History

Lance Bragstad 3fd14c9960 Don't validate token_flush for non-persistent token formats THT incorporated a change so that the keystone_cron container deploys only if a persistent token format is used (e.g, `uuid`, `pki`): https://review.opendev.org/#/c/682265/ This is because `fernet` and `jws` tokens are completely non-persistent by way of authenticated encryption and the keystone_cron container only runs a cron job to execute `keystone-manage token_flush`, which prunes expired tokens from keystone's token table. This cron job is useful for deployments relying on `uuid`, `pki`, or some other out-of-tree provider that requires tokens to be recorded for keystone's token validation process. This commit updates the validation to check for the token format and only performs the validation if the token format isn't `fernet` or `jws`. Change-Id: Ib4d0a505021568975b79400d67fd709dd74e9acf (cherry picked from commit `7547548a6b`)		2020-03-16 19:22:15 +00:00
..
defaults	Replace all references to the old role name	2020-02-10 14:51:12 +01:00
molecule	Don't validate token_flush for non-persistent token formats	2020-03-16 19:22:15 +00:00
tasks	Don't validate token_flush for non-persistent token formats	2020-03-16 19:22:15 +00:00
vars	Replace all references to the old role name	2020-02-10 14:51:12 +01:00
README.md	Replace all references to the old role name	2020-02-10 14:51:12 +01:00

Undercloud-tokenflush

An Ansible role to check if keystone-manage token_flush is enabled for the keystone user.

Requirements

This role requires an installed and working Undercloud.

cron_check: <'keystone-manage token_flush'> -- the string to check in the crontab

No dependencies.

- hosts: undercloud
  roles:
     - { role: undercloud-tokenflush }

Apache

Red Hat TripleO Validations Team