Open Stack

Howdy all,

I'm looking for more opinions about how we should approach fixing the 
broken periodic task for cleaning up expired console token 
authorizations in the database:

https://bugs.launchpad.net/nova/+bug/1816399

It's broken because it filters the database token auth records for 
'host' when it goes to remove expired auths, but the 'host' used by the 
various types of consoles is not actually the hostname of the compute 
host, as the current [broken] code assumes. So the periodic task finds 
nothing for the compute manager's self.host and cleans up no token 
authorizations.

There's a proposed patch that begins fixing the bug:

https://review.opendev.org/637716

by iterating over a list of possible 'host' values based on the various 
console types. Each console type may use a different style of value for 
the 'host' which can also be driver dependent. That means we'd have to 
implement and expose 'get_<console>_host' methods for drivers that use a 
different host format for their console token auths.

When I reviewed this patch, I wondered whether we should go down that 
road to fix this problem, or if we should instead stop using the 
required 'host' filter via the 
console_auth_token_destroy_expired_by_host method in the database API 
and instead add a console_auth_token_destroy_expired_by_instance method 
and have the nova-compute periodic task call that method in batches, 
similar to how the _heal_instance_info_cache periodic task works today.

Can anyone else lend their thoughts on how we should move forward here?

Cheers,
-melanie