Juju Charms Collection
keystone package

keystone charm should run token_flush from cron

Bug #1467832 reported by Tom Haddon
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
keystone (Juju Charms Collection)
Fix Released
High
Billy Olsen
Juju Charms Collection 16.04

Bug Description

The keystone charm doesn't current run the token_flush job from cron. This means the token table can grow unbounded. We've manually added the following:

* * * * * root /usr/bin/keystone-manage token_flush >/dev/null 2>&1

Tags: hitlist
James Page (james-page)
Changed in keystone (Juju Charms Collection):
status: New → Triaged
importance: Undecided → High
assignee: nobody → David Ames (thedac)
milestone: none → 15.10
Edward Hope-Morley (hopem)
Changed in keystone (Juju Charms Collection):
milestone: 15.10 → 16.01
James Page (james-page)
Changed in keystone (Juju Charms Collection):
milestone: 16.01 → 16.04
James Page (james-page)
tags: added: hitlist
David Ames (thedac)
Changed in keystone (Juju Charms Collection):
assignee: David Ames (thedac) → nobody
Billy Olsen (billy-olsen)
Changed in keystone (Juju Charms Collection):
assignee: nobody → Billy Olsen (billy-olsen)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone (master)

Reviewed: https://review.openstack.org/289068
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=55274a7867fa29d39c34d0e69be9a06984a4d59f
Submitter: Jenkins
Branch: master

commit 55274a7867fa29d39c34d0e69be9a06984a4d59f
Author: Billy Olsen <email address hidden>
Date: Sun Mar 6 12:19:47 2016 -0700

    Install cron job to flush keystone tokens.

    This change adds a cron job definition to flush the keystone tokens
    once every hour. Without this, the keystone database grows unbounded,
    which can be problematic in production environments.

    This change introduces a new keystone-token-flush templated cron job,
    which will run the keystone-manage token_flush command as the keystone
    user once per hour. This change honors the use-syslog setting by
    sending output of the command either to the keystone-token-flush.log
    file or to the syslog using the logger exec.

    Only the juju service leader will have the cron job active in order to
    prevent multiple units from running the token_flush at the concurrently.

    Change-Id: I21be3b23a8fe66b67fba0654ce498d62b3afc2ac
    Closes-Bug: #1467832

Changed in keystone (Juju Charms Collection):
status: In Progress → Fix Released
Billy Olsen (billy-olsen)
Changed in keystone (Juju Charms Collection):
status: Fix Released → Fix Committed
James Page (james-page)
Changed in keystone (Juju Charms Collection):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.