Run token flush cron job hourly by default
Running this job once a day has proven problematic for large
deployments as seen in the bug report. Setting it to run hourly
would be an improvement to the current situation, as the flushes
wouldn't need to process as much data.
Note that this only affects people using UUID as the token provider.
Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a
Related-Bug: #1649616
(cherry picked from commit 65e643aca2
)
This commit is contained in:
parent
3633d16daa
commit
6299a169b4
|
@ -98,6 +98,51 @@ parameters:
|
|||
default:
|
||||
tag: openstack.keystone
|
||||
path: /var/log/keystone/keystone.log
|
||||
KeystoneCronTokenFlushEnsure:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - Ensure
|
||||
default: "present"
|
||||
KeystoneCronTokenFlushMinute:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Minute
|
||||
default: '1'
|
||||
KeystoneCronTokenFlushHour:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Hour
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMonthday:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Month Day
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMonth:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Month
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushWeekday:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Week Day
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMaxDelay:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - Max Delay
|
||||
default: '0'
|
||||
KeystoneCronTokenFlushDestination:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - Log destination
|
||||
default: '/var/log/keystone/keystone-tokenflush.log'
|
||||
KeystoneCronTokenFlushUser:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - User
|
||||
default: "keystone"
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -202,6 +247,15 @@ outputs:
|
|||
keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
|
||||
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
|
||||
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
|
||||
keystone::cron::token_flush::monthday: {get_param: KeystoneCronTokenFlushMonthday}
|
||||
keystone::cron::token_flush::month: {get_param: KeystoneCronTokenFlushMonth}
|
||||
keystone::cron::token_flush::weekday: {get_param: KeystoneCronTokenFlushWeekday}
|
||||
keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
|
||||
keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
|
||||
keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::keystone
|
||||
service_config_settings:
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
fixes:
|
||||
- The token flush cron job has been modified to run hourly instead of once
|
||||
a day. This is because this was causing issues with larger deployments, as
|
||||
the operation would take too long and sometimes even fail because of the
|
||||
transaction being so large. Note that this only affects people using the
|
||||
UUID token provider.
|
Loading…
Reference in New Issue