Keystone token flush cron job should log to a file

Keystone UUID tokens require the token_flush job to delete expired
tokens to prevent the disk from filling.  When the job runs, it should
be allowed to log to the disk so that the job can be traced if required.

Change-Id: I62e36e0968902564b97093a45df15e963ad08242
Closes-Bug: #1648174

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index e48d703..a80080c 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -185,7 +185,7 @@ outputs:
             keystone::cron::token_flush::maxdelay: 3600
             keystone::roles::admin::service_tenant: 'service'
             keystone::roles::admin::admin_tenant: 'admin'
-            keystone::cron::token_flush::destination: '/dev/null'
+            keystone::cron::token_flush::destination: '/var/log/keystone/keystone-tokenflush.log'
             keystone::config::keystone_config:
               ec2/driver:
                 value: 'keystone.contrib.ec2.backends.sql.Ec2'