summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorMartin Mágr <mmagr@redhat.com>2015-08-05 16:28:04 +0200
committerMartin Mágr <mmagr@redhat.com>2016-01-08 13:52:32 +0100
commit31b05b17bfd028d16990231079c4bfde777cde40 (patch)
tree48c266eb7bebcbe4fa9719079c758be1990fd6da /puppet
parent891e5efd25578b2b4bfff56aa04ac8fbebd55239 (diff)
Switch for Keystone DB cron job
- Adds parameter to enable switching off token flush cron job. - Sets destination for deleted rows to /dev/null Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03 Partial-bug: rhbz#1249106 Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
Diffstat (limited to 'puppet')
-rw-r--r--puppet/controller.yaml7
-rw-r--r--puppet/hieradata/controller.yaml1
-rw-r--r--puppet/manifests/overcloud_controller.pp5
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp5
4 files changed, 16 insertions, 2 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index c18dc92c..df51f43d 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -276,6 +276,11 @@ parameters:
default: ''
description: Keystone self-signed certificate authority certificate.
type: string
+ KeystoneEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Keystone database.
+ type: boolean
KeystoneSigningCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -943,6 +948,7 @@ resources:
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone_notification_driver: {get_param: KeystoneNotificationDriver}
keystone_notification_format: {get_param: KeystoneNotificationFormat}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
keystone_dsn:
list_join:
- ''
@@ -1329,6 +1335,7 @@ resources:
keystone::endpoint::region: {get_input: keystone_region}
keystone::admin_workers: {get_input: keystone_workers}
keystone::public_workers: {get_input: keystone_workers}
+ keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 1e7f9a6a..229f9a65 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -43,6 +43,7 @@ heat::keystone_tenant: 'service'
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
+keystone::cron::token_flush::destination: '/dev/null'
#swift
swift::proxy::pipeline:
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 96fdb4f6..2ea9c60d 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -592,10 +592,13 @@ if hiera('step') >= 3 {
} #END STEP 3
if hiera('step') >= 4 {
+ $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- include ::keystone::cron::token_flush
+ if $keystone_enable_db_purge {
+ include ::keystone::cron::token_flush
+ }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 73fc6faa..691736b7 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -1012,10 +1012,13 @@ if hiera('step') >= 3 {
} #END STEP 3
if hiera('step') >= 4 {
+ $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- include ::keystone::cron::token_flush
+ if $keystone_enable_db_purge {
+ include ::keystone::cron::token_flush
+ }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}