yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1452418] Re: Fernet tokens read from disk on every request

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dave Walker <email@xxxxxxxxxx>
Date: Thu, 21 Jan 2016 20:26:57 -0000
Reply-to: Bug 1452418 <1452418@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone/kilo
       Status: Fix Released => Fix Committed

** Changed in: keystone/kilo
    Milestone: 2015.1.2 => 2015.1.3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1452418

Title:
  Fernet tokens read from disk on every request

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) kilo series:
  Fix Committed

Bug description:
  The fernet keys are stored (by default) in /etc/keystone/fernet-keys/
  in individual key files. All keys are read from disk on every request,
  so you end up with log spam like:

    keystone.token.providers.fernet.utils [-] Loaded 2 encryption keys
  from: /etc/keystone/fernet-keys/

  Keystone really only needs to hit the disk periodically to check for a
  different set of keys, not on every request.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1452418/+subscriptions

References

[Bug 1452418] [NEW] Fernet tokens read from disk on every request
From: Dolph Mathews, 2015-05-06