OpenStack Identity (keystone)

keystone should clean up expired tokens

Bug #1444469 reported by Andrew Bogott on 2015-04-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Undecided	Unassigned

Bug Description

As of Icehouse, at least, keystone doesn't ever clean up expired tokens. After a few years, my keystone ridiculously huge, causing query timeouts and such.

Revision history for this message

Andrew Bogott (andrewbogott) wrote on 2015-04-15:

um... that should read 'my keystone database is ridiculously huge'

Revision history for this message

Dolph Mathews (dolph) wrote on 2015-04-15:

Docs:

http://docs.openstack.org/admin-guide-cloud/content/flushing-expired-tokens-from-token-database-table.html

In addition, Fernet tokens, introduced in Kilo, do not need to be persisted to the database, and will leave your token table completely empty:

http://docs.openstack.org/developer/keystone/configuration.html#uuid-pki-pkiz-or-fernet

Changed in keystone:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.