Do not lockout service users on auth failures
whith security compliance in keystone enabled and predictable service
user names it is very easy to DoS the cloud when locking out of service
users on auth failure is not disabled.
Change-Id: I6974b670fc2b7a2b384f8bc8a2c939929ef59064
Related-Issue: PROD-28027
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index f7572f3..aefcf5e 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -35,7 +35,7 @@
openstack_service_user_options:
ignore_change_password_upon_first_use: True
ignore_password_expiry: True
- ignore_lockout_failure_attempts: False
+ ignore_lockout_failure_attempts: True
lock_password: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}