keystone charm should run token_flush from cron
Bug #1467832 reported by
Tom Haddon
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystone (Juju Charms Collection) |
Fix Released
|
High
|
Billy Olsen |
Bug Description
The keystone charm doesn't current run the token_flush job from cron. This means the token table can grow unbounded. We've manually added the following:
* * * * * root /usr/bin/
Changed in keystone (Juju Charms Collection): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → David Ames (thedac) |
milestone: | none → 15.10 |
Changed in keystone (Juju Charms Collection): | |
milestone: | 15.10 → 16.01 |
Changed in keystone (Juju Charms Collection): | |
milestone: | 16.01 → 16.04 |
tags: | added: hitlist |
Changed in keystone (Juju Charms Collection): | |
assignee: | David Ames (thedac) → nobody |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → Billy Olsen (billy-olsen) |
status: | Triaged → In Progress |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Released → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/289068 /git.openstack. org/cgit/ openstack/ charm-keystone/ commit/ ?id=55274a7867f a29d39c34d0e69b e9a06984a4d59f
Committed: https:/
Submitter: Jenkins
Branch: master
commit 55274a7867fa29d 39c34d0e69be9a0 6984a4d59f
Author: Billy Olsen <email address hidden>
Date: Sun Mar 6 12:19:47 2016 -0700
Install cron job to flush keystone tokens.
This change adds a cron job definition to flush the keystone tokens
once every hour. Without this, the keystone database grows unbounded,
which can be problematic in production environments.
This change introduces a new keystone- token-flush templated cron job, token-flush. log
which will run the keystone-manage token_flush command as the keystone
user once per hour. This change honors the use-syslog setting by
sending output of the command either to the keystone-
file or to the syslog using the logger exec.
Only the juju service leader will have the cron job active in order to
prevent multiple units from running the token_flush at the concurrently.
Change-Id: I21be3b23a8fe66 b67fba0654ce498 d62b3afc2ac
Closes-Bug: #1467832