From 02cacfd53a9cf168d7e1967faef3211333800eb6 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Wed, 4 Apr 2018 13:42:41 -0700
Subject: [PATCH] undercloud: increase token expiration time

We did it in the past (3 years ago!) in instack-undercloud:
https://github.com/openstack/instack-undercloud/commit/43e792c6844d4a7081b718d7f89b0c40f5cfb708
in the context of: https://bugzilla.redhat.com/show_bug.cgi?id=1235908

This time, we have the same problem when the undercloud is
containeirized.
This patch is actually setting parity with keystone config from
instack-undercloud, but also raising an actual issue that will be
addressed this cycle.

In the meantime, let's increase the token expiration so we can move
forward with testing the containerized undercloud.

Change-Id: Iceaaf53fae44b5bcda9f6517f163939ba6be3d49
Related-Bug: #1761050
---
 environments/undercloud.yaml  | 3 +++
 puppet/services/keystone.yaml | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index ca997aaae4..95bd11dc94 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -11,6 +11,9 @@ parameter_defaults:
   # ensure we enable ip_forward before docker gets run
   KernelIpForward: 1
   KeystoneCorsAllowedOrigin: '*'
+  # Increase the Token expiration time until we fix the actual session bug:
+  # https://bugs.launchpad.net/tripleo/+bug/1761050
+  TokenExpiration: 14400
   EnablePackageInstall: true
   StackAction: CREATE
   SoftwareConfigTransport: POLL_SERVER_HEAT
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 0ff3415eec..97bd775630 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -109,6 +109,10 @@ parameters:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
     type: number
+  TokenExpiration:
+    default: 3600
+    description: Set a token expiration time in seconds.
+    type: number
   KeystoneWorkers:
     type: string
     description: Set the number of workers for keystone::wsgi::apache
@@ -349,6 +353,7 @@ outputs:
                 query:
                   read_default_file: /etc/my.cnf.d/tripleo.cnf
                   read_default_group: tripleo
+            keystone::token_expiration: {get_param: TokenExpiration}
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}