[openstack-dev] [keystone]How do we avoid token expired?

Duncan Thomas duncan.thomas at gmail.com
Sun Dec 20 23:15:08 UTC 2015

I believe the code that needs fixing is in cinder backup itself, rather
than (or as well as) the client, since the client will only initiate the
operation, it will not be around for later when the token expires.

Cinder backup is also potentially a place where keystone trusts can be
fruitfully employed.
On 20 Dec 2015 11:22, "Clark Boylan" <cboylan at sapwetik.org> wrote:

> On Sun, Dec 20, 2015, at 07:43 AM, zhu4236926 wrote:
> > Hi guys,
> >     I'm using cinder-clinet to backup a volume and query the status of
> >     the backup-volume in a loop per 3 seconds. I got the token from
> >     keystone when I begin to backup the volume,assuming that the token is
> >     expired in 2 minutes, but the backup need 5 minutes to finish, so
> >     after 3 minutes the token is expired and authentication-failed, how
> >     should I solve this problems by using cinder-client or
> >     keystone-client, or could you provide other solution to avoid this
> >     problems.
> I believe that if you use a keystoneauth session [0] that it will renew
> tokens that are near to expiring or have already expired. Support is per
> client so you will need to check if cinderclient supports this and if
> not probably add support first.
> [0] http://docs.openstack.org/developer/keystoneauth/using-sessions.html
> Hope this helps,
> Clark
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151221/1962523a/attachment.html>

More information about the OpenStack-dev mailing list