summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--puppet/controller.yaml7
-rw-r--r--puppet/hieradata/controller.yaml1
-rw-r--r--puppet/manifests/overcloud_controller.pp5
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp5
4 files changed, 16 insertions, 2 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index c18dc92c..df51f43d 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -276,6 +276,11 @@ parameters:
default: ''
description: Keystone self-signed certificate authority certificate.
type: string
+ KeystoneEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Keystone database.
+ type: boolean
KeystoneSigningCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -943,6 +948,7 @@ resources:
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone_notification_driver: {get_param: KeystoneNotificationDriver}
keystone_notification_format: {get_param: KeystoneNotificationFormat}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
keystone_dsn:
list_join:
- ''
@@ -1329,6 +1335,7 @@ resources:
keystone::endpoint::region: {get_input: keystone_region}
keystone::admin_workers: {get_input: keystone_workers}
keystone::public_workers: {get_input: keystone_workers}
+ keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 1e7f9a6a..229f9a65 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -43,6 +43,7 @@ heat::keystone_tenant: 'service'
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::roles::admin::admin_tenant: 'admin'
+keystone::cron::token_flush::destination: '/dev/null'
#swift
swift::proxy::pipeline:
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 96fdb4f6..2ea9c60d 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -592,10 +592,13 @@ if hiera('step') >= 3 {
} #END STEP 3
if hiera('step') >= 4 {
+ $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- include ::keystone::cron::token_flush
+ if $keystone_enable_db_purge {
+ include ::keystone::cron::token_flush
+ }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 73fc6faa..691736b7 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -1012,10 +1012,13 @@ if hiera('step') >= 3 {
} #END STEP 3
if hiera('step') >= 4 {
+ $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- include ::keystone::cron::token_flush
+ if $keystone_enable_db_purge {
+ include ::keystone::cron::token_flush
+ }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}