Run token flush cron job hourly by default

Running this job once a day has proven problematic for large
deployments as seen in the bug report. Setting it to run hourly
would be an improvement to the current situation, as the flushes
wouldn't need to process as much data.

Note that this only affects people using UUID as the token provider.

Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a
Related-Bug: #1649616

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 7cf638b..8a0e750 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -127,7 +127,7 @@ parameters:
     type: comma_delimited_list
     description: >
         Cron to purge expired tokens - Hour
-    default: '0'
+    default: '*'
   KeystoneCronTokenFlushMonthday:
     type: comma_delimited_list
     description: >

diff --git a/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
new file mode 100644 (file)
index 0000000..70051f6
--- /dev/null
+++ b/releasenotes/notes/token-flush-twice-a-day-d4b00a2953a6b383.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - The token flush cron job has been modified to run hourly instead of once
+    a day. This is because this was causing issues with larger deployments, as
+    the operation would take too long and sometimes even fail because of the
+    transaction being so large. Note that this only affects people using the
+    UUID token provider.