Comment 7 for bug 1032633

Andrew Mann (o-andrew-v) wrote :

That seems reasonable. I would suggest adding that as a step to the OpenStack setup documentation. No one has infinite database space, eventually all used OpenStack installations will suffer unless this is done. Regardless of what component (or person) has to complete the task, they'll need to be aware of it.

I would prefer to see some kind of "automatically expire old tokens" configuration option so that the maintenance of keystone stays in keystone - whether that be implemented as a expire-on-access query or cron-derived mechanism, but re-implementing cron is not great and a purge tagged on to other operations could cause a slowdown on those operations.