Merge "Fixed exception handling" into release/2019.2.0
diff --git a/README.rst b/README.rst
index 6ce524f..b0b4caa 100644
--- a/README.rst
+++ b/README.rst
@@ -884,16 +884,16 @@
 keystone:
   server:
     security_compliance:
-      disable_user_account_days_inactive: 90
-      lockout_failure_attempts: 5
+      disable_user_account_days_inactive: 365
+      lockout_failure_attempts: 60
       lockout_duration: 600
-      password_expires_days: 90
-      unique_last_password_count: 10
+      password_expires_days: 730
+      unique_last_password_count: 5
       minimum_password_age: 0
-      password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
-      password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
-      change_password_upon_first_use: true
-
+      password_regex: '^[a-zA-Z0-9~!@#%^&\*_=+]{32,}$$'
+      password_regex_description: |
+        'Your password could contains capital letters, lowercase letters, digits, symbols "~ ! @ # % ^ & * _ = +" and have a minimum length of 32 characters'
+      change_password_upon_first_use: False
 
 Define extra user options.
 -------------------------
diff --git a/keystone/server.sls b/keystone/server.sls
index 2c9e6b1..886b5e8 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -425,7 +425,7 @@
   - runas: 'keystone'
   - unless:
       . /var/lib/keystone/keystonercv3; openstack endpoint list --service identity --interface internal -f value -c URL  |grep {{ server.bind.get('port', 5000) }}
-    {%- if grains.get('noservices', False) %}
+    {%- if server.get('role', 'secondary') != 'primary' or grains.get('noservices', False) %}
   - onlyif: /bin/false
     {%- endif %}
   - require:
diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index 24b17f4..11e0e7d 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls
@@ -30,14 +30,15 @@
     notification_format: cadf
     security_compliance:
       disable_user_account_days_inactive: 90
-      lockout_failure_attempts: 5
+      lockout_failure_attempts: 60
       lockout_duration: 600
-      password_expires_days: 90
-      unique_last_password_count: 10
+      password_expires_days: 730
+      unique_last_password_count: 5
       minimum_password_age: 0
-      password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
-      password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
-      change_password_upon_first_use: True
+      password_regex: '^[a-zA-Z0-9]{32,}$$'
+      password_regex_description: |
+        Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
+      change_password_upon_first_use: False
     logging:
       log_appender: false
       log_handlers:
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 3570ed1..7227af7 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -31,14 +31,15 @@
     notification_format: cadf
     security_compliance:
       disable_user_account_days_inactive: 90
-      lockout_failure_attempts: 5
+      lockout_failure_attempts: 60
       lockout_duration: 600
-      password_expires_days: 90
-      unique_last_password_count: 10
+      password_expires_days: 730
+      unique_last_password_count: 5
       minimum_password_age: 0
-      password_regex: '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$$'
-      password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
-      change_password_upon_first_use: True
+      password_regex: '^[a-zA-Z0-9]{32,}$$'
+      password_regex_description: |
+        Your password could contains capital letters, lowercase letters, digits and have a minimum length of 32 characters
+      change_password_upon_first_use: False
     logging:
       log_appender: false
       log_handlers: