Keystone's token table grows unconditionally when using SQL backend.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Jamie Lennox | ||
openstack-manuals |
Fix Released
|
Undecided
|
Unassigned | ||
keystone (Ubuntu) |
Fix Released
|
Medium
|
David Höppner |
Bug Description
Keystone's `token` table grows unconditionally with expired tokens when using the SQL backend.
Keystone should provide a backend-agnostic method to find and delete these tokens. This could be run via a periodic task or supplied as a script to run as a cron job.
An example SQL statement (if you're using a SQL backend) to workaround this problem:
sql> DELETE FROM token WHERE expired <= NOW();
It may be ideal to allow a date smear to allow older tokens to persist if needed.
Choosing the `memcache` backend may workaround this issue, but SQL is the package default.
System Information:
$ dpkg-query --show keystone
keystone 2012.1+
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
description: | updated |
summary: |
- Keystone's token table grows unconditionally. + Keystone's token table grows unconditionally when using SQL backend. |
description: | updated |
Changed in keystone: | |
status: | New → Confirmed |
Changed in keystone (Ubuntu): | |
importance: | Undecided → Medium |
Changed in keystone (Ubuntu): | |
assignee: | nobody → David Höppner (0xffea) |
Changed in keystone: | |
milestone: | none → havana-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
milestone: | havana-1 → 2013.2 |
Changed in keystone (Ubuntu): | |
status: | Confirmed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.