This defaults to 0 anyway, and is being removed as the devstack
excercises are being removed. see https://review.openstack.org/#/c/581377/
Change-Id: I3b8db07fd20a706d191b4d1c58911286bff17f09
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ieff5b69018e3824074b5a528a7b9d2a00dd7fb2e
TEMPEST_SERVICES global variable is not supported
by devstack since long back.
- I380dd20e5ed716a0bdf92aa02c3730359b8136e4
- I9c24705e494689f09a885eb0a640efd50db33fcf
Service availability of tempest known services will be
set by devstack with local check.
- I02be777bf93143d946ccbb8e9eff637bfd1928d4
This commit removes the unused TEMPEST_SERVICES setting
Related-Bug: #1743688
Change-Id: Iee8b10716efc6d48e97a3bcf3dafcc722239b2e3
This patch update the policy file generator guide.
And remove the realted action in devstack as well.
Change-Id: I7bd6aabe1d05245a1203380863c0444f6ea021f6
bp: policy-and-docs-in-code
The plugin has been split into its own repository[1] in accordance with
Queens Goal "Split Tempest Plugins into Separate Repos/Projects[2]".
This patch removes the local copy as well as the setuptools entry point.
We can also now remove the autodoc_tree_excludes pbr option since
there's no more plugin to exclude and it defaults to [setup.py].
[1] http://git.openstack.org/cgit/openstack/zaqar-tempest-plugin
[2] https://governance.openstack.org/tc/goals/queens/split-tempest-plugins.html
Implements: blueprint zaqar-tempest-plugin
Change-Id: Ia52d7f0a18e4b55260dc994f0802a96109280e24
The grenade gate sometimes fails with
"keystone did not start". this patch fix it
in grenade log, there are log as follows:
curl -g -k --noproxy '*' -s -o /dev/null -w '%{http_code}'
http://172.99.67.72:5000/v3/
wait_for_keystone:69 : die 69 'keystone did not start'
actually, KEYSTONE_AUTH_URI should be http://172.99.67.72/identity/v3
instead of
http://172.99.67.72:5000/v3/ which leads to keystone failure
Change-Id: I116e46ed30f6ce0fbc7b9207cc4f519438df8bc2
Use $API_WORKERS as process count and add other
wsgi options like thunderlock (recommended
to prevent thundering herd on accept).
Change-Id: I70fdc09edf524ba3733d03013d4bb296e8b2954b
This reverts commit 4a1a6b3766b7cd63afff36307a8044cf3b848a31. It didn't
improve the situation, and at least it's failing early.
Conflicts:
devstack/plugin.sh
Change-Id: Idf16037e6a3bbc7f915e12827348eda663721d5e
By default, CORS middleware can allow requests from any origin. So it's not
necessary to use the 'enabled' option.
Closes-bug: #1677049
Co-Authored-By: wangxiyuan<wangxiyuan@huawei.com>
Change-Id: Id80e17466400937bba9fbb4aa2a2b65de9d62252
Add the new middleware CORS for Zaqar
It only supports for WSGI.
Websocket doesn't need this feature.
Change-Id: Ifc6d2d1c5dde5152cab6e3aa2f3cf9f207481267
Implements: blueprint support-cors
Table creation must happen outside of API requests. This changes the
devstack plugin to create the tables properly.
Change-Id: I57c4fba06dc6725ea977477b777e4ffd6856adde
The standard name for the WSGI callable is application, let's use that.
We'll keep app for compatiblity purposes.
Change-Id: I2138ef05b985dcfeba108c8a5441206b2c4ae1a7
The gate sometimes fails with "Zaqar did not start" without any way to
know what's going on. Let's remove that check and let usage of Zaqar
fails with proper error later on.
Change-Id: I04692763eb15a849541eb1903bb0fad6c16435db
KEYSTONE_CATALOG_BACKEND variable is removed from devstack[1], use
KEYSTONE_IDENTITY_BACKEND instead.
[1] https://review.openstack.org/#/c/391380
Change-Id: Id9b34af0ea1faecaeaea8a1d41a0e4b866b688af
Closes-Bug: #1644090
It's related to devstack bug bug: 1540328, where devstack install
'test-requirements' but should not do it for zaqar-ui project as
it installs Horizon from url. Remove following two 'mv' commands
when mentioned bug is fixed.
Change-Id: Ib4d0abe3b083d996556f615943d3b1185c9f882a
Zaqar API v2 has been released for several cycles and it's integrated
as the default API version by most of the openstack services. So it
is time to deprecated v1.1 in favor of v2.
DocImpact
UpgradeImpact
Implements blueprint: deprecate-v1.1
Change-Id: I40c51df5a89e0a883ad14cf7e02b96ca78147294
The github.com contains a mirror of the git.opoenstack.org but it should
not be treated as the official site to get openstack projects.
Change-Id: I31270f013f70ce250f0b48f20d2454ee5079c252
API v1.0 has been deprecated for a while and v1.1 will be deprecated
soon. We shouldn't be enabling deprecated API versions by default. This
patch adds a decorator to disable deprecated APIs by default unless they
have been explicitly enabled in the environment.
Co-Authored-By: Fei Long Wang <flwang@catalyst.net.nz>
Change-Id: I62fb4d18bc6c9f5455bff0d56e42269b4590b454
This adds the ability to send keystone authentified notifications using
trusts. To do so, you specify the posted URL with the "trust+" prefix,
and Zaqar will create and store a trust when subscribing to a queue, if
the trust not provided in the subscription options
It also add a capability to the webhook task to be able to send more
structured data in the notification, allowing to include the Zaqar
message in the data.
blueprint mistral-notifications
DocImpact
Change-Id: I12b9c1b34cdd220fcf1bdc2720043d4a8f75dc85
Now Zaqar isn't using Tempest for jenkins gate checking, which is
a missing. This patch fixes it by using Tempest's all-plugin to
run Zaqar's Tempest cases in tree.
Change-Id: I7e10a5b218b60eea47a96d36ebeb4029d33e7edd
This option is deprecated in Mitaka and has been removed in Newton,
and its default value is True already. Let's remove it.
Change-Id: I167713165bd96a4ccd423976f8fcad5ff8fc399c
ref: https://review.openstack.org/#/c/314573/
With the recently merged patch https://review.openstack.org/274972,
Zaqar now requires "Client-ID" header for API v2.
Our devstack plugin checks if Zaqar has started by sending request to
Zaqar's ping endpoint. But devstack plugin is not using "Client-ID"
header for sending this request, so the request now always fails and
devstack thinks that Zaqar service hasn't started.
This patch adds "Client-ID" header to the ping request to Zaqar in the
devstack plugin.
Change-Id: I441a5a9778d0676e0a380f5e20be40e1a029409f
Subscription options returned by the controller get methods was not
unserialized propertly, still containing msgpack data.
It also changes so that mongo doesn't connect before forking, and fix
uwsgi persistent connections (non) support.
Finally, it changes how keystone options are registered to use a more
robust and supported mechanism.
Change-Id: I917a893c0d7175e3a465cf08c5e0375d9944fd16
MongoDB can't start, if mongodb.conf has duplicate parameters.
When using Zaqar as plugin in DevStack on debian-like system,
each run of stack.sh adds a new line to etc/mongodb.conf:
"smallfiles=true"
So eventually mongodb.conf will contain duplicate parameters.
It means that stack.sh will be able to execute successfully only once,
on subsequent executions it will fail,
because of Zaqar which will fail to start,
because of MongoDB which will fail to start,
because of corrupted mongodb.conf
which will be corrupted by zaqar/devstack/plugin.sh
This commit will make sure that "smallfiles=true" line will be added to
mongodb.conf only if mongodb.conf doesn't contain this line already.
Change-Id: Ieba5abb970ff7565f3a837778e402ea8d5c5c463
Closes-Bug: 1507391
When using Zaqar as plugin in DevStack, after executing unstack.sh,
there's still Zaqar uwsgi master process with it's workers running:
/usr/local/bin/uwsgi --ini /etc/zaqar/uwsgi.conf
This process must be stopped.
Also running uwsgi process will prevent Zaqar to start on the next
execution of stack.sh.
The problem occurs, because of the nature of uwsgi container.
It just can't be stopped like that:
https://github.com/openstack/zaqar/blob/master/devstack/plugin.sh#L253
It must be stopped as described in uwsgi documentation:
https://uwsgi-docs.readthedocs.org/en/latest/Management.html
This commit will make uwsgi container process stop correctly on
unstack.sh execution by using PID of the process as described in uwsgi
documentation.
Change-Id: I2f39ea5880c2153fa14a8308d8710969ef6a1a5e
Closes-Bug: 1504854
This change allows running either tempest or zaqarclient as testsuite in
Zaqar's gate. Ideally, we should focus on bringing as much tests as
possible to zaqarclient. However, we can't just give up on maintaining
tempest tests update. If anything, we should work harder on bringing
these in-tree or just contribute to the project.
Related-to: I1ba10b18560f35f48a7258eaa2a57727617760bd
Depends-on: Ifcf54fa2d4a5bf49b6757b593bb70cdeda8edb2a
Related-to: Idbc2c9fbd5c63db01ce28e4a52d1a917e4360363
Depends-On: I0f1fd4374125d4b489f3804b79a672b39c714421
Change-Id: I36ac3833ad55123fba0ea71259be6d56353d53e1
1.) Corrected headings according to rules of migrations by
placing "=======" on headings in the files
2.) Some headings have extra "====", they are removed
3.) Launchpad url have '~' which makes error: page not found
,so it is removed
Change-Id: I99581025d579f18da9ebe57267fb002cbcba28dd
This commit adds support for RBAC using oslo.policy. This allows Zaqar
for having a fine-grained access control to the resources it exposes.
As of this patch, the implementation allows to have access control in
a per-operation basis rather than specific resources.
Co-Authored-by: Thomas Herve <therve@redhat.com>
Co-Authored-by: Flavio Percoco <flaper87@gmail.com>
blueprint: fine-grained-permissions
Change-Id: I90374a11815ac2bd9d31768588719d2d4c4e7f5d
