The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.
Change-Id: I175dfd157fb3be842a3c1ed38cf3325ec9283f69
This change introduces the capability to load clouds.yaml file in
the base Puppet::Provider::Openstack::Auth module, so that each
providers can look up credentials from clouds.yaml instead of rc file.
When SRBAC is enforced, services require appropriate scope for each
operation and this makes it difficult to use rc files which can store
only one credential per file. Usage of clouds.yaml allows us to store
multiple credentials in a single file and switch scopes according to
the API request used.
The new implementation loads the clouds.yaml file for admin user, which
is created by puppet-keystoe. It also allows overriding the credential
by a user-created clouds.file.
We expect clouds.yaml file is created under /etc/openstack, which is
the location openstackclient searches to look up clouds.yaml. To avoid
unexpected conjunction with existing files, the files used by puppet
are located in an independent 'puppet' directory at this moment.
Change-Id: I7587f6e0c2486cbfaf2cbafeb64e9db56a817106
Now TripleO team is replacing CentOS 8 jobs in master by CentOS 9 jobs.
This follows that and replaces tripleo jobs in puppet repos to switch
to CentOS 9.
Depends-on: https://review.opendev.org/828525
Change-Id: Ie7aca12db7e28bcc22a4b9ba37239452e2e9bf6e
Recent openstack cli supports loading user credentials from clouds.yaml
instead of passing each parameters by environment variables or command
options.
This allows us to manage user credentials more flexibly. The biggest
benefit of the clouds.yaml file is that it supports managing multiple
credentials in a single file. When SRBAC is enforced, each API request
should be made with the proper scope credential, and we need to switch
credentials for different scopes(project, domain and system) according.
Usage of clouds.yaml helps this use case hugely because it allows us to
store credentials for each scope in a single file and switch them by
the single OS_CLOUD environment variable(or the --os-cloud option).
Change-Id: Ie8246aa18d90ba506fe708be13c9a5afa3e5d2fd
This change introduces the new parameter to override
the apache::vhost::request_headers parameter, which is used to define
RequestHeader statements in vhost configuration.
Change-Id: I360b18acdf974bf3cdc9f8e817b66cd85f116afd
The policy_path parameter should be an absolute path because now this
parameter is used to manage the policy file content.
Change-Id: Ib2d41f57ab50ef225887bcad2457ffcc0911cd84
This change introduces the base implementation to use system scope
credential or domain scope credential to request OpenStack API in each
provider implementations.
Change-Id: If3781cd2ed828126ef1388553f4b85eed78196e7
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.
[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone
This change introduces the logic to pick up separator from resource
definition, so that we can implement resource parameters to use
different separators.
Change-Id: I21ab398f5d4f96673f3e2060263a9ba6691fef98
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I33de4aac296d7a3e4afd4c8d418d7d1c91778c06
It turns out that this is the the default value provided by tox:
https://tox.readthedocs.io/en/latest/config.html#conf-install_command
So we can remove the line and simply use the default value.
Change-Id: Ib5e7b1fc9f958b3f1ab28295aec36fb4bf970469
Co-Authored-By: tushargite96 <tushargite96@gmail.com>
There is cases when a command times out or when it fails
that we and Puppet [1] will output the raw command that
was executed.
For a user create command that output contains the
--password argument passed down to openstack CLI which
causes sensitive passwords to be leaked into log files
of the system executing Puppet, these can then be shipped
of from the system into a remote syslog and still be in
plain text.
This tries to use Ruby gsub with a regular expression
matching the two cases and instead output [redacted secret]
the same way we do with config provider.
[1] https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/execution.rb#L286
Change-Id: I4cad8f88fc7b67bb7aa4330832fc47bac41ae9df
Since puppetlabs-stdlib 8.0.0, ensure_packages automatically translates
'ensure => present' to 'ensure => installed' and that translation
breaks existing assertions in unit tests.
Change-Id: I35500af08e39725bab61be036f780c74e38313b9
puppetlabs-stdlib is now using the 8.0.0 version, so we should fix the
stdlib version in metadata.
Change-Id: I1e195d5b32d347c22c6131cbf0dda00d18b93cf3
Currently the unset method only clears attributes defined in the base
Crednetial class and ones specific to CredentialV3 are left set.
This change ensures the method clears all attributes.
Closes-Bug: #1942145
Change-Id: I4bddbf9bb3c6251aa8b68a8bc2ef8799f3c8065e
Puppet 7 has been tested in CI for a while but we haven't seen any
issue with it. Let's officially support the version.
Change-Id: I332ed0d82024be17a036bfa45d81744cc0ef0e46
openstacklib::policy has never been used in any other modules because
it was implemented as a class not reusable for each service.
This change re-implements openstacklib::policy as a defined resource
type so that we can use this implementation from each puppet modules.
The openstacklib::policy resource type provides the purge_config
parameter. When this parameter is set to true, a policy file is cleared
during configuration process. This allows users to remove any existing
rules before applying their own (no) rules.
Change-Id: I9bb486c9191c50c11717dcb9c6af00d17c3aa8f5
The iscsid service is used in sevral components like nova, cinder,
glance and so on to connect to iscsi devices. This change introduces
the new class to manage basic configuration of the iscsid service.
Co-authored-by: Alfredo Moralejo <amoralej@redhat.com>
Change-Id: I3fc6d1192632cc1458d00900508d548f522e9cdb
This change defines manifest_dir and module_path expicitly in unit
tests so that modules installed under fixtures directory is properly
loaded.
Closes-Bug: #1930403
Change-Id: Id2e226593fa9005e8c051bb714e4c341114f640f
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.
Change-Id: I63c96cd92bad210c0a9527c59f8e1347967172a3
EL8 was shipped with python 3.6, EL9 is being shipped with
python 3.9, so let's set python versions accordingly.
Change-Id: I5d857a3fbab2143c490016cd6b9cfc78ecb382e5
URI.escape() method has been removed in ruby 3 and
the newly added Puppet::Util.rfc2396_escape()[1]
has not been released yet.
[1] 41dcae71c7
Closes-Bug: #1928685
Change-Id: I001d579a1b126fc8254f071ddbecda5cc6de7231
The tripleo-puppet-standalone template introduces a content provider
job and a subsequent job to use containers built by the content
provider job. This is inefficient because we run only a single tripleo
job.
Change-Id: Idb5b832d3243fd32b7d48615c7f41f96ce9054b8
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I4085943c67b6866cf98247a4200c4d281ed4b4ff
This change fixes the following lint error which is detected since we
removed pin of lint packages.
manifests/openstackclient.pp:18:WARNING: class included by absolute
name (::$class)
Change-Id: Idcc8db91bda9b71e0ed5f05f7f4c9fe587ae6b0b
