Howdy all, I'm looking for more opinions about how we should approach fixing the broken periodic task for cleaning up expired console token authorizations in the database: https://bugs.launchpad.net/nova/+bug/1816399 It's broken because it filters the database token auth records for 'host' when it goes to remove expired auths, but the 'host' used by the various types of consoles is not actually the hostname of the compute host, as the current [broken] code assumes. So the periodic task finds nothing for the compute manager's self.host and cleans up no token authorizations. There's a proposed patch that begins fixing the bug: https://review.opendev.org/637716 by iterating over a list of possible 'host' values based on the various console types. Each console type may use a different style of value for the 'host' which can also be driver dependent. That means we'd have to implement and expose 'get_<console>_host' methods for drivers that use a different host format for their console token auths. When I reviewed this patch, I wondered whether we should go down that road to fix this problem, or if we should instead stop using the required 'host' filter via the console_auth_token_destroy_expired_by_host method in the database API and instead add a console_auth_token_destroy_expired_by_instance method and have the nova-compute periodic task call that method in batches, similar to how the _heal_instance_info_cache periodic task works today. Can anyone else lend their thoughts on how we should move forward here? Cheers, -melanie