b4a2fc176736176bd7b08cb8
2023-01-11 16:57:04 +09:00
OpenStack Release Bot 9277734b9d Update master for stable/zed
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I2a5f11d60137708b6e5e1e5aeac58712010cf269
2022-10-20 11:01:25 +00:00
Takashi Kajinami c8c59f1e9a Add Apache WSGI logging parameters for pipe/syslog
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)

Co-Authored-By: Andy Botting <>
Change-Id: I16c7a6407d647a25d6093239b30845a212202a5c
2022-08-26 14:31:43 +09:00
Takashi Kajinami 97682cfa99 Remove deprecated aodh::evaluator::coordination_url
... because it was deprecated during Xena cycle[1] in favor of the new
aodh::coordination class.

[1] 16091c8dd6

Change-Id: I0e11987c7d121b2fb639274ed60181c56ce4f6d1
2022-08-05 01:15:54 +09:00
Takashi Kajinami 0c8d02c758 Expose headers option of apache::vhost
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I857407802617087f75334c8357055250dcd4cef5
2022-06-30 08:20:42 +09:00
Zuul 7d37513d7e Merge "Remove support for CentOS 8 Stream" 2022-06-01 04:57:21 +00:00
Takashi Kajinami a75ec4ed66 Remove support for CentOS 8 Stream
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.

Change-Id: I7058aa282e76171a701d6cf8bce8b2218d7e6e8d
2022-05-27 02:20:58 +09:00
Takashi Kajinami cc2cec0491 coordination: Remove deprecated heartbeat
The parameter was deprecated during Yoga cycle[1] in favor of the new
heartbeat_interval parameter.

[1] 49eb825204

Change-Id: I03d217663445001fc48f9192774ae6b680d2d7f9
2022-05-20 00:33:03 +09:00
Takashi Kajinami 4ec7119fc6 apache+mod_wsgi: Disable SSL by default
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I0f05258885570637aa9d53b2d6a69c1756f375e9
2022-05-06 20:35:57 +09:00
Takashi Kajinami 9400853421 listener: Add support for tunable parameters
Change-Id: Iaa9199dde153cfd218171a0b23c724bad421529c
2022-04-13 11:24:09 +09:00
OpenStack Release Bot e4916c32c8 Update master for stable/yoga
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I0ebff768ad4ce0ed4a2a8330e4f30dc45342ab0f
2022-04-05 09:08:34 +00:00
Zuul 04dbb2c213 Merge "Globally support system scope credentials" 2022-03-11 11:38:01 +00:00
Takashi Kajinami e873a180a4 remove unicode literal from code
All strings are considered as unicode string from Python 3.

This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.

Change-Id: I0acf9d803a2db06991a48a31b11a7108c58146f3
Co-Authored-By: LiZekun <>
2022-03-08 09:01:52 +09:00
Takashi Kajinami 442e6965ed Globally support system scope credentials
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I28ff22b43ea5938056082361c9d0c98f89de1a03
2022-03-04 01:15:53 +09:00
Takashi Kajinami fc9a19781c Add CentOS/RHEL 9 to supported operating systems
... because CentOS 9 is now verified by unit tests and integration

Change-Id: If3ebed6793bdb60304f18be2c5f06508ae3c5c55
2022-02-23 01:06:14 +09:00
Zuul 0f0fcf4661 Merge "Drop unused implementation to expect "undef"" 2022-02-20 11:53:01 +00:00
Takashi Kajinami 7b33c0c74e Remove deprecated amqp_allow_insecure_clients
... because it was deprecated during Wallaby cycle.

Change-Id: Ia8422e02d23e1e5c4c5dc530042f1b9e9a020c9a
2022-02-08 21:53:58 +09:00
Takashi Kajinami 2865eb0be1 Drop unused implementation to expect "undef"
In current puppet, overriding a parameter by "undef" results in
just its default value. There is no chance that undef is honored unless
that is the default.

Change-Id: Icf44e6be4317dc6de973368c4f1aba3f88ea161f
2022-02-03 12:19:17 +09:00
Takashi Kajinami 0eb8b285cf Clean up deprecated database parameters
Change-Id: I64015ca104e66b9b0bfe7edc6961f2610adc01e5
2022-01-23 18:43:09 +09:00
Zuul 49df15f709 Merge "Accept system scope credentials for Keystone API request" 2022-01-07 23:36:32 +00:00
Takashi Kajinami 0b9c0368ed Remove deprecated aodh::auth
... because it was deprecated during Wallaby cycle[1].

[1] e05af2b3f1

Change-Id: I81833bb36737cfdf2372a02c798e1b60832af9f1
2021-12-27 21:22:44 +09:00
Takashi Kajinami e13c2c9713 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Change-Id: I672a988e77e58df0addb1ed4a47d609cbcef1331
2021-11-25 22:50:55 +09:00
Zuul e14e5f12f9 Merge "Replace deprecated [coordination] heartbeat" 2021-11-17 04:55:32 +00:00
Takashi Kajinami 89ddb1b8f2 Add support for [DEFAULT] additional_ingestion_lag
Change-Id: I2b367c92125b0a08d0da1795eda080727bcfa1e5
2021-11-10 07:20:38 +00:00
Takashi Kajinami 09c0b80937 Add support for the [DEFAULT] event_alarm_cache_ttl parameter
Change-Id: I38389fffaf8128f5ac10b150332f546c609b7b9a
2021-11-10 11:38:13 +09:00
Takashi Kajinami c475277bce Prepare to update default of <service>::wsgi::apache::ssl
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.

Based on the following points, false is considered to be the more
reasonable default.
 - Usage of SSL is optional and is not always required
 - There are other methods(like load-balancer) to implement SSL
 - Enabling SSL doesn't work with the default values currently
   defined, and requires additional parameters like ssl_cert.
 - false is the default value defined in the base implementation in

This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.

Change-Id: Ib0272c1525a6974894a6101c40b50a7deb7cbea7
2021-11-02 20:57:26 +09:00
Takashi Kajinami 49eb825204 Replace deprecated [coordination] heartbeat
... by the new heartbeat_interval parameter.

Change-Id: I1a5e49e72a5082cdeaff79b3739d4246e7f01879
2021-10-25 22:15:44 +09:00
Takashi Kajinami e9a758a6f9 Allow customizing separator for api-paste.ini
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini

use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone

This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules

Change-Id: I843154a46ac61c8ea54a7b28a42ad154568a845e
2021-10-15 12:03:17 +09:00
OpenStack Release Bot 0c0ddd127c Update master for stable/xena
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: Ib07e7278ac74266747a046dd697c5e253cc6710e
2021-10-07 08:20:34 +00:00
Zuul 1eb2e38a41 Merge "Allow purging policy files" 2021-09-20 07:31:19 +00:00
ZhongShengping 3d8d273099 Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I523716887b1a981ff8e73e4b24198a36b9efd5a3
Closes-Bug: #1943212
2021-09-14 16:02:08 +08:00
Takashi Kajinami 8755b916b0 Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be

Co-Authored-By: Martin Schuppert <>
Change-Id: I57fc7fe19cd0f856b3906b08118386ab62a067d8
2021-09-04 21:54:38 +09:00
Zuul e9c2f20e88 Merge "Allow setting batch size for expirer" 2021-07-04 21:40:06 +00:00
Takashi Kajinami 21c1650115 Add support for [cors] options
Change-Id: I747744f5153c3fa0876c32c33a1f34d290a1498a
2021-07-01 20:45:34 +09:00
Zuul 0609045965 Merge "Use oslo::coordination to manage coordination parameters" 2021-06-03 04:10:12 +00:00
Takashi Kajinami 216fddb348 Allow setting batch size for expirer
This change introduces a new option to set batch size for expirer,
which allows limiting number of alamr histories purged in a single run.

Change-Id: Ie37a3c377c455dbafa9cc57ddecb8b8963fc9a82
2021-05-28 14:18:18 +09:00
Takashi Kajinami 16091c8dd6 Use oslo::coordination to manage coordination parameters
This change replaces current implementation about coordination
parameters by oslo::coordination resource type, so that we can gather
all logics related to coordination in a single place.

Change-Id: Id1a8ef196afe05d8e484c2a69ec92d6ebed7fbe2
2021-05-28 09:20:28 +09:00
Takashi Kajinami 37952508c6 Drop Fedora support
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.

Change-Id: I7233e26a16884380c6b248c46d9c91d949ee81d2
2021-05-28 09:19:09 +09:00
Zuul a6d537223b Merge "Drop support for standalone api service in CentOS/Ubuntu" 2021-04-27 11:05:03 +00:00
Zuul eaa6c1e847 Merge "Support batch_* parameters of notifier" 2021-04-27 10:08:46 +00:00
Takashi Kajinami 2b382776ad Add support for api/gnocchi_external_domain_name
Change-Id: Ifece49e145c57b9b04312536ac771a55d791e4ab
2021-04-25 20:46:36 +09:00
Takashi Kajinami 86aa1e34e9 Support batch_* parameters of notifier
This change introduces support for batch_* parameters in notifier,
which are tunable parameters about batch processing of alarms.

Change-Id: I8beee8a794b6607875fbc7a46ccc1e58c0c344b5
2021-04-23 22:57:38 +09:00
Thomas Goirand c43377b32c Add support for aodh_api_uwsgi_config in Debian
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Aodh API. Therefore, this patch adds a new
aodh_api_uwsgi_config provider as well as a new
aodh::wsgi::uwsgi class.

Change-Id: Ib00be314fe5abc262d4c35f5fbc5612fcd18972d
2021-04-12 19:36:25 +02:00
Zuul 11ea5a0ebd Merge "Allow to configure policy_dirs" 2021-04-06 10:51:14 +00:00
Thomas Goirand 4de74dd67f Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: Ibf56bdd22ac741e8fd4a101214fc9f477ed3c132
2021-04-01 22:49:44 +02:00