From 4cca2330a273f68052c8b97e0ba56ae81a45802f Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 6 Jul 2020 08:30:33 +0900 Subject: [PATCH] Add support for trust_flush cron job This patch introcues a new class, keystone::cron::trust_flush, so that operators can configure a cron job to flush expired or soft deleted trusts[1] periodically. [1] https://github.com/openstack/keystone/commit/8232dabcf9cf182c4dc34eafecbe5b60b2438ed1 Change-Id: I1b0b66424d98b9181153e98f4b623ef30e8e1d09 --- manifests/cron/trust_flush.pp | 91 +++++++++++++++++++ .../cron-trust_flush-9a85af706076f55d.yaml | 5 + .../classes/keystone_cron_trust_flush_spec.rb | 67 ++++++++++++++ 3 files changed, 163 insertions(+) create mode 100644 manifests/cron/trust_flush.pp create mode 100644 releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml create mode 100644 spec/classes/keystone_cron_trust_flush_spec.rb diff --git a/manifests/cron/trust_flush.pp b/manifests/cron/trust_flush.pp new file mode 100644 index 000000000..ca6d2ac02 --- /dev/null +++ b/manifests/cron/trust_flush.pp @@ -0,0 +1,91 @@ +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: keystone::cron::trust_flush +# +# Installs a cron job to purge expired trusts. +# +# === Parameters +# +# [*ensure*] +# (Optional) Valid values are present, absent. +# Defaults to 'present' +# +# [*minute*] +# (Optional) Minute. +# Defaults to '1' +# +# [*hour*] +# (Optional) Hour. +# Defaults to * +# +# [*monthday*] +# (Optional) Day of month. +# Defaults to '*' +# +# [*month*] +# (Optional) Month. +# Defaults to '*' +# +# [*weekday*] +# (Optional) Day of week. +# Defaults to '*' +# +# [*maxdelay*] +# (Optional) Max random delay in seconds. Should be a positive integer. +# Induces a random delay before running the cronjob to avoid running all +# cron jobs at the same time on all hosts this job is configured. +# Defaults to 0 +# +# [*destination*] +# (Optional) Path to file to which rows should be archived +# Defaults to '/var/log/keystone/keystone-trustflush.log' +# +# [*user*] +# (Optional) Allow to run the crontab on behalf any user. +# Defaults to 'keystone' +# +class keystone::cron::trust_flush ( + $ensure = present, + $minute = 1, + $hour = '*', + $monthday = '*', + $month = '*', + $weekday = '*', + Integer $maxdelay = 0, + $destination = '/var/log/keystone/keystone-trustflush.log', + $user = 'keystone', +) { + + include keystone::deps + + if $maxdelay == 0 { + $sleep = '' + } else { + $sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; " + } + + cron { 'keystone-manage trust_flush': + ensure => $ensure, + command => "${sleep}keystone-manage trust_flush >>${destination} 2>&1", + environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + user => $user, + minute => $minute, + hour => $hour, + monthday => $monthday, + month => $month, + weekday => $weekday, + require => Anchor['keystone::install::end'], + } +} diff --git a/releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml b/releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml new file mode 100644 index 000000000..835bd268c --- /dev/null +++ b/releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The new ``keystone::cron::trust_flush`` class was added to configure + a cron job to purge expired or soft-deleted trusts. diff --git a/spec/classes/keystone_cron_trust_flush_spec.rb b/spec/classes/keystone_cron_trust_flush_spec.rb new file mode 100644 index 000000000..9401b3e7f --- /dev/null +++ b/spec/classes/keystone_cron_trust_flush_spec.rb @@ -0,0 +1,67 @@ +require 'spec_helper' + +describe 'keystone::cron::trust_flush' do + let :params do + {} + end + + shared_examples 'keystone::cron::trust_flush' do + context 'with default parameters' do + it { is_expected.to contain_class('keystone::deps') } + + it { is_expected.to contain_cron('keystone-manage trust_flush').with( + :ensure => 'present', + :command => 'keystone-manage trust_flush >>/var/log/keystone/keystone-trustflush.log 2>&1', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + :user => 'keystone', + :minute => 1, + :hour => '*', + :monthday => '*', + :month => '*', + :weekday => '*', + :require => 'Anchor[keystone::install::end]', + )} + end + + context 'with overriden params' do + before do + params.merge!( :ensure => 'absent', + :minute => 13, + :hour => 23, + :monthday => 3, + :month => 4, + :weekday => 2, + :maxdelay => 600, + :destination => '/tmp/trustflush.log', + :user => 'nobody' ) + end + + it { is_expected.to contain_class('keystone::deps') } + + it { is_expected.to contain_cron('keystone-manage trust_flush').with( + :ensure => params[:ensure], + :command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; keystone-manage trust_flush >>#{params[:destination]} 2>&1", + :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + :user => params[:user], + :minute => params[:minute], + :hour => params[:hour], + :monthday => params[:monthday], + :month => params[:month], + :weekday => params[:weekday], + :require => 'Anchor[keystone::install::end]', + )} + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts({})) + end + + it_behaves_like 'keystone::cron::trust_flush' + end + end +end