yahoo-eng-team team mailing list archive

[Matt Fischer <matt@xxxxxxxxxxxxxxx>]

Public bug reported:

During a night maintenance and reboot of a control (non-keystone node)
that had been up for around 300 days, we found that we have over 144k
keystone-signing- folders in /tmp. This caused the maintenance window to
be missed because it took so long to clean /tmp on reboot. It is my
understanding that these folders are for PKI. We don't use PKI and would
like to the option to disable the creation of these folders.

[PROD] root@control-002:/tmp# ls -al | grep keystone-sign | wc -l
144200

more info, the folders are owned by non-keystone services, mainly glance
for us:

drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZocUc
drwx------  2 glance        glance              4096 Jul 20 07:55 keystone-signing-ZZOibD
drwx------  2 designate     designate           4096 May 26  2015 keystone-signing-ZZoKgT
drwx------  2 glance        glance              4096 Jul 14  2015 keystone-signing-zzOmtb
drwx------  2 glance        glance              4096 Jul 12  2015 keystone-signing-zzOubp
drwx------  2 glance        glance              4096 Jul 15 17:22 keystone-signing-zzpD6x
drwx------  2 designate     designate           4096 Jun  9  2015 keystone-signing-ZzPeNQ
drwx------  2 glance        glance              4096 Jul  2  2015 keystone-signing-ZZPJ4H
drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZPnd0
drwx------  2 designate     designate           4096 May 20  2015 keystone-signing-ZZQK3i
drwx------  2 glance        glance              4096 Jun 30  2015 keystone-signing-ZZQmEI

** Affects: keystone
     Importance: Undecided
         Status: New

** Description changed:

  During a night maintenance and reboot of a control (non-keystone node)
  we found that we have over 144k keystone-signing- folders in /tmp. This
  caused the maintenance window to be missed because it took so long to
  clean /tmp on reboot. It is my understanding that these folders are for
  PKI. We don't use PKI and would like to the option to disable the
  creation of these folders.
+ 
+ [PROD] root@control-002:/tmp# ls -al | grep keystone-sign | wc -l
+ 144200

** Description changed:

  During a night maintenance and reboot of a control (non-keystone node)
  we found that we have over 144k keystone-signing- folders in /tmp. This
  caused the maintenance window to be missed because it took so long to
  clean /tmp on reboot. It is my understanding that these folders are for
  PKI. We don't use PKI and would like to the option to disable the
  creation of these folders.
  
  [PROD] root@control-002:/tmp# ls -al | grep keystone-sign | wc -l
  144200
+ 
+ more info, the folders are owned by non-keystone services, mainly glance
+ for us:
+ 
+ drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZocUc
+ drwx------  2 glance        glance              4096 Jul 20 07:55 keystone-signing-ZZOibD
+ drwx------  2 designate     designate           4096 May 26  2015 keystone-signing-ZZoKgT
+ drwx------  2 glance        glance              4096 Jul 14  2015 keystone-signing-zzOmtb
+ drwx------  2 glance        glance              4096 Jul 12  2015 keystone-signing-zzOubp
+ drwx------  2 glance        glance              4096 Jul 15 17:22 keystone-signing-zzpD6x
+ drwx------  2 designate     designate           4096 Jun  9  2015 keystone-signing-ZzPeNQ
+ drwx------  2 glance        glance              4096 Jul  2  2015 keystone-signing-ZZPJ4H
+ drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZPnd0
+ drwx------  2 designate     designate           4096 May 20  2015 keystone-signing-ZZQK3i
+ drwx------  2 glance        glance              4096 Jun 30  2015 keystone-signing-ZZQmEI

** Description changed:

  During a night maintenance and reboot of a control (non-keystone node)
- we found that we have over 144k keystone-signing- folders in /tmp. This
- caused the maintenance window to be missed because it took so long to
- clean /tmp on reboot. It is my understanding that these folders are for
- PKI. We don't use PKI and would like to the option to disable the
- creation of these folders.
+ that had been up for around 300 days, we found that we have over 144k
+ keystone-signing- folders in /tmp. This caused the maintenance window to
+ be missed because it took so long to clean /tmp on reboot. It is my
+ understanding that these folders are for PKI. We don't use PKI and would
+ like to the option to disable the creation of these folders.
  
  [PROD] root@control-002:/tmp# ls -al | grep keystone-sign | wc -l
  144200
  
  more info, the folders are owned by non-keystone services, mainly glance
  for us:
  
  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZocUc
  drwx------  2 glance        glance              4096 Jul 20 07:55 keystone-signing-ZZOibD
  drwx------  2 designate     designate           4096 May 26  2015 keystone-signing-ZZoKgT
  drwx------  2 glance        glance              4096 Jul 14  2015 keystone-signing-zzOmtb
  drwx------  2 glance        glance              4096 Jul 12  2015 keystone-signing-zzOubp
  drwx------  2 glance        glance              4096 Jul 15 17:22 keystone-signing-zzpD6x
  drwx------  2 designate     designate           4096 Jun  9  2015 keystone-signing-ZzPeNQ
  drwx------  2 glance        glance              4096 Jul  2  2015 keystone-signing-ZZPJ4H
  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZPnd0
  drwx------  2 designate     designate           4096 May 20  2015 keystone-signing-ZZQK3i
  drwx------  2 glance        glance              4096 Jun 30  2015 keystone-signing-ZZQmEI

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1533724

Title:
  keystone-signing folders fill /tmp and seriously slow down reboots

Status in OpenStack Identity (keystone):
  New

Bug description:
  During a night maintenance and reboot of a control (non-keystone node)
  that had been up for around 300 days, we found that we have over 144k
  keystone-signing- folders in /tmp. This caused the maintenance window
  to be missed because it took so long to clean /tmp on reboot. It is my
  understanding that these folders are for PKI. We don't use PKI and
  would like to the option to disable the creation of these folders.

  [PROD] root@control-002:/tmp# ls -al | grep keystone-sign | wc -l
  144200

  more info, the folders are owned by non-keystone services, mainly
  glance for us:

  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZocUc
  drwx------  2 glance        glance              4096 Jul 20 07:55 keystone-signing-ZZOibD
  drwx------  2 designate     designate           4096 May 26  2015 keystone-signing-ZZoKgT
  drwx------  2 glance        glance              4096 Jul 14  2015 keystone-signing-zzOmtb
  drwx------  2 glance        glance              4096 Jul 12  2015 keystone-signing-zzOubp
  drwx------  2 glance        glance              4096 Jul 15 17:22 keystone-signing-zzpD6x
  drwx------  2 designate     designate           4096 Jun  9  2015 keystone-signing-ZzPeNQ
  drwx------  2 glance        glance              4096 Jul  2  2015 keystone-signing-ZZPJ4H
  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZPnd0
  drwx------  2 designate     designate           4096 May 20  2015 keystone-signing-ZZQK3i
  drwx------  2 glance        glance              4096 Jun 30  2015 keystone-signing-ZZQmEI

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1533724/+subscriptions