Add LDAP connection pool settings
This commit adds LDAP connection pool configuration settings currently missing from keystone.conf template. Change-Id: If76f71564e055608342352ddb80fbba8d078d61d Closes-bug: #1480577
This commit is contained in:
parent
3d4707453c
commit
b117e31b60
10
README.md
10
README.md
|
@ -277,6 +277,16 @@ Please refer to the Common cookbook for more attributes.
|
|||
* `openstack['identity']['ldap']['tls_cacertfile']` - Path to CA cert file (default: nil)
|
||||
* `openstack['identity']['ldap']['tls_cacertdir']` - Path to CA cert directory (default: nil)
|
||||
* `openstack['identity']['ldap']['tls_req_cert']` - CA cert check ('demand', 'allow' or 'never', default: 'demand')
|
||||
* `openstack['identity']['ldap']['use_pool']` - Enable LDAP connection pool
|
||||
* `openstack['identity']['ldap']['pool_size']` - Connection pool size
|
||||
* `openstack['identity']['ldap']['pool_retry_max']` - Maximum count of reconnect trials
|
||||
* `openstack['identity']['ldap']['pool_retry_delay']` - Time span in seconds to wait between two reconnect trials (floating point value)
|
||||
* `openstack['identity']['ldap']['pool_connection_timeout']` - Connector timeout in seconds. Value -1 indicates indefinite
|
||||
* `openstack['identity']['ldap']['pool_connection_lifetime']` - Connection lifetime in seconds.(integer value)
|
||||
* `openstack['identity']['ldap']['use_auth_pool']` - Enable LDAP connection pooling for end user authentication
|
||||
* `openstack['identity']['ldap']['auth_pool_size']` - End user auth connection pool size. (integer value)
|
||||
* `openstack['identity']['ldap']['auth_pool_connection_lifetime']` - End user auth connection lifetime in seconds. (integervalue)
|
||||
|
||||
* `openstack['identity']['misc_keystone']` - **Array of strings to be added to keystone.conf**
|
||||
* `openstack['identity']['list_limit']` - Maximum number of entities that will be returned in a collection
|
||||
* `openstack['identity']['assignment']['list_limit']` - Maximum number of entities that will be returned in a assignment collection
|
||||
|
|
|
@ -354,6 +354,17 @@ default['openstack']['identity']['ldap']['group_allow_create'] = true
|
|||
default['openstack']['identity']['ldap']['group_allow_update'] = true
|
||||
default['openstack']['identity']['ldap']['group_allow_delete'] = true
|
||||
|
||||
# LDAP connection pool settings
|
||||
default['openstack']['identity']['ldap']['use_pool'] = false
|
||||
default['openstack']['identity']['ldap']['pool_size'] = 10
|
||||
default['openstack']['identity']['ldap']['pool_retry_max'] = 3
|
||||
default['openstack']['identity']['ldap']['pool_retry_delay'] = 0.1
|
||||
default['openstack']['identity']['ldap']['pool_connection_timeout'] = 3
|
||||
default['openstack']['identity']['ldap']['pool_connection_lifetime'] = 600
|
||||
default['openstack']['identity']['ldap']['use_auth_pool'] = false
|
||||
default['openstack']['identity']['ldap']['auth_pool_size'] = 100
|
||||
default['openstack']['identity']['ldap']['auth_pool_connection_lifetime'] = 60
|
||||
|
||||
# Token flushing cronjob
|
||||
default['openstack']['identity']['token_flush_cron']['enabled'] = node['openstack']['identity']['token']['backend'] == 'sql'
|
||||
default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
|
||||
|
|
|
@ -710,6 +710,27 @@ describe 'openstack-identity::server' do
|
|||
expect(chef_run).to render_config_file(path).with_section_content('ldap', /^#{Regexp.quote(a)} = \w+/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when connection pool enabled' do
|
||||
before do
|
||||
node.set['openstack']['identity']['ldap']['use_pool'] = true
|
||||
end
|
||||
[
|
||||
/use_pool = true/,
|
||||
/pool_size = 10/,
|
||||
/pool_retry_max = 3/,
|
||||
/pool_retry_delay = 0.1/,
|
||||
/pool_connection_timeout = 3/,
|
||||
/pool_connection_lifetime = 600/,
|
||||
/use_auth_pool = false/,
|
||||
/auth_pool_size = 100/,
|
||||
/auth_pool_connection_lifetime = 60/
|
||||
].each do |line|
|
||||
it "has LDAP setting #{line.source}" do
|
||||
expect(chef_run).to render_config_file(path).with_section_content('ldap', line)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '[identity] section' do
|
||||
|
|
|
@ -663,6 +663,41 @@ group_allow_update = <%= @ldap["group_allow_update"] %>
|
|||
#group_allow_delete = true
|
||||
group_allow_delete = <%= @ldap["group_allow_delete"] %>
|
||||
|
||||
<% if @ldap['use_pool'] -%>
|
||||
# Enable LDAP connection pooling. (boolean value)
|
||||
use_pool = true
|
||||
|
||||
# Connection pool size. (integer value)
|
||||
pool_size = <%= @ldap['pool_size'] %>
|
||||
|
||||
# Maximum count of reconnect trials. (integer value)
|
||||
pool_retry_max = <%= @ldap['pool_retry_max'] %>
|
||||
|
||||
# Time span in seconds to wait between two reconnect trials.
|
||||
# (floating point value)
|
||||
pool_retry_delay = <%= @ldap['pool_retry_delay'] %>
|
||||
|
||||
# Connector timeout in seconds. Value -1 indicates indefinite
|
||||
# wait for response. (integer value)
|
||||
pool_connection_timeout = <%= @ldap['pool_connection_timeout'] %>
|
||||
|
||||
# Connection lifetime in seconds. (integer value)
|
||||
pool_connection_lifetime = <%= @ldap['pool_connection_lifetime'] %>
|
||||
|
||||
# Enable LDAP connection pooling for end user authentication.
|
||||
# If use_pool is disabled, then this setting is meaningless
|
||||
# and is not used at all. (boolean value)
|
||||
use_auth_pool = <%= @ldap['use_auth_pool'] %>
|
||||
|
||||
# End user auth connection pool size. (integer value)
|
||||
auth_pool_size = <%= @ldap['auth_pool_size'] %>
|
||||
|
||||
# End user auth connection lifetime in seconds. (integer
|
||||
# value)
|
||||
auth_pool_connection_lifetime = <%= @ldap['auth_pool_connection_lifetime'] %>
|
||||
<% end -%>
|
||||
|
||||
|
||||
# Enable TLS for communicating with LDAP servers. (boolean value)
|
||||
#use_tls = false
|
||||
<% if @ldap["use_tls"] -%>
|
||||
|
|
Loading…
Reference in New Issue