Fix occasional Tempest failures with invalid tokens

The current fernet rotation happens every 5 minutes with a token expiry of 40 minutes. This means that after 15 minutes, all tokens are expired. This causes Nova to fail for some operations because it's tokens are now expired. This adjusts the maximum active keys to 5 and rotation every 10 minutes which will mean that we'll rotate at least once during the tempest runs which lasts around 15 minutes while keeping all tokens valid for the entire 40 minutes. Change-Id: I0e3056aa00a260a93872508dd0158c15060cda19 (cherry picked from commit e2eb1ff97d)
2018-02-21 11:43:35 -05:00 · 2018-02-21 11:43:35 -05:00 · 4a6d8cdd38
parent 75599e6ac5
commit 4a6d8cdd38
1 changed files with 2 additions and 2 deletions
--- a/manifests/keystone.pp
+++ b/manifests/keystone.pp
@ -50,7 +50,7 @@ class openstack_integration::keystone (
  class { '::keystone::cron::token_flush': }
  class { '::keystone::cron::fernet_rotate':
    hour   => '*',
-    minute => '*/5',
+    minute => '*/10',
  }
  class { '::keystone::db::mysql':
    password => 'keystone',
@ -69,7 +69,7 @@ class openstack_integration::keystone (
    admin_bind_host            => $::openstack_integration::config::host,
    manage_policyrcd           => true,
    enable_credential_setup    => $enable_credential_setup,
-    fernet_max_active_keys     => '4',
+    fernet_max_active_keys     => '5',
    token_expiration           => $token_expiration,
    default_transport_url      => os_transport_url({
      'transport' => $::openstack_integration::config::messaging_default_proto,