[openstack-dev] [Openstack-operators] [openstack-operators] [Keystone] flush expired tokens and moves deleted instance

Clint Byrum clint at fewbar.com
Tue Jan 27 18:21:02 UTC 2015

Excerpts from Tim Bell's message of 2015-01-25 22:10:10 -0800:
> This is often mentioned as one of those items which catches every OpenStack cloud operator at some time. It's not clear to me that there could not be a scheduled job built into the system with a default frequency (configurable, ideally).
> If we are all configuring this as a cron job, is there a reason that it could not be built into the code ?
It has come up before.

The main reason not to build it into the code as it's even better to
just _never store tokens_:


or just use certs:


The general thought is that putting lots of things in the database that
don't need to be stored anywhere is a bad idea. The need for the cron
job is just a symptom of that bug.

More information about the OpenStack-dev mailing list