[openstack-dev] [keystone] Addressing issue of keysone token expiry during long running operations

Adam Young ayoung at redhat.com
Wed Jan 6 04:03:17 UTC 2016

On 01/05/2016 05:05 AM, Carlton, Paul (Cloud Services) wrote:
> Jamie
> John Garbutt suggested I follow up this issue with you.  I understand
> you may be leading the
> effort to address the issue of token expiry during a long running
> operation.  Nova
> encounter this scenario during image snapshots and live migrations.
> Is there a keystone blueprint for this issue?
This action should not be done with a token;  you can never have a token 
length long enough that it won't expire on some jobs.

Either do it using a trust, or make it something that the Nova service 
user can do without a token.  The latter is probably the easier choice.

> Thanks
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160105/16609902/attachment.html>

More information about the OpenStack-dev mailing list