In order to make easy orchestration on all OpenStack db-sync, add this
tag so people can use this tag in composition layer.
A use case it to set some orchestration to make sure MySQL Galera is
ready before running any Exec with this tag.
Change-Id: I468f796bc344f91510e977dd07cfd563174c66dd
Closes-Bug: #1755102
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.
Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Related-Bug: #1742154
Change-Id: I10b322d05042fdef23758d46906cf57aa9def97f
Some drivers:transport:websocket options had dashes instead of
underscore which caused zaqar to ignore them.
Change-Id: I0a0d0ddf5704415745868d39d763df0e43a21a61
Co-Authored-By: Thomas Hervé <therve@redhat.com>
Related-Bug: #1727406
Closes-Bug: #1730179
Add parameter to apache_wsgi to allow overwrite
and/or add additional wsgi process options.
This possibility was added to openstacklib
with Change-Id: I41914ce3361988d5db1695f09d21209772fdf548
lease enter the commit message for your changes. Lines starting
Change-Id: Ibb04420a730bb0fdccc30fe6e81d4b0f5fc6ebc2
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
Change-Id: I18c1e796e43a168042900b8202ad3ce8488d3908
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.
Change-Id: I4d82b2d15ae597b8cd2018b6d5c58e9959971daf
Keystone v2 api's are removed in [1], so it's required
to set user_domain_name and project_domain_name otherwise
all requests fallbacks to keystone v2.0 and fails.
[1] https://review.openstack.org/#/c/499783/
Change-Id: Id3737874408887900e1d8b6b87758f64469892b0
The revocation_cache_time is deprecated for removel because of PKI
token format is no longer supported.
Update warning message and add a release note.
Change-Id: Ib7caf25e92ebc2dc11ddc3b952da2f2c9ff616cb
Closes-Bug: #1717144
Like we do in other modules, include zaqar::policy class in
zaqar::server so users can define policies without taking care of the
class.
Change-Id: I9f549f11bd4e939ad41ff77c51dd2f32338621c8
To be able to use the swift backend, we may need to configure Zaqar to
have the proper role to access Swift. This exposes the roles parameter
to allow that.
Change-Id: I9ce1bbc18d02383a5cdd3edbcf8c65c90165fb53
This adds support for running swift as the messaging backend of Zaqar,
and SQLAlchemy as the management backend.
Change-Id: I448d303d01e33a0d89625d7ff442b652838d9c36
All db settings should be applied and all releated packages should
be installed before dbsync starts.
Change-Id: If5d4076315df5d4d5c9672a8265c126bf4d06ab8
The python-memcache package is required if using memcached. By
default the package is not installed and the define has it set to
false. This change allows managing the python-memcache package
install from the authtoken class.
Change-Id: Id0d980618cd3816172e491b20058d540d6d1ed41
The signing_dir is deprecated for removel because of PKI token format
is no longer supported.
Update warning message and release note.
Change-Id: If82b345969da11d2187a7919fd213275f1cf8339
Closes-Bug: #1652700
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If4f585264f5f5a15549855d97b532866d91f5215
We can add suport for Debian system due to have the
zaqar package in Debian system.
The Debian system does not support the use of services to run
a second instance, because there is no zaqar-server@.service
in zaqar package, so do not test it. I will Re-test it after
the zaqar package solve the problem.
Change-Id: I026b7d8f2b5994114d5a319200ed7c7d099b4fb5
Since we are in ocata lets remove all old parameters in api
to configure the keystone_authtoken section
Change-Id: I4950c5dba0eb257412fe2d2d39f1780b431c05d4
Add the option in order to facilitate management.
User can ensure that only the options they hoped
are configured.
Change-Id: Iade2197388b1aa114f2fd9e2ab53a62f1f45c4e9
If db sync fails, it is never retried leading to errors. So, this
patch adds retries for db_sync to avoid sync fails.
Change-Id: Id89665099079ab5e4c468f7f30953762a248af01
Closes-Bug: #1628580
User[zaqar] is not in the catalog, don't try to require it, it doesn't
exit!
The dbsync is run after package management so we're good.
Change-Id: Ie642f9ec6e6acc0765bc88ec4438a01a5618563b
In zaqar, use keystone::resource::authtoken to configure
keystone_authtoken section in the configuration file,
with all parameters required to configure keystonemiddleware.
This patch will allow to deploy zaqar to use Keystone v3 authentification.
Some deprecations:
- zaqar::identity_uri is deprecated in favor of
zaqar::auth_url
- zaqar::admin_user is deprecated in favor of
zaqar::username
- zaqar::admin_password is deprecated in favor of
zaqar::password
- zaqar::admin_tenant_name is deprecated in favor of
zaqar::project_name
Change-Id: Ie825ce4d88ca4a2a33a7ced6e413ddc59f28ef1c
Related-Bug: #1604463
Adds a new zaqar::keystone::auth_websocket class to help
create a 'messaging-websocket' Keystone endpoint. Users of
zaqar websockets currently have to do substring replacement on the
Zaqar HTTP URLs... having a dedicated endpoint for websockets will
be much better.
Change-Id: Idd3ca1765604d9a461f68fc7b4a18b23a3c19d5b
This change updates the zaqar::keystone::auth class to include a default
service_name of 'zaqar' so that if a user changes the auth_name, the
service is still created as being related to 'zaqar'. This improves the
user experiance when they want to customize the usernames for services.
Change-Id: I2977790c3558732c2a1773aa3ede834c1d62ca16
Closes-Bug: #1590040
This patch adds parameters to configure the storage/*_pipeline
parameters for zaqar. These parameters are quite useful is you
wish to recieve notifications for Zaqar. In particular the
message_pipeline would often get set to 'zaqar.notification.notifier'
so that messages that have been subscribed to could be recieved.
Zaqar upstream has these set to nothing upstream so for now
setting the default to $os_service_default seems reasonable.
Change-Id: I14eade5ef0ac64f8856bfa455c4f9aaf51dd6c8d
