Commit Graph

59 Commits (master)

Author SHA1 Message Date
Takashi Kajinami 43735fb127 Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: Iebdb33dd18a8f8d18840ff3e5f4608f021a78bfa
3 months ago
Rajesh Tailor 499a898468 Fix typos in parameter descriptions
Change-Id: Iacebc227e074da592aa0ca8ff6f8226f3e850a66
12 months ago
Takashi Kajinami 9112b1af86 Clean up deprecated database parameters
Change-Id: Ie04052b937e501f1e3d8659a773575755e8286b5
1 year ago
Takashi Kajinami 27db72f4a0 Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following three items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware
 - credential parameters for oslo.limit library

Note that the credential parameters for authtoken middleware are
used in some providers, and these providers still require a project
scope credential. This will be fixed by the subsequent change.

Change-Id: Ic7682993b341a7d45b0957f102f5c3dbd52f9043
1 year ago
ZhongShengping 3dd0c3018f Add watch_log_file option
Add support for Using logging handler designed to watch file system.

Change-Id: I73e721e28155e090585ce4513c11e0949257c6c9
Closes-Bug: #1943212
2 years ago
Takashi Kajinami 658788fd87 Use a 'params' hash for authtoken parameters
This change adds the 'params' hash in authtoken class, to implement
the same functionality as the one recently introduced into

[1] 5c38281e1b698f157f03bf1815733277c541c30b

Change-Id: Ic4f451cfbd0145466ae65330729e980f5567795e
2 years ago
Takashi Kajinami a608dfee41 Add support for the keystone_authtoken/service_type parameter
Change-Id: Ia64ad11c44e149a72bc0a2588ae8c6b216fd6dec
3 years ago
Zuul d96daf9256 Merge "Do not validate database_connection format" 3 years ago
Takashi Kajinami 4c943fb458 Do not validate database_connection format
Currently we validate database_connection in 2 layers, each puppet
modules and puppet-oslo, however this makes it difficult to maintain
validation pattern because we always need to fix both.
This patch removes the validation from each puppet modules so that
we need to maitain only one place, puppet-oslo to update validation

Change-Id: If13825dff529c91508ae19e48c7918cbd2b50245
3 years ago
ZhongShengping 8a44e06a30 Add mysql_enable_ndb option
Add mysql_enable_ndb parameter to select mysql storage engine.

Change-Id: Iab922500f060ad0304ee61998c4dc1ce323f22f8
Closes-Bug: #1892952
3 years ago
Takashi Kajinami 0b973b4648 Add support for the interface parameter in authtoken middleware
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken

Change-Id: I380868884abe92b35e93c3bf22d877838d0eac55
3 years ago
ZhongShengping ca939e9732 Deprecate min_pool_size option
min_pool_size option is not used,see:

Change-Id: I67e5c96a70ae4ebb6934129286516a24c5a22fbf
Closes-Bug: #1868511
3 years ago
ZhongShengping 16d279e21e Remove idle_timeout option
The idle_timeout parameter has been deprecated for two releases.
We can remove it.

Change-Id: Iaed980290c707463652c36928ec24f603301a183
3 years ago
Tobias Urdin ed9298e996 Convert all class usage to relative names
Change-Id: I9ff8d888e367a46ab89e3668bf4ba76c4c7c127c
4 years ago
Takashi Kajinami df5ad970cd Add support to configure service_token_roles in authtoken middleware
Change-Id: Ia198c96c30226e1ddaa5b68919d471014d5edfd0
4 years ago
ZhongShengping e82d93c1c0 Remove deprecated pki related options
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.

Change-Id: Ib692f55fa267e9fbe17d94c5116f244be02b2107
4 years ago
ZhongShengping 677a307b06 Deprecate idle_timeout option
The idle_timeout parameter is deprecated, use connection_recycle_time


Change-Id: I02536803fad90dbf6edf27a85786f6e94d53d2f1
Closes-Bug: #1826692
4 years ago
Zuul c0fabacc57 Merge "Use validate_legacy" 4 years ago
Tobias Urdin 4b558f6f00 Use validate_legacy
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.

The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.

This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].


Change-Id: Ib21fef57404d63579743270be4080d248a4ca8cc
4 years ago
ZhongShengping ec00aca117 Service_token_roles_required missing in the server config file
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.

Change-Id: I49828052bdf33391edcd962fc6c4208c715e377a
Closes-Bug: 1778198
4 years ago
Tobias Urdin f09800121b Remove deprecated logging
Change-Id: Id33a11d8eb74bc4685b7c1e88de9f73df1404e03
4 years ago
ZhongShengping d07c62fe8f Cleanup documentation
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.

Change-Id: I1b54aefa27a929946aaf91c6f863466df8b13107
5 years ago
ZhongShengping f8692c4d7c Deprecate pki related options
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.

Change-Id: Ic25814ff5d8a3134de59876c38da2c245c50d7ca
Closes-Bug: #1804562
Closes-Bug: #1804720
5 years ago
Tobias Urdin 779162c884 Remove auth_uri
Change-Id: Id89177db73608736f5cea0e8146ed4dd12c199b3
5 years ago
qiaomin 774a89ce0c Replace port 35357 with 5000
Now that the v2.0 API has been removed, we don't have a reason to
include deployment instructions for two separate applications on
different ports.

Change-Id: Ieb132483803085c0e97a3572fc035af3817467af
5 years ago
ZhongShengping 6b0c3d4855 Deprecate auth_uri option
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.


Change-Id: I081c6f8c791ef7d4dc1d5bf8dfc2676c73e66734
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
5 years ago
Zuul 80c58df276 Merge "Remove deprecated keystone authtoken revocation_cache_time option" 5 years ago
ZhongShengping f7771d8ff6 Remove deprecated keystone authtoken revocation_cache_time option
Change-Id: I9ddf7c50051e24283656107a70ad596765e15e5c
5 years ago
ZhongShengping 7b4078bdd9 Add pool_timeout option
Add pool_timeout option to configure this value for pool_timeout with

Change-Id: I724f0b24b6f7ffb846f8bdf44156dcebeeaa7cae
Closes-Bug: #1757581
5 years ago
ZhongShengping 939a58346e Add use_journal option for logging configuration
This enables oslo.log to pass logging records to journald.

Change-Id: I11ad2c8557fb2e6793c5ca368d21cf08833e2f32
5 years ago
Juan Antonio Osorio Robles 03dd353f34 Expose use_json logging option
It enables JSON-formatted logging from oslo.log.

Change-Id: I11d3084fa679c8cf400f1215d098c7a1c90db602
6 years ago
Juan Antonio Osorio Robles 63709c22f0 Accept empty strings for log_file
An empty string is an acceptable value of this entry, and it forces
logging to stdout/stderr, which is useful when running on containers.

In other modules (such as puppet-keystone) log_file defaults to
$::os_service_default. This is not the case in this module, so we
need to allow an empty value in log_file here as well.

Change-Id: I3fa4a38d21f0f7e447157ab7814a547c10a4b7d3
6 years ago
Jenkins 30c3db36c2 Merge "Configure *_domain_name to Default by default" 6 years ago
Harry Rybacki 384891ba49 Configure *_domain_name to Default by default
Keystone v2.0 API was removed so we have no choice but configuring
user_domain_name and project_domain_name otherwise it fallbacks to
Keystone v2.0 and it fails. This patch sets the default value so we make
sure Keystone v3 will be used out of the box for our users.

Change-Id: If0a614520c4737e489147e18b1e9028e1f671f88
6 years ago
Juan Antonio Osorio Robles 72ed4084c0 Accept empty strings for log_dir
An empty string is an acceptable value of this entry, and it forces
logging to stdout/stderr, which is useful when running on containers.

Change-Id: Idd27daadfd1294d7f83777f851a1f39a7f860308
6 years ago
ZhongShengping 9ce30c3f55 Deprecate revocation_cache_time option
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.

Change-Id: Ia607af51a784113541ac576b9293700dbafba31d
Closes-Bug: #1717144
6 years ago
ZhongShengping 0adfc3d495 Remove deprecated keystone authtoken signing_dir option
Change-Id: I6e6cca651a8b157491cb1c2bde063c56e7c72dcd
6 years ago
ZhongShengping efe9727528 Add support for db_max_retries param
The db_max_retries parameter regulates the number of reconnection
attempts performed after an error raised rather than at startup.

Change-Id: Ib3cfc7b27945389f523d7112d88462995e7416af
Releated-Bug: #1579718
6 years ago
Matthew J. Black a964f9f925 Allow python-memcache install from authtoken class
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.

Change-Id: I7de3338061bad949f26ed0d84782124c7b61eb70
6 years ago
ZhongShengping e6a6df773b Deprecate signing_dir option
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.

Change-Id: Ifaad2dffab360df2790dac8d9ad8c9a87f719f6b
Closes-Bug: #1652700
7 years ago
Saverio Proto 5b044addf7 neat: missing : in $::os_service_default
Change-Id: I36fb6de1f9113f5ba328c7c86003c572a1465d23
7 years ago
ZhongShengping 54f6ba25f7 Add deps to authtoken
The authtoken class needs to include the ::glance::deps class.

Change-Id: I554f17cd2c5ef47eeb72df8e9a116493389e11e3
7 years ago
Iury Gregory Melo Ferreira ddfd2150b9 Remove old authtoken options
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section

Change-Id: I4dc0bd544f91fd52ad437b4c3ebbd16a43895726
7 years ago
Iury Gregory Melo Ferreira 8684c85d12 Remove verbose
Since we are in Ocata we should remove the
verbose option that was deprecated

Change-Id: I454aa625c5b0c4139309962dd4c1088dd52ef749
7 years ago
Mykyta Karpin 88713c96f7 Fix documentation for log_dir parameter
Change-Id: I280409ece958a0b2c5e25cc6ad511834b8cec47c
Partial-Bug: #1600294
7 years ago
Alex Schultz ffa154c77a Update log_file documentation
log_file should be set to $::os_service_default and not to the boolean
false because the boolean false gets interpreted as a file name.

Change-Id: I2b7f3ad6f04b24e357948bd23782b89764e632e5
7 years ago
Denis Egorenko 1e09e553ed Move Glance to new authtoken scheme
Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.

Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.

Change-Id: I722a1e41b2cee0b3040c37f07adfd13c33edaa5c
Closes-bug: #1604463
7 years ago
Clayton O'Neill 18b010975c Add hooks for external install & svc management
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: If683fbd098e701a3c4da91941cf818b18b41b209
7 years ago
Iury Gregory Melo Ferreira cf604fc6a6 Deprecate verbose option in logging
Option "verbose" from group "DEFAULT" is deprecated for removal.
The parameter has no effect.
-Deprecated verbose for logging and init
-Remove verbose in README
-Remove verbose from tests.

If this option is not set explicitly, there is no such warning

Change-Id: I7e58412fe26962337845b3cb9d67679bac0709d8
7 years ago
Denis Egorenko af8da24358 Totally drop Qpid support
Qpid was removed in Mitaka from Oslo Messaging, so now we can
drop it in manifests.

Change-Id: I336c99b7709f061734ca09128a366361f13a934e
7 years ago