kolla

Keystone token table filling up

Bug #1632811 reported by Mathias Ewald on 2016-10-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	kolla	Invalid	High	Mathias Ewald	kolla queens-rc1 "queens"

Bug Description

I noticed my keystone.token table filling up to a point where the entire cloud started responding slowly. I tracked it down the following missing pieces in keystone.conf:

[memcache]
servers = 10.242.7.10:11211,10.242.7.11:11211,10.242.7.12:11211

[token]
driver = memcache
caching = True

After adding this, the token table stayed empty.

Mathias Ewald (mewald) on 2016-10-12

Changed in kolla:
assignee:	nobody → Mathias Ewald (mewald)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-12: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/385586

Changed in kolla:
status:	New → In Progress

Steven Dake (sdake) on 2016-10-12

Changed in kolla:
importance:	Undecided → Critical
milestone:	none → newton-rc2

Steven Dake (sdake) on 2016-10-13

no longer affects:	kolla/mitaka
Changed in kolla:
milestone:	newton-rc2 → newton-rc3

Steven Dake (sdake) on 2016-10-16

Changed in kolla:
milestone:	newton-rc3 → ocata-1

Revision history for this message

Jeffrey Zhang (jeffrey4l) wrote on 2016-10-16:

i prefer not to use memcached as default.

it is not persistent. And for mysql token driver, there is a `keystone-manage token_flush` to remove the overdue token.

Revision history for this message

Jeffrey Zhang (jeffrey4l) wrote on 2016-10-18:

i do not think this is critical. this is how mysql driver works and why keystone-mange token_flush exist.

Revision history for this message

Steven Dake (sdake) wrote on 2016-10-18:

Jeffrey,

I have removed it from Newton 3.0.0 for now. If we need this change in 3.0.1 I think we should reconsider it then.

To me this looks like operator error WRT how the software is designed (which doesn't seem all that good if it makes the cloud crawl under heavy use)

Changed in kolla:
importance:	Critical → High
no longer affects:	kolla/newton

Jeffrey Zhang (jeffrey4l) on 2016-11-18

Changed in kolla:
milestone:	ocata-1 → ocata-2

Jeffrey Zhang (jeffrey4l) on 2016-12-16

Changed in kolla:
milestone:	ocata-2 → ocata-3

Jeffrey Zhang (jeffrey4l) on 2017-01-29

Changed in kolla:
milestone:	ocata-3 → ocata-rc1

Jeffrey Zhang (jeffrey4l) on 2017-02-16

Changed in kolla:
milestone:	ocata-rc1 → pike-1

Revision history for this message

Mohammed Naser (mnaser) wrote on 2017-03-17:

I would like to propose for us to switch to Fernet tokens. This will remove the issues with databases filling up and get Kolla to deploy something that is not deprecated.

https://docs.openstack.org/releasenotes/keystone/ocata.html

The default in Ocata is Fernet so I think it's time to move to it.

Revision history for this message

Mohammed Naser (mnaser) wrote on 2017-03-17:

I can pick up the work behind this if you'd like (to get us to move to fernet tokens) if that's okay with you, Mathias.

Revision history for this message

Mathias Ewald (mewald) wrote on 2017-03-17: Re: [Bug 1632811] Re: Keystone token table filling up

That would be great, thank you!

Mohammed Naser <email address hidden> schrieb am Fr., 17. März 2017,
13:01:

> I can pick up the work behind this if you'd like (to get us to move to
> fernet tokens) if that's okay with you, Mathias.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1632811
>
> Title:
> Keystone token table filling up
>
> Status in kolla:
> In Progress
>
> Bug description:
> I noticed my keystone.token table filling up to a point where the
> entire cloud started responding slowly. I tracked it down the
> following missing pieces in keystone.conf:
>
> [memcache]
> servers = 10.242.7.10:11211,10.242.7.11:11211,10.242.7.12:11211
>
> [token]
> driver = memcache
> caching = True
>
> After adding this, the token table stayed empty.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/kolla/+bug/1632811/+subscriptions
>

Jeffrey Zhang (jeffrey4l) on 2017-06-14

Changed in kolla:
milestone:	pike-2 → pike-3

Revision history for this message

Vladislav Belogrudov (vlad-belogrudov) wrote on 2017-06-30:

any progress? :)

Is setting keystone_token_provider to 'fernet' enough for the fix?

Jeffrey Zhang (jeffrey4l) on 2017-07-30

Changed in kolla:
milestone:	pike-3 → pike-rc1

Eduardo Gonzalez (egonzalez90) on 2017-09-06

Changed in kolla:
milestone:	pike-rc1 → queens-1

Jeffrey Zhang (jeffrey4l) on 2017-12-11

Changed in kolla:
milestone:	queens-2 → queens-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-15: Change abandoned on kolla (master)

Change abandoned by Mathias Ewald (<email address hidden>) on branch: master
Review: https://review.openstack.org/385586

Jeffrey Zhang (jeffrey4l) on 2018-02-04

Changed in kolla:
milestone:	queens-3 → queens-rc1

Mathias Ewald (mewald) on 2018-02-04

Changed in kolla:
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.