Keystone token flushing

Set up a cron job to flush keystone tokens periodically. The job runs
once a day near midnight per puppet-keystone defaults, and we pass
maxdelay 3600 which means each controller will wait a random delay of up
to 1 hour before running the task.

Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 3cc6497..38505ff 100644 (file)
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -40,6 +40,9 @@ swift::proxy::authtoken::admin_tenant_name: 'service'
 ceilometer::api::keystone_tenant: 'service'
 heat::keystone_tenant: 'service'
 
+# keystone
+keystone::cron::token_flush::maxdelay: 3600
+
 #swift
 swift::proxy::pipeline:
   - 'catch_errors'

diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index c9ff86c..5452430 100644 (file)
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -451,3 +451,7 @@ if hiera('step') >= 3 {
   hiera_include('controller_classes')
 
 } #END STEP 3
+
+if hiera('step') >= 4 {
+  include ::keystone::cron::token_flush
+} #END STEP 4

diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 480ac55..8e2075f 100644 (file)
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -866,6 +866,8 @@ if hiera('step') >= 3 {
 } #END STEP 3
 
 if hiera('step') >= 4 {
+  include ::keystone::cron::token_flush
+
   if $pacemaker_master {
 
     # Keystone