296 Commits

Author SHA1 Message Date
Zuul
7685156256 Merge "ovn: Accept arrays for ovn_*_connection parameters" 2022-06-20 18:52:50 +00:00
Takashi Kajinami
cf154d7172 ovn: Accept arrays for ovn_*_connection parameters
These parameters are regarded as StrOpt, but can accept comma-seprated
strings.

Change-Id: I725d7c167886ae799663bbe3c033fb99a81f9711
2022-06-16 10:22:58 +09:00
Zuul
ad3dc77a4a Merge "Move common parameters from the health_manager class" 2022-06-10 09:27:37 +00:00
Takashi Kajinami
dd729322ab Move common parameters from the health_manager class
Some health_manager parameters are used not only by health-manager but
also by worker. This change migrates the parameter used by these two
services from the health_manager class to the controller class, so that
we can deploy these two services separately.

Change-Id: I33d7a11514508a459546c905afe2165fb9fa1ebf
2022-06-02 14:21:10 +09:00
Zuul
c13c3ba6e7 Merge "Support [amphora_agent] agent_tls_protocol" 2022-05-31 15:17:59 +00:00
Zuul
c6a1b96d0a Merge "Support [amphora_agent] agent_request_read_timeout" 2022-05-31 15:17:57 +00:00
Takashi Kajinami
eabf0a2f5d Support [amphora_agent] agent_tls_protocol
Change-Id: Ib79a959abf90ccd1b9f122098d8794f89f9a46a7
2022-05-26 11:54:06 +09:00
Takashi Kajinami
2ac18b1050 Support [amphora_agent] agent_request_read_timeout
Change-Id: I0056d81ed88f0815019fe0e9671e0a3a2b78dbb2
2022-05-26 11:54:06 +09:00
Takashi Kajinami
44a32b37db Support more [certificats] parameters
Change-Id: Iabcc22e9fae5b510086370b53c3baa39b589712e
2022-05-24 13:49:26 +00:00
Tom Weininger
b5ab3de4bc Allow amphora timezone configuration
Adds support for the ``[controller_worker] amp_timezone`` configuration
parameter. It allows to configure the timezone of the amphora.

Depends-On: https://review.opendev.org/c/openstack/octavia/+/839937
Change-Id: I9a2cfddfa2e91fde8280c4cab4c51d05ae436ae5
2022-05-19 11:52:01 +02:00
Tobias Urdin
c3d78e5cb4 Add allow_ping_health_monitors parameter to api
This can be used to set the allow_ping_health_monitors
configuration option in api_settings group

Change-Id: Icdee753af276224c969a3eb0e790d331269893d6
2022-04-01 10:03:45 +09:00
Takashi Kajinami
753b692799 Support more [certificates] options
Change-Id: I01e705c6500e5533a739719dcf00129f690b08bd
2022-03-24 14:23:56 +09:00
Zuul
4ee9cc5dc3 Merge "Add support for [haproxy_amphora] default_connection_limit" 2022-03-11 16:02:39 +00:00
Zuul
4af49c5707 Merge "[health_manager] Allow tuning individual threads" 2022-03-11 11:37:58 +00:00
Zuul
6bb749a4da Merge "Globally support system scope credentials" 2022-03-11 11:37:56 +00:00
Takashi Kajinami
9c24dbc63a Add support for [haproxy_amphora] default_connection_limit
... which was added during Ussuri cycle[1].

[1] f4305e036c30b23588d7d1448448010b95c24069

Change-Id: I3ee2fa2e02fd24b6eb357c7ffb69a3bbfe74c1a9
2022-03-10 23:47:46 +00:00
Zuul
1d7eff7725 Merge "Use consistent name for enabled_provider_drivers" 2022-03-08 01:07:04 +00:00
Zuul
25cc8cc20d Merge "Accept array or hash for enable_provider_drivers" 2022-03-08 01:07:01 +00:00
Zuul
772c4ddcc5 Merge "Add parameters to configure amphorav2 driver" 2022-03-08 00:52:37 +00:00
Takashi Kajinami
be91d620fa Globally support system scope credentials
After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I2d8c35023c9851e6c043b07a1270e386feb9b1dd
2022-03-04 01:52:41 +09:00
Gregory Thiemonge
2b9f2a0813 Add parameters to configure amphorav2 driver
amphorav2 driver was introduced in stable/ussuri in Octavia, but some
parameters to configure the backend server to enable persistence were
still missing in puppet-octavia.

Change-Id: I8a9bf0b2c17cd35bc09fbb0270c4ef4ed4e491bd
2022-03-01 08:04:09 +09:00
Zuul
4c8389f430 Merge "Create octavia flavor in the services project by default" 2022-02-24 09:57:48 +00:00
Takashi Kajinami
2b9282bab6 Use consistent name for enabled_provider_drivers
This change renames the octavia::api::provider_drivers parameter so
that the name is consistent with the parameter name in Octavia.

Change-Id: Id0371d4f9dd4a4922deabae512153d9f9767bf55
2022-02-23 23:05:23 +09:00
Takashi Kajinami
270d33d543 Accept array or hash for enable_provider_drivers
The [api_settings] enable_provider_drivers parameter is DictOpt and
accepts a string value which represents a dictionary. This change
allows using array or hash for this parameter so that users can use
a more "native" type to define its value.

Change-Id: Icfa01a6cba5f4eda68d51ec2740f24fbc049f6e2
2022-02-23 22:30:44 +09:00
Takashi Kajinami
cffdaec795 [health_manager] Allow tuning individual threads
This change allows users to tune health_update_threads and
stats_update_threads separately, instead of enforcing the same value
for these two parameters.

The workers parameter, to determine the common value for these two
parameters, has been deprecated in favor of the new separate
parameters.

Change-Id: I4fda43e1742795b98be4f15f960816644900217c
2022-02-23 03:48:24 +00:00
Zuul
c731f61ca4 Merge "[service_auth] Define default values" 2022-02-20 13:23:36 +00:00
Zuul
a5df15b652 Merge "Use p-o-i manifests in acceptance test" 2022-02-20 12:34:28 +00:00
Zuul
7edbd6dcae Merge "api: Add support for TLS cipher/version parameters" 2022-02-20 10:39:33 +00:00
Takashi Kajinami
e0d45ad9f9 Create octavia flavor in the services project by default
This change ensures the nova flavor for Octavia instances are created
in the project to which the Octavia service belongs to. Current usage
without project_id can result in an unexpected project according to
the behavior of provide implementation(and the libraries used by it).

Depends-on: https://review.opendev.org/829512
Change-Id: Ib26dc1477f5b7759e36a8e518ca52db9a9986642
2022-02-17 18:05:33 +09:00
Takashi Kajinami
09c45520d8 CentOS 9: Disable unit tests dependent on puppet-postgresql
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.

Change-Id: If7324ab38f24f537dc12f8eae3c2604414f3542f
2022-02-16 00:26:11 +09:00
Takashi Kajinami
5357bb2e87 api: Add support for TLS cipher/version parameters
Change-Id: Icf6795dfd6f7415f6828d29fd1a8a99af5f75270
2022-02-09 12:37:52 +09:00
Takashi Kajinami
ce727fb1aa [service_auth] Define default values
Currently all parameters of the octavia::service_auth class default to
$::os_service_default. However the [service_auth] parameters are
required to make Octavia work correctly and users always need to define
these parameters.

This change updates default of these parameters, following the global
default values we use for service authentication.

Change-Id: I655e9f1de3e32adac089a494a9d755e83eacc577
2022-02-07 22:18:32 +09:00
Bogdan Dobrelya
5e6774459b Wire-in heartbeat_interval
Allow to define heartbeat_interval for Octavia Health Manager
to configure sleep time between sending heartbeats.

Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I306ceccd2b913ec39b2ddeff58ef7f19ccbc1170
2022-02-07 13:47:43 +01:00
Takashi Kajinami
695b7e74b0 Use p-o-i manifests in acceptance test
Depends-on: https://review.opendev.org/828029
Change-Id: I2ff1e2dba2a7ceff286e7c6f6788ec537a3ba37d
2022-02-06 14:53:20 +00:00
Timothy Rice
be9130696f Allow wsgi script to be configurable
This is intended to be analogous to 1c7c146c917c5dbf51db378f8392cc328fe4632b and fa753eafe840ad1582e48442a975629e8694a058 for puppet-aodh.

Change-Id: I4ab78052d276dfb3c52cd13586065037e9b4a38f
2022-02-03 03:24:18 +00:00
Zuul
8f09984e5c Merge "Add support for more connection tunables in [haprpoxy_amphora]" 2022-01-24 08:45:43 +00:00
Takashi Kajinami
aa6219daa0 Avoid testing details of oslo::messaging(::*)
... so that any change in puppet-oslo would not directly break unit
tests.

Change-Id: I4bf4fb963c07907a503662e035b256422032c90a
2022-01-21 22:49:47 +09:00
Takashi Kajinami
ca3c4cc1c1 Add support for more connection tunables in [haprpoxy_amphora]
This change adds support for the following tunable parameters in
the haproxy_amphora section.

 - active_connection_max_retries
 - active_connection_retry_interval
 - faiolver_connection_max_retries
 - faiolver_connection_retry_interval

Change-Id: I6a2686a4e33c75d863ae146a3af37d416e01a655
2022-01-16 11:04:48 +09:00
Zuul
436ea0d973 Merge "Add support for [haproxy_amphora] build_retry_interval" 2022-01-10 19:32:15 +00:00
Takashi Kajinami
ccf6792238 Add support for [haproxy_amphora] build_retry_interval
Change-Id: I5104e5a00f92c951a32c4c058278f6479ab04756
2022-01-10 16:45:08 +09:00
Zuul
d77268d1fa Merge "Add support to manage default quota about l7policy/rule" 2022-01-07 22:54:27 +00:00
Zuul
62ef180e5f Merge "Accept system scope credentials for Keystone API request" 2022-01-07 22:54:26 +00:00
Takashi Kajinami
86ce4e6cdf Load libraries in a single place
This change refactors how the dependent libraries are loaded during
unit tests, and load the libraries in the base spec_helper to avoid
duplicate and redundant implementations.

Change-Id: I02a8e453e3901ef2b2c1c4b9e8dce5997128f5c2
2021-12-27 10:52:39 +09:00
Takashi Kajinami
c1e08f0694 Clean up direct dependencies on puppetlabs-apache
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.

- The api class doesn't need access to anything defined in
  apache::params

- The following classes are included by the openstacklib::wsgi::apache
  resource type, and current inclusions are just redundant.

Change-Id: I05e766017d22a4c637875f317abd7160f4cf69ac
2021-12-08 22:39:08 +09:00
Zuul
64bfda831d Merge "Add support for [compute] parameters" 2021-12-08 03:06:28 +00:00
Takashi Kajinami
4516e0cf9c Support more [networking] parameters
This change introduces the new octavia::networking class to manage
parameters in the [networking] section.

Change-Id: Ic75b471a4853b5176804ff6163c24285ce2703ba
2021-11-30 13:08:02 +09:00
Takashi Kajinami
cf24d758af Add support for [compute] parameters
This change introduces the new octavia::compute class, to manage
parameters in the [compute] section.

Change-Id: I139ed46b7acbb81d9c01c8708f91af9e5d2900a3
2021-11-30 00:37:40 +09:00
Takashi Kajinami
c748dc5e7b Accept system scope credentials for Keystone API request
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.

This change covers the following two items.
 - assignment of system scope roles to system user
 - credential parameters for authtoken middleware

Depends-on: https://review.opendev.org/804325
Change-Id: I94001758cbbbc348fff238f5c352202c7e283b2b
2021-11-25 23:43:24 +09:00
Takashi Kajinami
2fb4a5b1e0 Use consistent format for service description
Change-Id: I76d271048056c85b384740b7dc51e45570eb2e83
2021-11-18 14:33:10 +00:00
Zuul
c04af1ffc9 Merge "health_manager: support more tunable parameters" 2021-11-12 10:21:40 +00:00