[openstack-dev] [keystone] Flush expired tokens automatically ?
Thierry Carrez
thierry at openstack.org
Tue Jan 27 09:25:30 UTC 2015
Updating subject line to attract keystone devs
Daniel Comnea wrote:
> +100
>
> Dani
>
> On Mon, Jan 26, 2015 at 1:10 AM, Tim Bell <Tim.Bell at cern.ch
> <mailto:Tim.Bell at cern.ch>> wrote:
>
> This is often mentioned as one of those items which catches every
> OpenStack cloud operator at some time. It’s not clear to me that
> there could not be a scheduled job built into the system with a
> default frequency (configurable, ideally).____
>
> __ __
>
> If we are all configuring this as a cron job, is there a reason that
> it could not be built into the code ?____
>
> __ __
>
> Tim____
>
> __ __
>
> *From:*Mike Smith [mailto:mismith at overstock.com
> <mailto:mismith at overstock.com>]
> *Sent:* 24 January 2015 18:08
> *To:* Daniel Comnea
> *Cc:* OpenStack Development Mailing List (not for usage questions);
> openstack-operators at lists.openstack.org
> <mailto:openstack-operators at lists.openstack.org>
> *Subject:* Re: [Openstack-operators]
> [openstack-dev][openstack-operators]flush expired tokens and moves
> deleted instance____
>
> __ __
>
> It is still mentioned in the Juno installation docs: ____
>
> __ __
>
> By default, the Identity service stores expired tokens in the
> database indefinitely. The____
>
> accumulation of expired tokens considerably increases the database
> size and might degrade____
>
> service performance, particularly in environments with limited
> resources.____
>
> We recommend that you use cron to configure a periodic task that
> purges expired tokens____
>
> hourly:____
>
> # (crontab -l -u keystone 2>&1 | grep -q token_flush) || \____
>
> echo '@hourly /usr/bin/keystone-manage token_flush
> >/var/log/keystone/____
>
> keystone-tokenflush.log 2>&1' \____
>
> >> /var/spool/cron/keystone____
>
> __ __
>
> __ __
>
>
> Mike Smith
> Principal Engineer, Website Systems
> Overstock.com <http://Overstock.com>
>
> ____
>
> __ __
>
> On Jan 24, 2015, at 10:03 AM, Daniel Comnea
> <comnea.dani at gmail.com <mailto:comnea.dani at gmail.com>> wrote:____
>
> __ __
>
> Hi all,
>
> ____
>
> I just bumped into Sebastien's blog where he suggested a cron
> job should run in production to tidy up expired tokens - see
> blog[1]____
>
> Could you please remind me if this is still required in
> IceHouse/ Juno? (i kind of remember i've seen some work being
> done in this direction but i can't find the emails)
>
> ____
>
> Thanks,
> Dani
>
> [1]
> http://www.sebastien-han.fr/blog/2014/08/18/a-must-have-cron-job-on-your-openstack-cloud/
> ____
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> <mailto:OpenStack-operators at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators____
>
> __ __
>
> __ __
>
> ------------------------------------------------------------------------
>
>
> CONFIDENTIALITY NOTICE: This message is intended only for the use
> and review of the individual or entity to which it is addressed and
> may contain information that is privileged and confidential. If the
> reader of this message is not the intended recipient, or the
> employee or agent responsible for delivering the message solely to
> the intended recipient, you are hereby notified that any
> dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in
> error, please notify sender immediately by telephone or return
> email. Thank you.____
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Thierry Carrez (ttx)
More information about the OpenStack-dev
mailing list