charm-cinder:stable/zed

Last commit made on 2024-08-20
Get this branch:
git clone -b stable/zed https://git.launchpad.net/charm-cinder

Branch merges

Branch information

Name:
stable/zed
Repository:
lp:charm-cinder

Recent commits

9a6ab28... by Nobuto Murata

Install lsscsi by default for zed or older

lsscsi is a dependency of os-brick for volume related operations
including creating a boot volume with iSCSI/FC backends. However, it
wasn't installed by default until jammy-antelope (lunar) due to a
packaging bug. It hasn't been an obvious issue especially when the
cinder-volume unit and the nova-compute unit are co-located since
nova-compute charm installs the package. Instead of applying a
workaround to all backend charms, let's apply the workaround in the
cinder charm since lsscsi is installed by default for later OpenStack
releases anyway and it's a small package.

Closes-Bug: #1939390
Change-Id: I131e12c53c78957873b6a75a3b1b67b1725b43ed

0b1667a... by Myles Penner

Add keystone audit middleware API logging

This commit adds Keystone audit middleware API logging to the Cinder
charm in versions Yoga and newer to allow users to configure their
environment for CADF compliance. This feature can be enabled/disabled
and is set to 'disabled' by default to avoid bloat in log files.
The logging output is configured to /var/log/apache2/cinder_error.log.
This commit builds on previous discussions:
https://github.com/juju/charm-helpers/pull/808.

Closes-Bug: 1856555
Change-Id: Ia7dbd6af2305e92eaa9a65890644c4a324ab2c65
(cherry picked from commit e25b5d38fbb0692e5fab6e7f562c974316d61abe)

256b107... by Myles Penner

Update charmhelpers for stable/zed

Change-Id: Ia51ff0c309546ad1c3129d36983ef76c37fc5472

901914e... by Zuul <email address hidden>

Merge "Use admin_tenant_id as cinder internal tenant" into stable/zed

73d596b... by Erlon R. Cruz

Use admin_tenant_id as cinder internal tenant

admin_tenant_id is more explicit than admin_tenant_name
as project names might duplicate

Charm-helpers-pr: https://github.com/juju/charm-helpers/pull/861

Depends-on: I6807128492cb184de3ef5f454d0ea745246b242e

Closes-Bug: #2030755
Change-Id: Idbc2f3d12dcf325b4a53a3dda1ecfa75a199295a
(cherry picked from commit ff442694d27e5481b9994a3dd4412a7a004d1c00)
(cherry picked from commit 80115a2cb219c72b36adfb60b94c3cd56dbaf086)
(cherry picked from commit e979c91908b0490ec78d9bc0f29254fdc38d1bb1)

4d99a5b... by Hua Zhang

Support disabling apache wsgi socket rotation

Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.

Closes-Bug: #2021550
Change-Id: Iefaea961e054bfcce8185b7d51062fb41c56e302

245a2e3... by Alex Kavanagh

[zed] Ensure get_requests_for_local_unit doesn't fail on incomplete relation

This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].

[1] https://github.com/juju/charm-helpers/pull/826
Closes-Bug: #2028683

Change-Id: Iac8a15c075800dbb44ac498c94c6e917d45614d1

fd24b08... by Corey Bryant

Use service_domain in [service_user] section

Sync from charm-helpers to update [service_user] config to use the
service domain.

The keystone charm currently creates two service users, one for the
service domain (for v3 authentication), and the other for the default
domain (for v2 authentication). The [service_user] config needs to
use the service domain.

Closes-Bug: #2026202
Change-Id: Ide81f02361cf7e2084d4513c7d7a1d4e35f8c86e

2356bf8... by Corey Bryant

Render [service_user] only for identity-service relation

The service token section [service_user] is not required when
cinder-volume is deployed as a separate service. In other words
it is not required for the identity-credentials relation.

The [service_user] section is nearly the same as the
[keystone_authtoken] section, and the keystone_authtoken data
is only produced for the IdentityServiceContext, therefore this
change will not render [service_user] for the
IdentityCredentialsContext.

Closes-Bug: #2024676
Change-Id: Iaecae3c22db1f4f2309f73f8c6836e6c072b848b
(cherry picked from commit ebbedcbf58660ce13823152d6943fee036af7e11)

4f2a352... by Jorge Merlino

Add support for using service tokens

This patch configures Cinder to send a service token along with the
received user token on requests to other services. This can allow those
other services to accept the request even if the user token has been
invalidated since received by Cinder. Also with this patch Cinder will
accept request from other services with invalid user tokens but valid
service tokens. Service tokens exist since Openstack Queens.

Closes-Bug: #1992840
Change-Id: I6cb9b1cb257db0b57bd7984c795b8caa1e3b74d9
(cherry picked from commit 81c330b5d87a64a7a9ec601f4dd263b836ee9c01)