[nova][dev] broken periodic task to cleanup expired console token auths
melanie witt
melwittt at gmail.com
Thu Apr 25 22:00:26 UTC 2019
Howdy all,
I'm looking for more opinions about how we should approach fixing the
broken periodic task for cleaning up expired console token
authorizations in the database:
https://bugs.launchpad.net/nova/+bug/1816399
It's broken because it filters the database token auth records for
'host' when it goes to remove expired auths, but the 'host' used by the
various types of consoles is not actually the hostname of the compute
host, as the current [broken] code assumes. So the periodic task finds
nothing for the compute manager's self.host and cleans up no token
authorizations.
There's a proposed patch that begins fixing the bug:
https://review.opendev.org/637716
by iterating over a list of possible 'host' values based on the various
console types. Each console type may use a different style of value for
the 'host' which can also be driver dependent. That means we'd have to
implement and expose 'get_<console>_host' methods for drivers that use a
different host format for their console token auths.
When I reviewed this patch, I wondered whether we should go down that
road to fix this problem, or if we should instead stop using the
required 'host' filter via the
console_auth_token_destroy_expired_by_host method in the database API
and instead add a console_auth_token_destroy_expired_by_instance method
and have the nova-compute periodic task call that method in batches,
similar to how the _heal_instance_info_cache periodic task works today.
Can anyone else lend their thoughts on how we should move forward here?
Cheers,
-melanie
More information about the openstack-discuss
mailing list