[openstack-dev] Expired tokens in Keystone
Ravi Chunduru
ravivsn at gmail.com
Fri Jun 14 20:24:09 UTC 2013
On the problem you described, I like the idea of configuration parameter
for what point we need to issue vs re-use.
Thanks,
-Ravi.
On Fri, Jun 14, 2013 at 8:03 AM, Yee, Guang <guang.yee at hp.com> wrote:
> I think there was a case in which user started a VM snapshot in Nova with
> a to-be-expired token and by the time the snapshot reached Glance the token
> had already expired. ****
>
> ** **
>
> But I like the idea of token reuse. Probably need a configurable parameter
> to determine at what point we need to issue a new token versus reusing an
> existing one. Maybe a good topic for the next Summit?****
>
> ** **
>
> ** **
>
> Guang****
>
> ** **
>
> ** **
>
> *From:* Ravi Chunduru [mailto:ravivsn at gmail.com]
> *Sent:* Friday, June 14, 2013 7:32 AM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] Expired tokens in Keystone****
>
> ** **
>
> I asked this question in different thread but no response.****
>
> ** **
>
> Why does keystone not re-use the token the one it has already issued for
> the same credentials. Any reason for not doing that?****
>
> ** **
>
> Thanks,****
>
> -Ravi.****
>
> On Wed, Jun 12, 2013 at 11:04 AM, Jay Pipes <jaypipes at gmail.com> wrote:***
> *
>
> On 06/12/2013 12:54 PM, Craig E. Ward wrote:****
>
> I am working with a Folsom installation of OpenStack. The Keystone
> database (mysql) gets very large. The token table has millions of rows
> of expired tokens. Is there a reason not to delete these from the table?**
> **
>
> ** **
>
> Not unless you need them for some security auditing purpose... and if you
> don't, I recommend switching to the memcache token driver. It's faster and
> doesn't have the drawback of filling up your identity database will
> millions of token records.
>
> best,
> -jay****
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev****
>
>
>
> ****
>
> ** **
>
> --
> Ravi****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130614/e9502ddf/attachment.html>
More information about the OpenStack-dev
mailing list