Drop token-flush cronjob

We now only support fernet tokens, for which token flushing is no longer
needed, see [1]. So we drop the corresponding cron job and the
attributes to configure it. This also gets rid of the error messages
which it is currently producing.

[1] https://docs.openstack.org/security-guide/identity/tokens.html#fernet-tokens

Change-Id: Ia5fe5f5d0c98ca0a77f03478edfe1777e0a89612
This commit is contained in:
Jens Harbott 2017-08-21 12:26:26 +00:00
parent 862bfdd7c4
commit 275c12c3a6
3 changed files with 0 additions and 40 deletions

View File

@ -141,19 +141,6 @@ default['openstack']['identity']['auth']['methods'] = 'external, password, token
# Default auth_version for now
default['openstack']['identity']['auth']['version'] = 'v3'
# enable or disable the usage of the token flushing cronjob
default['openstack']['identity']['token_flush_cron']['enabled'] = true
# log file location for token flushing cronjob
default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
# hour to run token flushing cronjob
default['openstack']['identity']['token_flush_cron']['hour'] = '*'
# minute to run token flushing cronjob
default['openstack']['identity']['token_flush_cron']['minute'] = '0'
# day to run token flushing cronjob
default['openstack']['identity']['token_flush_cron']['day'] = '*'
# weekday to run token flushing cronjob
default['openstack']['identity']['token_flush_cron']['weekday'] = '*'
# configuration directory for keystone domain specific options
default['openstack']['identity']['identity']['domain_config_dir'] = '/etc/keystone/domains'

View File

@ -275,21 +275,6 @@ execute 'keystone bootstrap' do
command "keystone-manage bootstrap --bootstrap-password \"#{admin_pass}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{identity_admin_endpoint} --bootstrap-public-url #{identity_public_endpoint} --bootstrap-internal-url #{identity_internal_endpoint}"
end
# configure the flush tokens cronjob
should_run_cron = node['openstack']['identity']['token_flush_cron']['enabled'] && node['openstack']['identity']['token']['backend'] == 'sql'
log_file = node['openstack']['identity']['token_flush_cron']['log_file']
cron 'keystone-manage-token-flush' do
minute node['openstack']['identity']['token_flush_cron']['minute']
hour node['openstack']['identity']['token_flush_cron']['hour']
day node['openstack']['identity']['token_flush_cron']['day']
weekday node['openstack']['identity']['token_flush_cron']['weekday']
action should_run_cron ? :create : :delete
user node['openstack']['identity']['user']
command "keystone-manage token_flush > #{log_file} 2>&1; "\
"echo keystone-manage token_flush ran at $(/bin/date) with exit code $? >> #{log_file}"
end
#### Start of Apache specific work
# configure attributes for apache2 cookbook to align with openstack settings

View File

@ -49,18 +49,6 @@ describe 'openstack-identity::server-apache' do
it 'bootstrap with keystone-manage' do
expect(chef_run).to run_execute('keystone bootstrap').with(command: "keystone-manage bootstrap --bootstrap-password \"#{password}\" --bootstrap-region-id \"#{region}\" --bootstrap-admin-url #{admin_url} --bootstrap-public-url #{public_url} --bootstrap-internal-url #{internal_url}")
end
it 'has flush tokens cronjob running every day at 3:30am' do
expect(chef_run).to create_cron('keystone-manage-token-flush').with_command(/keystone-manage token_flush/)
expect(chef_run).to create_cron('keystone-manage-token-flush').with_minute('0')
expect(chef_run).to create_cron('keystone-manage-token-flush').with_hour('*')
expect(chef_run).to create_cron('keystone-manage-token-flush').with_day('*')
expect(chef_run).to create_cron('keystone-manage-token-flush').with_weekday('*')
end
it 'deletes flush tokens cronjob when tokens backend is not sql' do
node.set['openstack']['identity']['token']['backend'] = 'notsql'
expect(chef_run).to delete_cron('keystone-manage-token-flush')
end
describe '/etc/keystone' do
let(:dir) { chef_run.directory('/etc/keystone') }