c92454d239
This crontab is useful to run keystone-manage fernet_rotate command in a scheduled way. It doesn't take care of the distribution of keys when deploying Keystone on multinode environment but it's still useful to use it on single-node keystone deployments or when we have an external system to distribute the keys after running this command. Change-Id: I125e81d8cd130fadb8271f1b7bcdcf9794c79f47
82 lines
2.1 KiB
Puppet
82 lines
2.1 KiB
Puppet
# Copyright 2017 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: keystone::cron::fernet_rotate
|
|
#
|
|
# Installs a cron job that rotates fernet keys.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*ensure*]
|
|
# (optional) Defaults to present.
|
|
# Valid values are present, absent.
|
|
#
|
|
# [*minute*]
|
|
# (optional) Defaults to '1'.
|
|
#
|
|
# [*hour*]
|
|
# (optional) Defaults to '0'.
|
|
#
|
|
# [*monthday*]
|
|
# (optional) Defaults to '*'.
|
|
#
|
|
# [*month*]
|
|
# (optional) Defaults to '*'.
|
|
#
|
|
# [*weekday*]
|
|
# (optional) Defaults to '*'.
|
|
#
|
|
# [*maxdelay*]
|
|
# (optional) Seconds. Defaults to 0. Should be a positive integer.
|
|
# Induces a random delay before running the cronjob to avoid running all
|
|
# cron jobs at the same time on all hosts this job is configured.
|
|
#
|
|
# [*user*]
|
|
# (optional) Defaults to 'keystone'.
|
|
# Allow to run the crontab on behalf any user.
|
|
#
|
|
class keystone::cron::fernet_rotate (
|
|
$ensure = present,
|
|
$minute = 1,
|
|
$hour = 0,
|
|
$monthday = '*',
|
|
$month = '*',
|
|
$weekday = '*',
|
|
$maxdelay = 0,
|
|
$user = 'keystone',
|
|
) {
|
|
|
|
include ::keystone::deps
|
|
|
|
if $maxdelay == 0 {
|
|
$sleep = ''
|
|
} else {
|
|
$sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
|
|
}
|
|
|
|
cron { 'keystone-manage fernet_rotate':
|
|
ensure => $ensure,
|
|
command => "${sleep}keystone-manage fernet_rotate",
|
|
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
|
user => $user,
|
|
minute => $minute,
|
|
hour => $hour,
|
|
monthday => $monthday,
|
|
month => $month,
|
|
weekday => $weekday,
|
|
require => Anchor['keystone::service::end'],
|
|
}
|
|
}
|