We place these in a 'legacy_migrations' directory, as we will soon be
adding alembic-based migrations in a 'migration' directory.
Change-Id: Ib927e4c48f59a467a913875111ffbf64ffe0de90
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The link of `TLS everywhere` should be 'https://docs.openstack.org/
project-deploy-guide/tripleo-docs/latest/features/tls-everywhere.html'.
Closes-Bug: #1933062
Change-Id: I468b82edeb899b0a780f8b545ad23ee0428a93ea
The task_log table contains instance usage audit records if
nova-compute has been configured with [DEFAULT]instance_usage_audit =
True. This will be the case if OpenStack Telemetry is being used in the
deployment, as the option causes nova to generate audit information
that Telemetry then retrieves from the server usage audit log API [1].
Historically, there has been no way to delete task_log table records
other than manual database modification. Because of this, task_log
records could pile up over time and operators are forced to perform
manual steps to periodically truncate the table.
This adds a --task-log option to the 'nova-manage db
archive_deleted_rows' CLI to also archive task_log records while
archiving the database. --task-log works in conjunction with --before
if operators desire archving only records that are older than <date>.
The 'updated_at' field is used by --task-log --before <date> to
determine the age of a task_log record for archival.
Closes-Bug: #1877189
[1] https://docs.openstack.org/api-ref/compute/#server-usage-audit-log-os-instance-usage-audit-log
Change-Id: Ibed67854a693c930effd4dba7aca6cd03b65bd92
Nova does not support all the scope provided by
keystone. It is better to mention the supported
scope and default roles.
Also adding a table to map the legacy rules with new
rules.
Change-Id: If7f025b3eaeda2df0cb1efd567b8fc60e274d09c
We now have good documentation on the PCI NUMA affinity policies
(thanks, artom!) so we can close out this TODO. Hurrah!
Change-Id: I4e6402bd192ea0d2efb26b52a7ceb65d924ec928
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We support Python 3.6 as a minimum now, making these checks no-ops.
Change-Id: I5ca2439c948687022f8d88df978bc7ee77199fcc
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Turns out oslo.config actually supports executable-specific
configuration files as well as directories of configuration files. Who
knew?
Change-Id: Ifb71a45ed4df3c9cacd2193beed904f948f5cdc8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
I don't actually grok what this does that 'oslopolicy-checker' couldn't
do, so perhaps we can deprecate this in the future. For now though,
simply document the thing. While we're here, we make some additional
related changes:
- Remove references to the 'policy.yaml' file for services that don't
use policy (i.e. everything except the API services and, due to a bug,
the nova-compute service).
- Update remaining references to the 'policy.yaml' file to include the
'policy.d/' directory
- Update the help text for the '--api-name' and '--target' options of
the 'nova-policy policy check' command to correct tense and better
explain their purpose.
Also, yes, 'nova-policy policy check' is dumb. Don't blame me :)
Change-Id: I913b0de9ec40a615da7bf9981852edef4a88fecb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #1675486
Most of these share the same collection of oslo.config and oslo.log
options so it makes sense to group them together. The only exception is
nova-rootwrap, which is a wrapper around the 'oslo_rootwrap.cmd.main'
module, which curiously does not use argparse and doesn't have any
options.
Change-Id: I393ff162be58700956fbab29ff6b9ba3cf5860a6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have them. Let's use them. The resulting man pages aren't perfect,
but they're *much* better.
Change-Id: I84d54a246fecbd2f7d2950d6c6044f7cd1b8e9df
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This is step one in improving the usability of these docs. The current
style makes it impossible to link to individual commands from the built
docs. There is a better way. Use headers along with code blocks to show
the actual command. This was mostly generated from a find-replace along
with some follow-up manual fixes.
Change-Id: Icd25006f31c8e34fe33d79779e0577dc78f96a24
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Stephen Finucane