yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1032633] Re: Keystone's token table grows unconditionally when using SQL backend.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1032633@xxxxxxxxxxxxxxxxxx>
Date: Mon, 07 Apr 2014 12:54:06 -0000
Reply-to: Bug 1032633 <1032633@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Since it's not already mentioned in this bug, the long term solution
here is to simply not persist tokens at all:

  https://blueprints.launchpad.net/keystone/+spec/ephemeral-pki-tokens

** Also affects: openstack-manuals
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1032633

Title:
  Keystone's token table grows unconditionally when using SQL backend.

Status in OpenStack Identity (Keystone):
  Fix Released
Status in OpenStack Manuals:
  New
Status in “keystone” package in Ubuntu:
  Fix Released

Bug description:
  Keystone's `token` table grows unconditionally with expired tokens
  when using the SQL backend.

  Keystone should provide a backend-agnostic method to find and delete
  these tokens. This could be run via a periodic task or supplied as a
  script to run as a cron job.

  An example SQL statement (if you're using a SQL backend) to workaround
  this problem:

      sql> DELETE FROM token WHERE expired <= NOW();

  It may be ideal to allow a date smear to allow older tokens to persist
  if needed.

  Choosing the `memcache` backend may workaround this issue, but SQL is
  the package default.

  System Information:

  $ dpkg-query --show keystone
  keystone        2012.1+stable~20120608-aff45d6-0ubuntu1

  $ cat /etc/lsb-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=12.04
  DISTRIB_CODENAME=precise
  DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1032633/+subscriptions