Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Icf6c42182b10cdfb07461923f7fd41fccb0f9013
Depends-On: I4c82a63baabd6b9304b302c97cd751a0103d8316
Closes-Bug: #1759098
In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.
Change-Id: I468f796bc344f91510e977dd07cfd563174c66dd
Closes-Bug: #1755102
This patch removes MongoDB beaker tests as this is not a well
tested use-case and sticks to the Swift/SQLalchemy configuration
which is well tested. It switches Beaker to use the same resources
in integration.
Depends-On: Ic1a4ea20ef65a832a986964fb61e80c4738740b5
Change-Id: I9796a7bb2f25a2df53a1aeeb2814a91ca2c2cbec
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.
Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Related-Bug: #1742154
Change-Id: I10b322d05042fdef23758d46906cf57aa9def97f
Some drivers:transport:websocket options had dashes instead of
underscore which caused zaqar to ignore them.
Change-Id: I0a0d0ddf5704415745868d39d763df0e43a21a61
Co-Authored-By: Thomas Hervé <therve@redhat.com>
Related-Bug: #1727406
Closes-Bug: #1730179
Add parameter to apache_wsgi to allow overwrite
and/or add additional wsgi process options.
This possibility was added to openstacklib
with Change-Id: I41914ce3361988d5db1695f09d21209772fdf548
lease enter the commit message for your changes. Lines starting
Change-Id: Ibb04420a730bb0fdccc30fe6e81d4b0f5fc6ebc2
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
Change-Id: I18c1e796e43a168042900b8202ad3ce8488d3908
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.
Change-Id: I4d82b2d15ae597b8cd2018b6d5c58e9959971daf
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.
[1] https://review.openstack.org/#/c/499783/
Change-Id: Id3737874408887900e1d8b6b87758f64469892b0
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ib7caf25e92ebc2dc11ddc3b952da2f2c9ff616cb
Closes-Bug: #1717144
The unit tests were broken by a change to openstacklib
Id09c3358c5843510e6a2a8c0e2d4aeb3607e098b which renamed some of the
resources in the openstacklib classes. The problem is that our tests in
this module should not have been testing what occurs within openstacklib
so this fix updates the tests to only check what we are doing within
this module.
Change-Id: Ie985dc8e66d08f7fa5e489888ba8305acafcf876
Depends-On: I9d535ab38afea852559df2b3073bd4b74a2a3947
Like we do in other modules, include zaqar::policy class in
zaqar::server so users can define policies without taking care of the
class.
Change-Id: I9f549f11bd4e939ad41ff77c51dd2f32338621c8
To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.
Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53
This adds support for running swift as the messaging backend of Zaqar,
and SQLAlchemy as the management backend.
Change-Id: I448d303d01e33a0d89625d7ff442b652838d9c36
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: Id0d980618cd3816172e491b20058d540d6d1ed41
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: If82b345969da11d2187a7919fd213275f1cf8339
Closes-Bug: #1652700
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If4f585264f5f5a15549855d97b532866d91f5215
We can add suport for Debian system due to have the
zaqar package in Debian system.
The Debian system does not support the use of services to run
a second instance, because there is no zaqar-server@.service
in zaqar package, so do not test it. I will Re-test it after
the zaqar package solve the problem.
Change-Id: I026b7d8f2b5994114d5a319200ed7c7d099b4fb5
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I4950c5dba0eb257412fe2d2d39f1780b431c05d4
Add the option in order to facilitate management.
User can ensure that only the options they hoped
are configured.
Change-Id: Iade2197388b1aa114f2fd9e2ab53a62f1f45c4e9
This change updates the module to use the rspec-puppet-facts as defined
in the puppet-openstack_spec_helper.
Change-Id: I5e16cd2ac049b161caf84d2749352daccc41c04b
In zaqar, use keystone::resource::authtoken to configure
keystone_authtoken section in the configuration file,
with all parameters required to configure keystonemiddleware.
This patch will allow to deploy zaqar to use Keystone v3 authentification.
Some deprecations:
- zaqar::identity_uri is deprecated in favor of
zaqar::auth_url
- zaqar::admin_user is deprecated in favor of
zaqar::username
- zaqar::admin_password is deprecated in favor of
zaqar::password
- zaqar::admin_tenant_name is deprecated in favor of
zaqar::project_name
Change-Id: Ie825ce4d88ca4a2a33a7ced6e413ddc59f28ef1c
Related-Bug: #1604463
Adds a new zaqar::keystone::auth_websocket class to help
create a 'messaging-websocket' Keystone endpoint. Users of
zaqar websockets currently have to do substring replacement on the
Zaqar HTTP URLs... having a dedicated endpoint for websockets will
be much better.
Change-Id: Idd3ca1765604d9a461f68fc7b4a18b23a3c19d5b
This change updates the zaqar::keystone::auth class to include a default
service_name of 'zaqar' so that if a user changes the auth_name, the
service is still created as being related to 'zaqar'. This improves the
user experiance when they want to customize the usernames for services.
Change-Id: I2977790c3558732c2a1773aa3ede834c1d62ca16
Closes-Bug: #1590040
