Add support for trust_flush cron job

This patch introcues a new class, keystone::cron::trust_flush, so that operators can configure a cron job to flush expired or soft deleted trusts[1] periodically. [1] 8232dabcf9 Change-Id: I1b0b66424d98b9181153e98f4b623ef30e8e1d09
2020-07-06 08:30:33 +09:00 · 2020-07-06 08:30:33 +09:00 · 4cca2330a2
commit 4cca2330a2
parent 87499a232a
3 changed files with 163 additions and 0 deletions
--- a/manifests/cron/trust_flush.pp
+++ b/manifests/cron/trust_flush.pp
@ -0,0 +1,91 @@
+# Copyright (C) 2020 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: keystone::cron::trust_flush
+#
+# Installs a cron job to purge expired trusts.
+#
+# === Parameters
+#
+# [*ensure*]
+#   (Optional) Valid values are present, absent.
+#   Defaults to 'present'
+#
+# [*minute*]
+#   (Optional) Minute.
+#   Defaults to '1'
+#
+# [*hour*]
+#   (Optional) Hour.
+#   Defaults to *
+#
+# [*monthday*]
+#   (Optional) Day of month.
+#   Defaults to '*'
+#
+# [*month*]
+#   (Optional) Month.
+#   Defaults to '*'
+#
+# [*weekday*]
+#   (Optional) Day of week.
+#   Defaults to '*'
+#
+# [*maxdelay*]
+#   (Optional) Max random delay in seconds. Should be a positive integer.
+#   Induces a random delay before running the cronjob to avoid running all
+#   cron jobs at the same time on all hosts this job is configured.
+#   Defaults to 0
+#
+# [*destination*]
+#   (Optional) Path to file to which rows should be archived
+#   Defaults to '/var/log/keystone/keystone-trustflush.log'
+#
+# [*user*]
+#   (Optional) Allow to run the crontab on behalf any user.
+#   Defaults to 'keystone'
+#
+class keystone::cron::trust_flush (
+  $ensure           = present,
+  $minute           = 1,
+  $hour             = '*',
+  $monthday         = '*',
+  $month            = '*',
+  $weekday          = '*',
+  Integer $maxdelay = 0,
+  $destination      = '/var/log/keystone/keystone-trustflush.log',
+  $user             = 'keystone',
+) {
+
+  include keystone::deps
+
+  if $maxdelay == 0 {
+    $sleep = ''
+  } else {
+    $sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
+  }
+
+  cron { 'keystone-manage trust_flush':
+    ensure      => $ensure,
+    command     => "${sleep}keystone-manage trust_flush >>${destination} 2>&1",
+    environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
+    user        => $user,
+    minute      => $minute,
+    hour        => $hour,
+    monthday    => $monthday,
+    month       => $month,
+    weekday     => $weekday,
+    require     => Anchor['keystone::install::end'],
+  }
+}
--- a/releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml
+++ b/releasenotes/notes/cron-trust_flush-9a85af706076f55d.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``keystone::cron::trust_flush`` class was added to configure
+    a cron job to purge expired or soft-deleted trusts.
--- a/spec/classes/keystone_cron_trust_flush_spec.rb
+++ b/spec/classes/keystone_cron_trust_flush_spec.rb
@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe 'keystone::cron::trust_flush' do
+  let :params do
+    {}
+  end
+
+  shared_examples 'keystone::cron::trust_flush' do
+    context 'with default parameters' do
+      it { is_expected.to contain_class('keystone::deps') }
+
+      it { is_expected.to contain_cron('keystone-manage trust_flush').with(
+        :ensure      => 'present',
+        :command     => 'keystone-manage trust_flush >>/var/log/keystone/keystone-trustflush.log 2>&1',
+        :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
+        :user        => 'keystone',
+        :minute      => 1,
+        :hour        => '*',
+        :monthday    => '*',
+        :month       => '*',
+        :weekday     => '*',
+        :require     => 'Anchor[keystone::install::end]',
+      )}
+    end
+
+    context 'with overriden params' do
+      before do
+        params.merge!( :ensure      => 'absent',
+                       :minute      => 13,
+                       :hour        => 23,
+                       :monthday    => 3,
+                       :month       => 4,
+                       :weekday     => 2,
+                       :maxdelay    => 600,
+                       :destination => '/tmp/trustflush.log',
+                       :user        => 'nobody' )
+      end
+
+      it { is_expected.to contain_class('keystone::deps') }
+
+      it { is_expected.to contain_cron('keystone-manage trust_flush').with(
+        :ensure      => params[:ensure],
+        :command     => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; keystone-manage trust_flush >>#{params[:destination]} 2>&1",
+        :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
+        :user        => params[:user],
+        :minute      => params[:minute],
+        :hour        => params[:hour],
+        :monthday    => params[:monthday],
+        :month       => params[:month],
+        :weekday     => params[:weekday],
+        :require     => 'Anchor[keystone::install::end]',
+      )}
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts({}))
+      end
+
+      it_behaves_like 'keystone::cron::trust_flush'
+    end
+  end
+end