Switch for Keystone DB cron job

- Adds parameter to enable switching off token flush cron job.
- Sets destination for deleted rows to /dev/null

Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03
Partial-bug: rhbz#1249106
Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e

diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index c18dc92..df51f43 100644 (file)
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -276,6 +276,11 @@ parameters:
     default: ''
     description: Keystone self-signed certificate authority certificate.
     type: string
+  KeystoneEnableDBPurge:
+    default: true
+    description: |
+        Whether to create cron job for purging soft deleted rows in Keystone database.
+    type: boolean
   KeystoneSigningCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -943,6 +948,7 @@ resources:
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
         keystone_notification_driver: {get_param: KeystoneNotificationDriver}
         keystone_notification_format: {get_param: KeystoneNotificationFormat}
+        keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
         keystone_dsn:
           list_join:
             - ''
@@ -1329,6 +1335,7 @@ resources:
                 keystone::endpoint::region: {get_input: keystone_region}
                 keystone::admin_workers: {get_input: keystone_workers}
                 keystone::public_workers: {get_input: keystone_workers}
+                keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
 
                 # MongoDB
                 mongodb::server::bind_ip: {get_input: mongo_db_network}

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 1e7f9a6..229f9a6 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -43,6 +43,7 @@ heat::keystone_tenant: 'service'
 keystone::cron::token_flush::maxdelay: 3600
 keystone::roles::admin::service_tenant: 'service'
 keystone::roles::admin::admin_tenant: 'admin'
+keystone::cron::token_flush::destination: '/dev/null'
 
 #swift
 swift::proxy::pipeline:

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 96fdb4f..2ea9c60 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -592,10 +592,13 @@ if hiera('step') >= 3 {
 } #END STEP 3
 
 if hiera('step') >= 4 {
+  $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
   $nova_enable_db_purge = hiera('nova_enable_db_purge', true)
   $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
 
-  include ::keystone::cron::token_flush
+  if $keystone_enable_db_purge {
+    include ::keystone::cron::token_flush
+  }
   if $nova_enable_db_purge {
     include ::nova::cron::archive_deleted_rows
   }

diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 73fc6fa..691736b 100644 (file)
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -1012,10 +1012,13 @@ if hiera('step') >= 3 {
 } #END STEP 3
 
 if hiera('step') >= 4 {
+  $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
   $nova_enable_db_purge = hiera('nova_enable_db_purge', true)
   $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
 
-  include ::keystone::cron::token_flush
+  if $keystone_enable_db_purge {
+    include ::keystone::cron::token_flush
+  }
   if $nova_enable_db_purge {
     include ::nova::cron::archive_deleted_rows
   }