Reduce fernet_rotate frequency

Currently it's every 10 minutes. When using expiration time of 40 minutes (scenario001) or longer, this is too frequent and in some cases, jobs are failing with InvalidToken in scenario001. To avoid this we can run fernet_rotate less often or increase max_active_keys [1]. In this case i'm making it to rotate every 30 minutes instead of 10. [1] https://docs.openstack.org/keystone/latest/admin/fernet-token-faq.html#i-rotated-keys-and-now-tokens-are-invalidating-early-what-did-i-do Change-Id: Ia19612b668313752b62545ce5cae49396671b939
2019-11-15 15:44:18 +01:00 · 2019-11-15 15:44:18 +01:00 · fc3f3e14f5
commit fc3f3e14f5
parent ad4a9f17c0
1 changed files with 1 additions and 1 deletions
--- a/manifests/keystone.pp
+++ b/manifests/keystone.pp
@ -50,7 +50,7 @@ class openstack_integration::keystone (
  class { '::keystone::cron::token_flush': }
  class { '::keystone::cron::fernet_rotate':
    hour   => '*',
-    minute => '*/10',
+    minute => '*/30',
  }
  class { '::keystone::db::mysql':
    password => 'keystone',