From d657eb30bf504453add354d97717d3c4f1ba65c8 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 21 May 2014 21:56:16 +0200 Subject: [PATCH] identity: flush tokens every days at midnight Install a crontab to flush expired keystone tokens every days at midnight. The reason is that we are using MySQL backend for token storage and when having a big deployment, Database could grow faster than we expect. While we find another backend for Keystone which scale, let's create a crontab which will avoid a lot of issues in production :-) --- .fixtures.yml | 2 +- Puppetfile | 2 +- manifests/identity.pp | 3 +++ spec/classes/cloud_identity_spec.rb | 4 ++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index cc51a217..26ec8fe8 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,7 +5,7 @@ fixtures: ref: '6e052620481055cffced7911a0f31bfd0849c68a' 'keystone': repo: 'git://github.com/enovance/puppet-keystone.git' - ref: '77dbc80de15b5ef02a5e89c8ef040e70df576a1d' + ref: '6aa7a17941056a7de2a7bdeeb99024b5c714f882' 'nova': repo: 'git://github.com/enovance/puppet-nova.git' ref: '0249428f294217c2ad5fb75f8d0a0bafac12fe9c' diff --git a/Puppetfile b/Puppetfile index 108e4bb0..c4cc34b2 100644 --- a/Puppetfile +++ b/Puppetfile @@ -34,7 +34,7 @@ mod 'horizon', :ref => '36383e90d1c4013d7989561b00ffcb08c76908de' mod 'keystone', :git => 'git://github.com/enovance/puppet-keystone.git', - :ref => '77dbc80de15b5ef02a5e89c8ef040e70df576a1d' + :ref => '6aa7a17941056a7de2a7bdeeb99024b5c714f882' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', :ref => '66c436bc2f06c5a71d79c674697394a11ec227f9' diff --git a/manifests/identity.pp b/manifests/identity.pp index a4d37ada..b6ea6ef6 100644 --- a/manifests/identity.pp +++ b/manifests/identity.pp @@ -541,6 +541,9 @@ class cloud::identity ( password => $ks_heat_password } + # Purge expored tokens every days at midnight + class { 'keystone::cron::token_flush': } + # Note(EmilienM): # We check if DB tables are created, if not we populate Keystone DB. # It's a hack to fit with our setup where we run MySQL/Galera diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb index 6f094117..105ea755 100644 --- a/spec/classes/cloud_identity_spec.rb +++ b/spec/classes/cloud_identity_spec.rb @@ -260,6 +260,10 @@ describe 'cloud::identity' do ) end + it 'configure a crontab to purge tokens every days at midnight' do + should contain_class('keystone::cron::token_flush') + end + context 'without syslog' do before :each do params.merge!(:use_syslog => false)