Change keystone token flush to run hourly
In a recent commit [1] the keystone token flush cron job was changed to run twice a day. However, this change was not enough for big deployments. After getting some customer feedback and looking at what other projects are doing [2] [3] [4]. It seems that running this job hourly is the way to go. [1] Ia0b0fb422318712f4b0f4d023cbb3a61d40bb85d [2] https://www.ibm.com/support/knowledgecenter/en/SSB27U_6.4.0/com.ibm.zvm.v640.hcpo4/exptoken.htm [3] https://review.openstack.org/#/c/88670/8 [4] https://github.com/openstack/charm-keystone/blob/master/templates/keystone-token-flush Conflicts: manifests/cron/token_flush.pp spec/acceptance/keystone_federation_identity_provider_spec.rb spec/acceptance/keystone_federation_shibboleth_spec.rb spec/acceptance/keystone_wsgi_apache_spec.rb spec/classes/keystone_cron_token_flush_spec.rb (cherry picked from commitf694b5551f
) Change-Id: I6ec7ec8111bd93e5638cfe96189e36f0e0691d65 Related-Bug: #1649616 (cherry picked from commit90ffc7f600
)
This commit is contained in:
parent
85f1c54b30
commit
c1bda5f81e
|
@ -29,7 +29,7 @@
|
||||||
# (optional) Defaults to '1'.
|
# (optional) Defaults to '1'.
|
||||||
#
|
#
|
||||||
# [*hour*]
|
# [*hour*]
|
||||||
# (optional) Defaults to '0'.
|
# (optional) Defaults to *.
|
||||||
#
|
#
|
||||||
# [*monthday*]
|
# [*monthday*]
|
||||||
# (optional) Defaults to '*'.
|
# (optional) Defaults to '*'.
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
class keystone::cron::token_flush (
|
class keystone::cron::token_flush (
|
||||||
$ensure = present,
|
$ensure = present,
|
||||||
$minute = 1,
|
$minute = 1,
|
||||||
$hour = 0,
|
$hour = '*',
|
||||||
$monthday = '*',
|
$monthday = '*',
|
||||||
$month = '*',
|
$month = '*',
|
||||||
$weekday = '*',
|
$weekday = '*',
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- The token flush cron job has been modified to run every hour instead of
|
||||||
|
once a day. This is because this was causing issues with larger
|
||||||
|
deployments, as the operation would take too long and sometimes even fail
|
||||||
|
because of the transaction being so large. Note that this only affects
|
||||||
|
people using the UUID token provider.
|
|
@ -88,7 +88,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe cron do
|
describe cron do
|
||||||
it { is_expected.to have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
||||||
|
|
|
@ -86,7 +86,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
|
||||||
end
|
end
|
||||||
|
|
||||||
describe cron do
|
describe cron do
|
||||||
it { is_expected.to have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
||||||
|
|
|
@ -82,7 +82,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe cron do
|
describe cron do
|
||||||
it { is_expected.to have_entry('1 0 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
|
||||||
|
|
|
@ -9,7 +9,7 @@ describe 'keystone::cron::token_flush' do
|
||||||
let :params do
|
let :params do
|
||||||
{ :ensure => 'present',
|
{ :ensure => 'present',
|
||||||
:minute => 1,
|
:minute => 1,
|
||||||
:hour => 0,
|
:hour => '*',
|
||||||
:monthday => '*',
|
:monthday => '*',
|
||||||
:month => '*',
|
:month => '*',
|
||||||
:weekday => '*',
|
:weekday => '*',
|
||||||
|
@ -71,7 +71,7 @@ describe 'keystone::cron::token_flush' do
|
||||||
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
:user => 'keystonecustom',
|
:user => 'keystonecustom',
|
||||||
:minute => 1,
|
:minute => 1,
|
||||||
:hour => 0,
|
:hour => '*',
|
||||||
:monthday => '*',
|
:monthday => '*',
|
||||||
:month => '*',
|
:month => '*',
|
||||||
:weekday => '*',
|
:weekday => '*',
|
||||||
|
|
Loading…
Reference in New Issue