openstack-manuals

Installation Guide - Recommend occasional Keystone token flush

Bug #1287962 reported by Matt Kassawara on 2014-03-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	High	Matt Kassawara	openstack-manuals icehouse

Bug Description

Since Keystone tokens tend to proliferate and grow the database rather quickly, consider recommending occasionally running "keystone-manage token_flush" via cron or similar utility to purge expired tokens.

-----------------------------------
Built: 2014-03-04T19:38:49 00:00
git SHA: 231dcc4d3b36fbda050beaf1399564ad3769f262
URL: http://docs.openstack.org/trunk/install-guide/install/apt/content/ch_keystone.html
source File: file:/home/jenkins/workspace/openstack-install-deploy-guide-ubuntu/doc/install-guide/ch_keystone.xml
xml:id: ch_keystone

Tags:

Revision history for this message

Stephen Gordon (sgordon) wrote on 2014-03-06:

I think in the install guide use case we should consider turning the long term storage of tokens off or setting the crontab to run daily. People just starting out really don't care about the kind of auditing this enables.

Revision history for this message

Stephen Gordon (sgordon) wrote on 2014-03-06:

Suggest turning it off and putting the crontab approach in the admin cloud guide?

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → Medium
tags:	added: cloud-admin-guide
Changed in openstack-manuals:
importance:	Medium → High

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-03-07:

I think we need to take the crontab route based on this patch:

https://review.openstack.org/#/c/59786/

Matt Kassawara (ionosphere80) on 2014-03-07

Changed in openstack-manuals:
assignee:	nobody → Matt Kassawara (ionosphere80)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-07: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/79105

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-10: Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/79105
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=97899524cd3f96d692fa7dddfd53e320b3c2df24
Submitter: Jenkins
Branch: master

commit 97899524cd3f96d692fa7dddfd53e320b3c2df24
Author: Matt Kassawara <email address hidden>
Date: Fri Mar 7 16:25:38 2014 -0700

Add cron job to periodically flush expired tokens

    By default, the Identity Service stores expired tokens in the database
    indefinitely. While potentially useful for auditing in production
    environments, the accumulation of expired tokens will considerably
    increase database size and may decrease service performance,
    particularly in test environments with limited resources. I added
    a step to create a periodic task using 'cron' which calls
    'keystone-manage token_flush' to purge expired token hourly.

Change-Id: Ie2bb4b03da25037426daa57edf084e9801a139fb
Closes-Bug: #1287962

Changed in openstack-manuals:
status:	In Progress → Fix Committed

Matt Kassawara (ionosphere80) on 2014-03-11

Changed in openstack-manuals:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-24: Fix included in openstack/openstack-manuals 15.0.0

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.