<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">You could probably use trusts, but that would require you to update your application https://wiki.openstack.org/wiki/Keystone/Trusts</div> <br> <div id="bloop_sign_1448274788835060224" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Kirill Zaitsev<br>Murano team</div><div style="font-family:helvetica,arial;font-size:13px">Software Engineer</div><div style="font-family:helvetica,arial;font-size:13px">Mirantis, Inc</div></div> <br><p class="airmail_on">On 19 November 2015 at 06:41:15, Adam Young (<a href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div text="#000000" bgcolor="#FFFFFF"><div></div><div>
<title></title>
<div class="moz-cite-prefix">On 11/18/2015 03:40 AM, ESWAR RAO
wrote:<br></div>
<blockquote cite="mid:CAA0WQjxk3LhPc4kz+YzEegG3WZCrmV3z1_Dqz9AtQ5gp2CTTEQ@mail.gmail.com" type="cite">
<div dir="ltr">Hi All,
<div><br></div>
<div>I have an application which does some HEAT transactions of
creating stack,polling for it and updating stack in a loop.</div>
<div><br></div>
<div>
<p class=""><span class="">In my setup, /etc/keystone/keystone.conf
has below settings:</span></p>
<p class="">expiration=3600</p>
<p class="">But my transaction loop takes more than 1 hr and AUTH
token is expired in between and I am getting :</p>
<p class=""><span class=""> Exception in heat start task for
stack </span>jsm-e08dceac-71fe-48e8-817e-93ec78881827 of
network service e08dceac-71fe-48e8-817e-93ec78881827 due to</p>
<p class=""> ERROR: Authentication failed.Please try again
with option --include-password or export
HEAT_INCLUDE_PASSWORD=1</p>
<p class="">Is there any means of making the auth-token not getting
expired instead of changing expiration time in keystone conf ??</p>
</div>
</div>
</blockquote>
<br>
No. It has been a long lived discussion, and the solution is
still not agreed on. The goal is to avoid long lived tokens,
but properly scope delegation across long workflow.<br>
<br>
<blockquote cite="mid:CAA0WQjxk3LhPc4kz+YzEegG3WZCrmV3z1_Dqz9AtQ5gp2CTTEQ@mail.gmail.com" type="cite">
<div dir="ltr">
<div>
<p class="">Thanks</p>
<p class="">Eswar</p>
<p class=""><br></p>
<p class=""><br></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre></blockquote>
<br>
_______________________________________________
<br>Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
<br>Post to : openstack@lists.openstack.org
<br>Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
<br></div></div></span></blockquote></body></html>