> check_revocations_for_cached = True
> ...
> 1. set the above config in the nova-compute charm
We need to be careful with this option, because this will make nova-compute daemons to ask keystone for the list of revoked tokens (GET /tokens/revoked)[0] every X seconds[1], so the extra pressure on keystone is something to consider.
On top of the previously said, the real problem with this option is that this only works for PKI token format which is being deprecated[2]
> check_revocatio ns_for_ cached = True
> ...
> 1. set the above config in the nova-compute charm
We need to be careful with this option, because this will make nova-compute daemons to ask keystone for the list of revoked tokens (GET /tokens/revoked)[0] every X seconds[1], so the extra pressure on keystone is something to consider.
On top of the previously said, the real problem with this option is that this only works for PKI token format which is being deprecated[2]
[0] https:/ /github. com/openstack/ keystonemiddlew are/blob/ master/ keystonemiddlew are/auth_ token/_ _init__ .py#L744 /github. com/openstack/ keystonemiddlew are/blob/ master/ keystonemiddlew are/auth_ token/_ _init__ .py#L601 /github. com/openstack/ keystonemiddlew are/commit/ 77909fdc169e4b6 f9b177212514f10 913bc389e6
[1] https:/
[2] https:/