The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.
Change-Id: Iac1ebf8af8900e9e351ef359f1c5c2e4c1704d00
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: If07cac9bc41d173baeadbefb4dad3612c32ee369
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
This change also adds support for request_headers so that both request
headers and response headers can customized.
Change-Id: Ie5f2669a8686a3546b652251881615e0e18bf433
... because these parameters were deprecated during Yoga cycle[1] and
have had no effect since then.
[1] 7eeb46e04d
Change-Id: I6b2ee2e3e9fb633f5f3c6fa9b2e4106e5430484e
... because RDO will provide packages for only CentOS Stream 9 for Zed
release. This change removes RHEL 8 as well.
Depends-on: https://review.opendev.org/843503
Change-Id: I41a09ca923b887e428a75a788cbe4e047ccf26e0
This is follow-up of 7eeb46e04d and fixes
the following two points.
- tenant_name is deprecated but a proper warning message is missing
- password is deprecated and now is optional, but it is still
validated
Closes-Bug: #1973315
Change-Id: I169d42dee4896843e55d4989dc440ad7e7c7ec94
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I17cd1a7adcc09168d3f53f44787858ef1d89a0a7
This patch specifies a set of options required to setup the socket
keepalive feature of pymemcache (dogpile.cache) cache backend.
Original oslo.cache change:
https://review.opendev.org/c/openstack/oslo.cache/+/803716
Co-Authored-By: Grzegorz Grasza <xek@redhat.com>
Depends-On: https://review.opendev.org/807851
Change-Id: I683f1328ab68839b4877e91513cae206656a6ad2
This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following two items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
Depends-on: https://review.opendev.org/804325
Change-Id: I2a54b0d0c03a98b3fe7a3a4a28051247eea7e70a
The zaqar::keystone::auth_websocket class has been added to create
an independent keystone endpoint for websocket service but the service
user created by the class has never been used.
This change disables the logic to create the user and the associated
resources like roles and projects, so that only required resources are
created.
Change-Id: Iaa0042acb9fda198f10e6067523301bfd08bf249
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I96bae290b599f65b3b03fc5efb8bce3c0459f13a
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.
Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I7e453f3abf08e13d2366ea68af1ce859a88e8448
Neutron uses oslo.cache options for caching. This change adds support
for the options implemented in the library.
Change-Id: I8d9930c80c65867ebd220153c20d06cdab0a47b5
Fedora support is never tested, and has been unmaintained for a while.
Because we don't expect any actual user using OpenStack on Fedora, this
change drops support for Fedora directly.
Change-Id: I9ec4a576b576b6eea50a81846f1590ece73350d9
As Openstack projects continue to have longer database migration
chains, the Puppet default timeout of 300 seconds for an execution
is becoming too short a duration on some hardware, leading to timeouts.
As projects continue to add more migration scripts without pruning
the base, timeouts will continue to become more frequent unless
this time can be expanded.
Change-Id: I4a3941c5a21560c6246d22e89d4566dcdc95bfd6
Closes-Bug: #1904962
This patch adds support for [keystone_authtoken] interface parameter,
so that operators can define which endpoint should be used by authtoken
middleware.
Change-Id: I74d848da4f2e923f224786fd55b35cb063bb59a1
Add support for service_token_roles in authtoken middleware, so that
we can customize roles assigned to users, which use service user token
feature.
Change-Id: I4376f16e11e9749e55ad36a124777ea0d8686e45
The deprecated pki related options check_revocations_for_cached and
hash_algorithms option has been removed.
Change-Id: I1b9c60080b1fefe82bec1ebff4158c0586869d79
Service_token_roles_required missing in the server config file which
allows backwards compatibility to ensure that the service tokens are
compared against a list of possible roles for validity.
Change-Id: I751b3a94c3aac7a0faf638afea0168769589b71d
Closes-Bug: 1778198
check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported.
Update warning message and add a release note.
Change-Id: I0ad17b24278372f9f3648450f23957413a1f40d3
Closes-Bug: #1804562
Closes-Bug: #1804720
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Icf6c42182b10cdfb07461923f7fd41fccb0f9013
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.
Change-Id: I468f796bc344f91510e977dd07cfd563174c66dd
Closes-Bug: #1755102
Add parameter to apache_wsgi to allow overwrite
and/or add additional wsgi process options.
This possibility was added to openstacklib
with Change-Id: I41914ce3361988d5db1695f09d21209772fdf548
lease enter the commit message for your changes. Lines starting
Change-Id: Ibb04420a730bb0fdccc30fe6e81d4b0f5fc6ebc2
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ib7caf25e92ebc2dc11ddc3b952da2f2c9ff616cb
Closes-Bug: #1717144