Add LDAP connection pool settings
This commit adds LDAP connection pool configuration settings currently missing from keystone.conf template. Change-Id: If76f71564e055608342352ddb80fbba8d078d61d Closes-bug: #1480577
This commit is contained in:
parent
3d4707453c
commit
b117e31b60
10
README.md
10
README.md
|
@ -277,6 +277,16 @@ Please refer to the Common cookbook for more attributes.
|
||||||
* `openstack['identity']['ldap']['tls_cacertfile']` - Path to CA cert file (default: nil)
|
* `openstack['identity']['ldap']['tls_cacertfile']` - Path to CA cert file (default: nil)
|
||||||
* `openstack['identity']['ldap']['tls_cacertdir']` - Path to CA cert directory (default: nil)
|
* `openstack['identity']['ldap']['tls_cacertdir']` - Path to CA cert directory (default: nil)
|
||||||
* `openstack['identity']['ldap']['tls_req_cert']` - CA cert check ('demand', 'allow' or 'never', default: 'demand')
|
* `openstack['identity']['ldap']['tls_req_cert']` - CA cert check ('demand', 'allow' or 'never', default: 'demand')
|
||||||
|
* `openstack['identity']['ldap']['use_pool']` - Enable LDAP connection pool
|
||||||
|
* `openstack['identity']['ldap']['pool_size']` - Connection pool size
|
||||||
|
* `openstack['identity']['ldap']['pool_retry_max']` - Maximum count of reconnect trials
|
||||||
|
* `openstack['identity']['ldap']['pool_retry_delay']` - Time span in seconds to wait between two reconnect trials (floating point value)
|
||||||
|
* `openstack['identity']['ldap']['pool_connection_timeout']` - Connector timeout in seconds. Value -1 indicates indefinite
|
||||||
|
* `openstack['identity']['ldap']['pool_connection_lifetime']` - Connection lifetime in seconds.(integer value)
|
||||||
|
* `openstack['identity']['ldap']['use_auth_pool']` - Enable LDAP connection pooling for end user authentication
|
||||||
|
* `openstack['identity']['ldap']['auth_pool_size']` - End user auth connection pool size. (integer value)
|
||||||
|
* `openstack['identity']['ldap']['auth_pool_connection_lifetime']` - End user auth connection lifetime in seconds. (integervalue)
|
||||||
|
|
||||||
* `openstack['identity']['misc_keystone']` - **Array of strings to be added to keystone.conf**
|
* `openstack['identity']['misc_keystone']` - **Array of strings to be added to keystone.conf**
|
||||||
* `openstack['identity']['list_limit']` - Maximum number of entities that will be returned in a collection
|
* `openstack['identity']['list_limit']` - Maximum number of entities that will be returned in a collection
|
||||||
* `openstack['identity']['assignment']['list_limit']` - Maximum number of entities that will be returned in a assignment collection
|
* `openstack['identity']['assignment']['list_limit']` - Maximum number of entities that will be returned in a assignment collection
|
||||||
|
|
|
@ -354,6 +354,17 @@ default['openstack']['identity']['ldap']['group_allow_create'] = true
|
||||||
default['openstack']['identity']['ldap']['group_allow_update'] = true
|
default['openstack']['identity']['ldap']['group_allow_update'] = true
|
||||||
default['openstack']['identity']['ldap']['group_allow_delete'] = true
|
default['openstack']['identity']['ldap']['group_allow_delete'] = true
|
||||||
|
|
||||||
|
# LDAP connection pool settings
|
||||||
|
default['openstack']['identity']['ldap']['use_pool'] = false
|
||||||
|
default['openstack']['identity']['ldap']['pool_size'] = 10
|
||||||
|
default['openstack']['identity']['ldap']['pool_retry_max'] = 3
|
||||||
|
default['openstack']['identity']['ldap']['pool_retry_delay'] = 0.1
|
||||||
|
default['openstack']['identity']['ldap']['pool_connection_timeout'] = 3
|
||||||
|
default['openstack']['identity']['ldap']['pool_connection_lifetime'] = 600
|
||||||
|
default['openstack']['identity']['ldap']['use_auth_pool'] = false
|
||||||
|
default['openstack']['identity']['ldap']['auth_pool_size'] = 100
|
||||||
|
default['openstack']['identity']['ldap']['auth_pool_connection_lifetime'] = 60
|
||||||
|
|
||||||
# Token flushing cronjob
|
# Token flushing cronjob
|
||||||
default['openstack']['identity']['token_flush_cron']['enabled'] = node['openstack']['identity']['token']['backend'] == 'sql'
|
default['openstack']['identity']['token_flush_cron']['enabled'] = node['openstack']['identity']['token']['backend'] == 'sql'
|
||||||
default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
|
default['openstack']['identity']['token_flush_cron']['log_file'] = '/var/log/keystone/token-flush.log'
|
||||||
|
|
|
@ -710,6 +710,27 @@ describe 'openstack-identity::server' do
|
||||||
expect(chef_run).to render_config_file(path).with_section_content('ldap', /^#{Regexp.quote(a)} = \w+/)
|
expect(chef_run).to render_config_file(path).with_section_content('ldap', /^#{Regexp.quote(a)} = \w+/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when connection pool enabled' do
|
||||||
|
before do
|
||||||
|
node.set['openstack']['identity']['ldap']['use_pool'] = true
|
||||||
|
end
|
||||||
|
[
|
||||||
|
/use_pool = true/,
|
||||||
|
/pool_size = 10/,
|
||||||
|
/pool_retry_max = 3/,
|
||||||
|
/pool_retry_delay = 0.1/,
|
||||||
|
/pool_connection_timeout = 3/,
|
||||||
|
/pool_connection_lifetime = 600/,
|
||||||
|
/use_auth_pool = false/,
|
||||||
|
/auth_pool_size = 100/,
|
||||||
|
/auth_pool_connection_lifetime = 60/
|
||||||
|
].each do |line|
|
||||||
|
it "has LDAP setting #{line.source}" do
|
||||||
|
expect(chef_run).to render_config_file(path).with_section_content('ldap', line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '[identity] section' do
|
describe '[identity] section' do
|
||||||
|
|
|
@ -663,6 +663,41 @@ group_allow_update = <%= @ldap["group_allow_update"] %>
|
||||||
#group_allow_delete = true
|
#group_allow_delete = true
|
||||||
group_allow_delete = <%= @ldap["group_allow_delete"] %>
|
group_allow_delete = <%= @ldap["group_allow_delete"] %>
|
||||||
|
|
||||||
|
<% if @ldap['use_pool'] -%>
|
||||||
|
# Enable LDAP connection pooling. (boolean value)
|
||||||
|
use_pool = true
|
||||||
|
|
||||||
|
# Connection pool size. (integer value)
|
||||||
|
pool_size = <%= @ldap['pool_size'] %>
|
||||||
|
|
||||||
|
# Maximum count of reconnect trials. (integer value)
|
||||||
|
pool_retry_max = <%= @ldap['pool_retry_max'] %>
|
||||||
|
|
||||||
|
# Time span in seconds to wait between two reconnect trials.
|
||||||
|
# (floating point value)
|
||||||
|
pool_retry_delay = <%= @ldap['pool_retry_delay'] %>
|
||||||
|
|
||||||
|
# Connector timeout in seconds. Value -1 indicates indefinite
|
||||||
|
# wait for response. (integer value)
|
||||||
|
pool_connection_timeout = <%= @ldap['pool_connection_timeout'] %>
|
||||||
|
|
||||||
|
# Connection lifetime in seconds. (integer value)
|
||||||
|
pool_connection_lifetime = <%= @ldap['pool_connection_lifetime'] %>
|
||||||
|
|
||||||
|
# Enable LDAP connection pooling for end user authentication.
|
||||||
|
# If use_pool is disabled, then this setting is meaningless
|
||||||
|
# and is not used at all. (boolean value)
|
||||||
|
use_auth_pool = <%= @ldap['use_auth_pool'] %>
|
||||||
|
|
||||||
|
# End user auth connection pool size. (integer value)
|
||||||
|
auth_pool_size = <%= @ldap['auth_pool_size'] %>
|
||||||
|
|
||||||
|
# End user auth connection lifetime in seconds. (integer
|
||||||
|
# value)
|
||||||
|
auth_pool_connection_lifetime = <%= @ldap['auth_pool_connection_lifetime'] %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
|
||||||
# Enable TLS for communicating with LDAP servers. (boolean value)
|
# Enable TLS for communicating with LDAP servers. (boolean value)
|
||||||
#use_tls = false
|
#use_tls = false
|
||||||
<% if @ldap["use_tls"] -%>
|
<% if @ldap["use_tls"] -%>
|
||||||
|
|
Loading…
Reference in New Issue