Add LDAP connection pool settings

This commit adds LDAP connection pool configuration settings currently missing from keystone.conf template. Change-Id: If76f71564e055608342352ddb80fbba8d078d61d Closes-bug: #1480577
2015-08-01 11:19:24 -07:00 · 2015-08-01 11:19:24 -07:00 · b117e31b60
parent 3d4707453c
commit b117e31b60
4 changed files with 77 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -277,6 +277,16 @@ Please refer to the Common cookbook for more attributes.
 * `openstack['identity']['ldap']['tls_cacertfile']` - Path to CA cert file (default: nil)
 * `openstack['identity']['ldap']['tls_cacertdir']` - Path to CA cert directory (default: nil)
 * `openstack['identity']['ldap']['tls_req_cert']` - CA cert check ('demand', 'allow' or 'never', default: 'demand')
+* `openstack['identity']['ldap']['use_pool']` - Enable LDAP connection pool
+* `openstack['identity']['ldap']['pool_size']` - Connection pool size
+* `openstack['identity']['ldap']['pool_retry_max']` - Maximum count of reconnect trials
+* `openstack['identity']['ldap']['pool_retry_delay']` - Time span in seconds to wait between two reconnect trials (floating point value)
+* `openstack['identity']['ldap']['pool_connection_timeout']` - Connector timeout in seconds. Value -1 indicates indefinite
+* `openstack['identity']['ldap']['pool_connection_lifetime']` - Connection lifetime in seconds.(integer value)
+* `openstack['identity']['ldap']['use_auth_pool']` - Enable LDAP connection pooling for end user authentication
+* `openstack['identity']['ldap']['auth_pool_size']` - End user auth connection pool size. (integer value)
+* `openstack['identity']['ldap']['auth_pool_connection_lifetime']` -  End user auth connection lifetime in seconds. (integervalue)
+
 * `openstack['identity']['misc_keystone']` - **Array of strings to be added to keystone.conf**
 * `openstack['identity']['list_limit']` - Maximum number of entities that will be returned in a collection
 * `openstack['identity']['assignment']['list_limit']` - Maximum number of entities that will be returned in a assignment collection
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -354,6 +354,17 @@ default['openstack']['identity']['ldap']['group_allow_create'] = true
 default['openstack']['identity']['ldap']['group_allow_update'] = true
 default['openstack']['identity']['ldap']['group_allow_delete'] = true

+# LDAP connection pool settings
+default['openstack']['identity']['ldap']['use_pool'] = false
+default['openstack']['identity']['ldap']['pool_size'] = 10
+default['openstack']['identity']['ldap']['pool_retry_max'] = 3
+default['openstack']['identity']['ldap']['pool_retry_delay'] = 0.1
+default['openstack']['identity']['ldap']['pool_connection_timeout'] = 3
+default['openstack']['identity']['ldap']['pool_connection_lifetime'] = 600
+default['openstack']['identity']['ldap']['use_auth_pool'] = false
+default['openstack']['identity']['ldap']['auth_pool_size'] = 100
+default['openstack']['identity']['ldap']['auth_pool_connection_lifetime'] = 60
+
 # Token flushing cronjob
 default['openstack']['identity']['token_flush_cron']['enabled'] = node['openstack']['identity']['token']['backend'] == 'sql'
 default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@ -710,6 +710,27 @@ describe 'openstack-identity::server' do
            expect(chef_run).to render_config_file(path).with_section_content('ldap', /^#{Regexp.quote(a)} = \w+/)
          end
        end
+
+        context 'when connection pool enabled' do
+          before do
+            node.set['openstack']['identity']['ldap']['use_pool'] = true
+          end
+          [
+            /use_pool = true/,
+            /pool_size = 10/,
+            /pool_retry_max = 3/,
+            /pool_retry_delay = 0.1/,
+            /pool_connection_timeout = 3/,
+            /pool_connection_lifetime = 600/,
+            /use_auth_pool = false/,
+            /auth_pool_size = 100/,
+            /auth_pool_connection_lifetime = 60/
+          ].each do |line|
+            it "has LDAP setting #{line.source}" do
+              expect(chef_run).to render_config_file(path).with_section_content('ldap', line)
+            end
+          end
+        end
      end

      describe '[identity] section' do
--- a/templates/default/keystone.conf.erb
+++ b/templates/default/keystone.conf.erb
@ -663,6 +663,41 @@ group_allow_update = <%= @ldap["group_allow_update"] %>
 #group_allow_delete = true
 group_allow_delete = <%= @ldap["group_allow_delete"] %>

+<% if @ldap['use_pool'] -%>
+# Enable LDAP connection pooling. (boolean value)
+use_pool = true
+
+# Connection pool size. (integer value)
+pool_size = <%= @ldap['pool_size'] %>
+
+# Maximum count of reconnect trials. (integer value)
+pool_retry_max = <%= @ldap['pool_retry_max'] %>
+
+# Time span in seconds to wait between two reconnect trials.
+# (floating point value)
+pool_retry_delay = <%= @ldap['pool_retry_delay'] %>
+
+# Connector timeout in seconds. Value -1 indicates indefinite
+# wait for response. (integer value)
+pool_connection_timeout = <%= @ldap['pool_connection_timeout'] %>
+
+# Connection lifetime in seconds. (integer value)
+pool_connection_lifetime = <%= @ldap['pool_connection_lifetime'] %>
+
+# Enable LDAP connection pooling for end user authentication.
+# If use_pool is disabled, then this setting is meaningless
+# and is not used at all. (boolean value)
+use_auth_pool = <%= @ldap['use_auth_pool'] %>
+
+# End user auth connection pool size. (integer value)
+auth_pool_size = <%= @ldap['auth_pool_size'] %>
+
+# End user auth connection lifetime in seconds. (integer
+# value)
+auth_pool_connection_lifetime = <%= @ldap['auth_pool_connection_lifetime'] %>
+<% end -%>
+
+
 # Enable TLS for communicating with LDAP servers. (boolean value)
 #use_tls = false
 <% if @ldap["use_tls"] -%>