Permalink
Fetching contributors…
Cannot retrieve contributors at this time
23 lines (22 sloc) 842 Bytes
---
- hosts: undercloud
vars:
metadata:
name: Verify token_flush is enabled in keystone users crontab
description: >
Without a token_flush crontab enabled for the keystone user, the
keystone database can grow very large. This validation checks that
the keystone token_flush crontab has been set up.
groups:
- pre-introspection
cron_check: "keystone-manage token_flush"
tasks:
- name: Get keystone crontab
become: true
shell: 'crontab -l -u keystone | grep -v "^#"'
register: cron_result
changed_when: False
-
name: Check keystone crontab
fail: msg="keystone token_flush does not appear to be enabled via cron. You should add '<desired interval > {{ cron_check }}' to the keystone users crontab."
failed_when: "cron_check not in cron_result.stdout"