From e2eb1ff97daf302d143f20144a77ee3a50f90a0b Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Wed, 21 Feb 2018 11:43:35 -0500 Subject: [PATCH] Fix occasional Tempest failures with invalid tokens The current fernet rotation happens every 5 minutes with a token expiry of 40 minutes. This means that after 15 minutes, all tokens are expired. This causes Nova to fail for some operations because it's tokens are now expired. This adjusts the maximum active keys to 5 and rotation every 10 minutes which will mean that we'll rotate at least once during the tempest runs which lasts around 15 minutes while keeping all tokens valid for the entire 40 minutes. Change-Id: I0e3056aa00a260a93872508dd0158c15060cda19 --- manifests/keystone.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/keystone.pp b/manifests/keystone.pp index df7f736d6..e7f8ebff3 100644 --- a/manifests/keystone.pp +++ b/manifests/keystone.pp @@ -50,7 +50,7 @@ class openstack_integration::keystone ( class { '::keystone::cron::token_flush': } class { '::keystone::cron::fernet_rotate': hour => '*', - minute => '*/5', + minute => '*/10', } class { '::keystone::db::mysql': password => 'keystone', @@ -69,7 +69,7 @@ class openstack_integration::keystone ( admin_bind_host => $::openstack_integration::config::host, manage_policyrcd => true, enable_credential_setup => $enable_credential_setup, - fernet_max_active_keys => '4', + fernet_max_active_keys => '5', token_expiration => $token_expiration, default_transport_url => os_transport_url({ 'transport' => $::openstack_integration::config::messaging_default_proto,