[Openstack] Timeout of Horizon web interface when idle
김기석 [KI SEOK KIM]
kskim at netmarble.com
Thu Nov 24 01:54:21 UTC 2016
Hello,
Keyston token expiration is defined on source code below.
# keyston/conf/token.py
expiration = cfg.IntOpt(
'expiration',
default=3600,
min=0,
max=sys.maxsize,
help=utils.fmt("""
The amount of time that a token should remain valid (in seconds). Drastically
reducing this value may break "long-running" operations that involve multiple
services to coordinate together, and will force users to authenticate with
keystone more frequently. Drastically increasing this value will increase load
on the `[token] driver`, as more tokens will be simultaneously valid. Keystone
tokens are also bearer tokens, so a shorter duration will also reduce the
potential security impact of a compromised token.
"""))
You could set keystone conf like this.
# /etc/keystone/keystone.conf
[token]
...
expiration = 60
...
From: Nasir Mahmood [mailto:nasir.mahmood at gmail.com]
Sent: Thursday, November 24, 2016 2:15 AM
To: Kevin Wilson
Cc: openstack
Subject: Re: [Openstack] Timeout of Horizon web interface when idle
Did you try to find this in keystone configs?
On Nov 23, 2016 9:14 PM, "Kevin Wilson" <wkevils at gmail.com<mailto:wkevils at gmail.com>> wrote:
Thanks Paul!
Since the access to Horizon is kicked out after for sure less than 60
minutes, I assume indeed that it is likely a token which becomes
invalid before the session times out.
Now the real question is: is there a way to configure the time
interval by which a token becomes invalid?
On Wed, Nov 23, 2016 at 12:11 PM, Paul Browne <pfb29 at cam.ac.uk<mailto:pfb29 at cam.ac.uk>> wrote:
>
>
> On 23/11/16 05:10, Kevin Wilson wrote:
>>
>> Hello,
>> When there are periods of idle activity in the Horizon WebUI of
>> OpenStack, I am kicked off from it and redirected to the login
>> screen of it. It is usually occurs after several minutes of idle
>> activity, something like 10 or 15 minutes or more.
>> Is there a way to control this and make this interval longer ? or is
>> it not an OpenStack Horizon tunable setting and depends simply on
>> reset of the connection done by non OpenStack mechanism ?
>>
>> Regards,
>> Rami
>
>
> Hello Rami,
>
> I've seen in the docs that there is a Django Session Timeout setting for
> Horizon;
>
> http://docs.openstack.org/developer/horizon/topics/settings.html#session-timeout
>
> It says there the default is 3600 seconds (60 minutes), but I've often had a
> Horizon session time out before that. Perhaps because the token becomes
> invalid before the session times out?
>
> Kind regards,
> Paul Browne
>
>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> --
> *******************
> Paul Browne
> Research Computing Platforms
> University Information Services
> Roger Needham Building
> JJ Thompson Avenue
> University of Cambridge
> Cambridge
> United Kingdom
> E-Mail: pfb29 at cam.ac.uk<mailto:pfb29 at cam.ac.uk>
> Tel: 0044-1223-46548
> *******************
>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20161124/ef6c000f/attachment.html>
More information about the Openstack
mailing list