Drop token-flush cronjob
We now only support fernet tokens, for which token flushing is no longer needed, see [1]. So we drop the corresponding cron job and the attributes to configure it. This also gets rid of the error messages which it is currently producing. [1] https://docs.openstack.org/security-guide/identity/tokens.html#fernet-tokens Change-Id: Ia5fe5f5d0c98ca0a77f03478edfe1777e0a89612
This commit is contained in:
parent
862bfdd7c4
commit
275c12c3a6
|
@ -141,19 +141,6 @@ default['openstack']['identity']['auth']['methods'] = 'external, password, token
|
|||
# Default auth_version for now
|
||||
default['openstack']['identity']['auth']['version'] = 'v3'
|
||||
|
||||
# enable or disable the usage of the token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['enabled'] = true
|
||||
# log file location for token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
|
||||
# hour to run token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['hour'] = '*'
|
||||
# minute to run token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['minute'] = '0'
|
||||
# day to run token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['day'] = '*'
|
||||
# weekday to run token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['weekday'] = '*'
|
||||
|
||||
# configuration directory for keystone domain specific options
|
||||
default['openstack']['identity']['identity']['domain_config_dir'] = '/etc/keystone/domains'
|
||||
|
||||
|
|
|
@ -275,21 +275,6 @@ execute 'keystone bootstrap' do
|
|||
command "keystone-manage bootstrap --bootstrap-password \"#{admin_pass}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{identity_admin_endpoint} --bootstrap-public-url #{identity_public_endpoint} --bootstrap-internal-url #{identity_internal_endpoint}"
|
||||
end
|
||||
|
||||
# configure the flush tokens cronjob
|
||||
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
|
||||
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
|
||||
|
||||
cron 'keystone-manage-token-flush' do
|
||||
minute node['openstack']['identity']['token_flush_cron']['minute']
|
||||
hour node['openstack']['identity']['token_flush_cron']['hour']
|
||||
day node['openstack']['identity']['token_flush_cron']['day']
|
||||
weekday node['openstack']['identity']['token_flush_cron']['weekday']
|
||||
action should_run_cron ? :create : :delete
|
||||
user node['openstack']['identity']['user']
|
||||
command "keystone-manage token_flush > #{log_file} 2>&1; "\
|
||||
"echo keystone-manage token_flush ran at $(/bin/date) with exit code $? >> #{log_file}"
|
||||
end
|
||||
|
||||
#### Start of Apache specific work
|
||||
|
||||
# configure attributes for apache2 cookbook to align with openstack settings
|
||||
|
|
|
@ -49,18 +49,6 @@ describe 'openstack-identity::server-apache' do
|
|||
it 'bootstrap with keystone-manage' do
|
||||
expect(chef_run).to run_execute('keystone bootstrap').with(command: "keystone-manage bootstrap --bootstrap-password \"#{password}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{admin_url} --bootstrap-public-url #{public_url} --bootstrap-internal-url #{internal_url}")
|
||||
end
|
||||
it 'has flush tokens cronjob running every day at 3:30am' do
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_hour('*')
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_day('*')
|
||||
expect(chef_run).to create_cron('keystone-manage-token-flush').with_weekday('*')
|
||||
end
|
||||
|
||||
it 'deletes flush tokens cronjob when tokens backend is not sql' do
|
||||
node.set['openstack']['identity']['token']['backend'] = 'notsql'
|
||||
expect(chef_run).to delete_cron('keystone-manage-token-flush')
|
||||
end
|
||||
|
||||
describe '/etc/keystone' do
|
||||
let(:dir) { chef_run.directory('/etc/keystone') }
|
||||
|
|
Loading…
Reference in New Issue