From f694b5551f896042df6aeb751c65986ef3342f54 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Tue, 18 Apr 2017 13:13:27 +0300
Subject: [PATCH] Change keystone token flush to run hourly

In a recent commit [1] the keystone token flush cron job was changed to
run twice a day. However, this change was not enough for big
deployments.

After getting some customer feedback and looking at what other projects
are doing [2] [3] [4]. It seems that running this job hourly is the way
to go.

[1] Ia0b0fb422318712f4b0f4d023cbb3a61d40bb85d
[2] https://www.ibm.com/support/knowledgecenter/en/SSB27U_6.4.0/com.ibm.zvm.v640.hcpo4/exptoken.htm
[3] https://review.openstack.org/#/c/88670/8
[4] https://github.com/openstack/charm-keystone/blob/master/templates/keystone-token-flush

Change-Id: I6ec7ec8111bd93e5638cfe96189e36f0e0691d65
Related-Bug: #1649616
---
 manifests/cron/token_flush.pp                              | 4 ++--
 .../notes/Token-flush-twice-a-day-7e7d21f83caad9a4.yaml    | 7 -------
 .../notes/hourly-token-flush-175800b7f614f26e.yaml         | 7 +++++++
 .../keystone_federation_identity_provider_spec.rb          | 2 +-
 spec/acceptance/keystone_federation_shibboleth_spec.rb     | 2 +-
 spec/acceptance/keystone_wsgi_apache_spec.rb               | 2 +-
 spec/classes/keystone_cron_token_flush_spec.rb             | 4 ++--
 7 files changed, 14 insertions(+), 14 deletions(-)
 delete mode 100644 releasenotes/notes/Token-flush-twice-a-day-7e7d21f83caad9a4.yaml
 create mode 100644 releasenotes/notes/hourly-token-flush-175800b7f614f26e.yaml

diff --git a/manifests/cron/token_flush.pp b/manifests/cron/token_flush.pp
index 13f02e84a..942a7ce2c 100644
--- a/manifests/cron/token_flush.pp
+++ b/manifests/cron/token_flush.pp
@@ -29,7 +29,7 @@
 #    (optional) Defaults to '1'.
 #
 #  [*hour*]
-#    (optional) Defaults to [0,12].
+#    (optional) Defaults to *.
 #
 #  [*monthday*]
 #    (optional) Defaults to '*'.
@@ -56,7 +56,7 @@
 class keystone::cron::token_flush (
   $ensure      = present,
   $minute      = 1,
-  $hour        = [0,12],
+  $hour        = '*',
   $monthday    = '*',
   $month       = '*',
   $weekday     = '*',
diff --git a/releasenotes/notes/Token-flush-twice-a-day-7e7d21f83caad9a4.yaml b/releasenotes/notes/Token-flush-twice-a-day-7e7d21f83caad9a4.yaml
deleted file mode 100644
index 72e270ea3..000000000
--- a/releasenotes/notes/Token-flush-twice-a-day-7e7d21f83caad9a4.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-fixes:
-  - The token flush cron job has been modified to run twice a day instead of
-    once. This is because this was causing issues with larger deployments, as
-    the operation would take too long and sometimes even fail because of the
-    transaction being so large. Note that this only affects people using the
-    UUID token provider.
diff --git a/releasenotes/notes/hourly-token-flush-175800b7f614f26e.yaml b/releasenotes/notes/hourly-token-flush-175800b7f614f26e.yaml
new file mode 100644
index 000000000..1afa7a77c
--- /dev/null
+++ b/releasenotes/notes/hourly-token-flush-175800b7f614f26e.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - The token flush cron job has been modified to run every hour instead of
+    once a day. This is because this was causing issues with larger
+    deployments, as the operation would take too long and sometimes even fail
+    because of the transaction being so large. Note that this only affects
+    people using the UUID token provider.
diff --git a/spec/acceptance/keystone_federation_identity_provider_spec.rb b/spec/acceptance/keystone_federation_identity_provider_spec.rb
index 77d9268a4..3b182b5f8 100644
--- a/spec/acceptance/keystone_federation_identity_provider_spec.rb
+++ b/spec/acceptance/keystone_federation_identity_provider_spec.rb
@@ -88,7 +88,7 @@ describe 'keystone server running with Apache/WSGI as Identity Provider' do
     end
 
     describe cron do
-      it { is_expected.to have_entry('1 0,12 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
+      it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
     end
 
     shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
diff --git a/spec/acceptance/keystone_federation_shibboleth_spec.rb b/spec/acceptance/keystone_federation_shibboleth_spec.rb
index 977e6da4d..7898d80e2 100644
--- a/spec/acceptance/keystone_federation_shibboleth_spec.rb
+++ b/spec/acceptance/keystone_federation_shibboleth_spec.rb
@@ -86,7 +86,7 @@ describe 'keystone server running with Apache/WSGI as Service Provider with Shib
     end
 
     describe cron do
-      it { is_expected.to have_entry('1 0,12 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
+      it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
     end
 
     shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
diff --git a/spec/acceptance/keystone_wsgi_apache_spec.rb b/spec/acceptance/keystone_wsgi_apache_spec.rb
index e88174dca..0d9ca04fd 100644
--- a/spec/acceptance/keystone_wsgi_apache_spec.rb
+++ b/spec/acceptance/keystone_wsgi_apache_spec.rb
@@ -82,7 +82,7 @@ describe 'keystone server running with Apache/WSGI with resources' do
     end
 
     describe cron do
-      it { is_expected.to have_entry('1 0,12 * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
+      it { is_expected.to have_entry('1 * * * * keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1').with_user('keystone') }
     end
 
     shared_examples_for 'keystone user/tenant/service/role/endpoint resources using v2 API' do |auth_creds|
diff --git a/spec/classes/keystone_cron_token_flush_spec.rb b/spec/classes/keystone_cron_token_flush_spec.rb
index dd1b0820f..c643a680d 100644
--- a/spec/classes/keystone_cron_token_flush_spec.rb
+++ b/spec/classes/keystone_cron_token_flush_spec.rb
@@ -9,7 +9,7 @@ describe 'keystone::cron::token_flush' do
   let :params do
     { :ensure      => 'present',
       :minute      => 1,
-      :hour        => [0,12],
+      :hour        => '*',
       :monthday    => '*',
       :month       => '*',
       :weekday     => '*',
@@ -71,7 +71,7 @@ describe 'keystone::cron::token_flush' do
         :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
         :user        => 'keystonecustom',
         :minute      => 1,
-        :hour        => [0,12],
+        :hour        => '*',
         :monthday    => '*',
         :month       => '*',
         :weekday     => '*',