Add the log_level parameter to control LogLevel for Apache vhost.
By default, Apache only logs warnings and errors in its errors logfile,
while request timeouts are logged by mod_reqtimeout at LogLevel info.
Default error_log_level value is not defined, which corresponds to
the default Apache's LogLevel warn.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I6d55e1e7cda191ab03b90de51fea5a063d57ca63
There is a bug where this regex can match multiple lines if a policy
contains ':'.
Make this regex stricter by making sure the key doesn't end with a ':'
within the quotes.
Closes-Bug: #1968294
Change-Id: I4090d6831db8ddc4fba294f181085b657e2b3345
Add file to the reno documentation build to show release notes for
stable/yoga.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/yoga.
Sem-Ver: feature
Change-Id: I2c1b0ec6553a6435ca56e50ca8125177287ca44b
The latest release of setuptools 61.0 made a breaking change[1] and
because of this change 'pip install' fails with the following error.
~~~
error: Multiple top-level packages discovered in a flat-layout:
['lib', 'spec', 'manifests', 'releasenotes'].
~~~
Users that don't set 'packages', 'py_modules', or configuration'
are still likely to observe the auto-discovery behavior, which may
halt the build if the project contains multiple directories and/or
multiple Python files directly under the project root.
To disable auto discovery, one can do below in setup.py
~~~
setuptools.setup(..,packages=[],..)
~~~
or
~~~
setuptools.setup(..,py_modules=[],..)
~~~
[1] https://github.com/pypa/setuptools/issues/3197
Note setup.py is not used to install puppet modules. However it is used
to generate a release note, thus should be fixed.
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: I37d9e7bbd0ad9d00b79d0f14d3eef9993f24be68
In YAML, when a string is surrounded by single quotes('), any single
quote in that string should be prefixed by another single quote('), as
is described in the example below
GOOD:
'foo': 'this is a ''good'' example'
BAD:
'foo': 'this is a 'bad' example'
Closes-Bug: #1965338
Change-Id: I0216c2e4ecf75dbdd93d06eae2ebf8e7f2f4ac1a
All strings are considered as unicode string from Python 3.
This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.
Change-Id: If3f0a46ca34ea355a6f8f930fd3826ebc267c697
Co-Authored-By: LiZekun <2954674728@qq.com>
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.
Change-Id: I175dfd157fb3be842a3c1ed38cf3325ec9283f69
This change introduces the capability to load clouds.yaml file in
the base Puppet::Provider::Openstack::Auth module, so that each
providers can look up credentials from clouds.yaml instead of rc file.
When SRBAC is enforced, services require appropriate scope for each
operation and this makes it difficult to use rc files which can store
only one credential per file. Usage of clouds.yaml allows us to store
multiple credentials in a single file and switch scopes according to
the API request used.
The new implementation loads the clouds.yaml file for admin user, which
is created by puppet-keystoe. It also allows overriding the credential
by a user-created clouds.file.
We expect clouds.yaml file is created under /etc/openstack, which is
the location openstackclient searches to look up clouds.yaml. To avoid
unexpected conjunction with existing files, the files used by puppet
are located in an independent 'puppet' directory at this moment.
Change-Id: I7587f6e0c2486cbfaf2cbafeb64e9db56a817106
Now TripleO team is replacing CentOS 8 jobs in master by CentOS 9 jobs.
This follows that and replaces tripleo jobs in puppet repos to switch
to CentOS 9.
Depends-on: https://review.opendev.org/828525
Change-Id: Ie7aca12db7e28bcc22a4b9ba37239452e2e9bf6e
Recent openstack cli supports loading user credentials from clouds.yaml
instead of passing each parameters by environment variables or command
options.
This allows us to manage user credentials more flexibly. The biggest
benefit of the clouds.yaml file is that it supports managing multiple
credentials in a single file. When SRBAC is enforced, each API request
should be made with the proper scope credential, and we need to switch
credentials for different scopes(project, domain and system) according.
Usage of clouds.yaml helps this use case hugely because it allows us to
store credentials for each scope in a single file and switch them by
the single OS_CLOUD environment variable(or the --os-cloud option).
Change-Id: Ie8246aa18d90ba506fe708be13c9a5afa3e5d2fd
This change introduces the new parameter to override
the apache::vhost::request_headers parameter, which is used to define
RequestHeader statements in vhost configuration.
Change-Id: I360b18acdf974bf3cdc9f8e817b66cd85f116afd
The policy_path parameter should be an absolute path because now this
parameter is used to manage the policy file content.
Change-Id: Ib2d41f57ab50ef225887bcad2457ffcc0911cd84
This change introduces the base implementation to use system scope
credential or domain scope credential to request OpenStack API in each
provider implementations.
Change-Id: If3781cd2ed828126ef1388553f4b85eed78196e7
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change introduces the logic to pick up separator from resource
definition, so that we can implement resource parameters to use
different separators.
Change-Id: I21ab398f5d4f96673f3e2060263a9ba6691fef98
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I33de4aac296d7a3e4afd4c8d418d7d1c91778c06
It turns out that this is the the default value provided by tox:
https://tox.readthedocs.io/en/latest/config.html#conf-install_command
So we can remove the line and simply use the default value.
Change-Id: Ib5e7b1fc9f958b3f1ab28295aec36fb4bf970469
Co-Authored-By: tushargite96 <tushargite96@gmail.com>
There is cases when a command times out or when it fails
that we and Puppet [1] will output the raw command that
was executed.
For a user create command that output contains the
--password argument passed down to openstack CLI which
causes sensitive passwords to be leaked into log files
of the system executing Puppet, these can then be shipped
of from the system into a remote syslog and still be in
plain text.
This tries to use Ruby gsub with a regular expression
matching the two cases and instead output [redacted secret]
the same way we do with config provider.
[1] https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/execution.rb#L286
Change-Id: I4cad8f88fc7b67bb7aa4330832fc47bac41ae9df
Since puppetlabs-stdlib 8.0.0, ensure_packages automatically translates
'ensure => present' to 'ensure => installed' and that translation
breaks existing assertions in unit tests.
Change-Id: I35500af08e39725bab61be036f780c74e38313b9
puppetlabs-stdlib is now using the 8.0.0 version, so we should fix the
stdlib version in metadata.
Change-Id: I1e195d5b32d347c22c6131cbf0dda00d18b93cf3
Currently the unset method only clears attributes defined in the base
Crednetial class and ones specific to CredentialV3 are left set.
This change ensures the method clears all attributes.
Closes-Bug: #1942145
Change-Id: I4bddbf9bb3c6251aa8b68a8bc2ef8799f3c8065e
Puppet 7 has been tested in CI for a while but we haven't seen any
issue with it. Let's officially support the version.
Change-Id: I332ed0d82024be17a036bfa45d81744cc0ef0e46
openstacklib::policy has never been used in any other modules because
it was implemented as a class not reusable for each service.
This change re-implements openstacklib::policy as a defined resource
type so that we can use this implementation from each puppet modules.
The openstacklib::policy resource type provides the purge_config
parameter. When this parameter is set to true, a policy file is cleared
during configuration process. This allows users to remove any existing
rules before applying their own (no) rules.
Change-Id: I9bb486c9191c50c11717dcb9c6af00d17c3aa8f5