From 31b05b17bfd028d16990231079c4bfde777cde40 Mon Sep 17 00:00:00 2001 From: Martin Mágr Date: Wed, 5 Aug 2015 16:28:04 +0200 Subject: Switch for Keystone DB cron job - Adds parameter to enable switching off token flush cron job. - Sets destination for deleted rows to /dev/null Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03 Partial-bug: rhbz#1249106 Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e --- puppet/controller.yaml | 7 +++++++ puppet/hieradata/controller.yaml | 1 + puppet/manifests/overcloud_controller.pp | 5 ++++- puppet/manifests/overcloud_controller_pacemaker.pp | 5 ++++- 4 files changed, 16 insertions(+), 2 deletions(-) (limited to 'puppet') diff --git a/puppet/controller.yaml b/puppet/controller.yaml index c18dc92c..df51f43d 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -276,6 +276,11 @@ parameters: default: '' description: Keystone self-signed certificate authority certificate. type: string + KeystoneEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Keystone database. + type: boolean KeystoneSigningCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -943,6 +948,7 @@ resources: keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone_notification_driver: {get_param: KeystoneNotificationDriver} keystone_notification_format: {get_param: KeystoneNotificationFormat} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone_dsn: list_join: - '' @@ -1329,6 +1335,7 @@ resources: keystone::endpoint::region: {get_input: keystone_region} keystone::admin_workers: {get_input: keystone_workers} keystone::public_workers: {get_input: keystone_workers} + keystone_enable_db_purge: {get_input: keystone_enable_db_purge} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 1e7f9a6a..229f9a65 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -43,6 +43,7 @@ heat::keystone_tenant: 'service' keystone::cron::token_flush::maxdelay: 3600 keystone::roles::admin::service_tenant: 'service' keystone::roles::admin::admin_tenant: 'admin' +keystone::cron::token_flush::destination: '/dev/null' #swift swift::proxy::pipeline: diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 96fdb4f6..2ea9c60d 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -592,10 +592,13 @@ if hiera('step') >= 3 { } #END STEP 3 if hiera('step') >= 4 { + $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - include ::keystone::cron::token_flush + if $keystone_enable_db_purge { + include ::keystone::cron::token_flush + } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 73fc6faa..691736b7 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -1012,10 +1012,13 @@ if hiera('step') >= 3 { } #END STEP 3 if hiera('step') >= 4 { + $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) - include ::keystone::cron::token_flush + if $keystone_enable_db_purge { + include ::keystone::cron::token_flush + } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } -- cgit 1.2.3-korg