undercloud_tokenflush

Role Documentation

Welcome to the “undercloud_tokenflush” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “undercloud_tokenflush” role.

cron_check: keystone-manage token_flush

Role Variables: main.yaml

metadata:
  description: 'Without a token_flush crontab enabled for the keystone user, the keystone
    database can grow very large.  This validation checks that the keystone token_flush
    crontab has been set up.

    '
  groups:
  - pre-introspection
  name: Verify token_flush is enabled in keystone users crontab

Molecule Scenarios

Molecule is being used to test the “undercloud_tokenflush” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Example default configuration
driver:
  name: docker
log: true
platforms:
- command: python -m SimpleHTTPServer 8787
  easy_install:
  - pip
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos7
  image: centos:7
  name: centos7
  override_command: true
  pkg_extras: python-setuptools python-enum34 python-netaddr epel-release ruby PyYAML
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- command: python3 -m http.server 8787
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos8
  image: centos:8
  name: centos8
  override_command: true
  pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby epel-release
    python*-PyYAML
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
provisioner:
  env:
    ANSIBLE_LIBRARY: ../../../../library
    ANSIBLE_STDOUT_CALLBACK: yaml
  log: true
  name: ansible
scenario:
  test_sequence:
  - destroy
  - create
  - prepare
  - converge
  - verify
  - destroy
verifier:
  name: testinfra
Example default playbook
- gather_facts: false
  hosts: all
  name: Converge
  tasks:
  - include_role:
      name: undercloud_tokenflush
    name: working detection
  - block:
    - copy:
        content: '[DEFAULT]

          container_cli = docker

          '
        dest: /undercloud.conf
      name: Override container_cli
    - include_role:
        name: undercloud_tokenflush
      name: run validation
    name: Validate failure
    rescue:
    - meta: clear_host_errors
      name: Clear host errors
    - debug:
        msg: The validation works! Ending play.
      name: Test output
    - meta: end_play
      name: End play
  - fail:
      msg: 'The undercloud_tokenflush validation failed to detect

        missing cron job.

        '
    name: Fail the validation at this point

Scenario: non-persistent-token-format

Example non-persistent-token-format configuration
driver:
  name: docker
log: true
platforms:
- command: python -m SimpleHTTPServer 8787
  easy_install:
  - pip
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos7
  image: centos:7
  name: centos7
  override_command: true
  pkg_extras: python-setuptools python-enum34 python-netaddr epel-release ruby PyYAML
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- command: python3 -m http.server 8787
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos8
  image: centos:8
  name: centos8
  override_command: true
  pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby epel-release
    python*-PyYAML
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
provisioner:
  env:
    ANSIBLE_LIBRARY: ../../../../library
    ANSIBLE_STDOUT_CALLBACK: yaml
  log: true
  name: ansible
scenario:
  test_sequence:
  - destroy
  - create
  - prepare
  - converge
  - verify
  - destroy
verifier:
  name: testinfra
Example non-persistent-token-format playbook
- hosts: all
  name: Converge
  tasks:
  - block:
    - copy:
        content: '"keystone::token_provider": "fernet"

          '
        dest: /etc/puppet/service_configs.yaml
      name: Set token format to fernet
    - include_role:
        name: undercloud_tokenflush
      name: Ensure validation gracefully passes
    name: Skip validation when using fernet tokens
  - block:
    - copy:
        content: '"keystone::token_provider": "jws"

          '
        dest: /etc/puppet/service_configs.yaml
      name: Set token format to jws
    - include_role:
        name: undercloud_tokenflush
      name: Ensure validation gracefully passes
    name: Skip validation when using jws tokens