From fc3f3e14f5d736a185b9e545e889093bc57d2299 Mon Sep 17 00:00:00 2001
From: Alfredo Moralejo <amoralej@redhat.com>
Date: Fri, 15 Nov 2019 15:44:18 +0100
Subject: [PATCH] Reduce fernet_rotate frequency

Currently it's every 10 minutes. When using expiration time of 40
minutes (scenario001) or longer, this is too frequent and in some cases,
jobs are failing with InvalidToken in scenario001. To avoid this we can
run fernet_rotate less often or increase max_active_keys [1]. In this
case i'm making it to rotate every 30 minutes instead of 10.

[1] https://docs.openstack.org/keystone/latest/admin/fernet-token-faq.html#i-rotated-keys-and-now-tokens-are-invalidating-early-what-did-i-do

Change-Id: Ia19612b668313752b62545ce5cae49396671b939
---
 manifests/keystone.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/keystone.pp b/manifests/keystone.pp
index 9374c529c..cb5397fe2 100644
--- a/manifests/keystone.pp
+++ b/manifests/keystone.pp
@@ -50,7 +50,7 @@ class openstack_integration::keystone (
   class { '::keystone::cron::token_flush': }
   class { '::keystone::cron::fernet_rotate':
     hour   => '*',
-    minute => '*/10',
+    minute => '*/30',
   }
   class { '::keystone::db::mysql':
     password => 'keystone',