Bug 1029671

Summary: Keystone SQL Backend does not remove expired tokens
Product: Red Hat OpenStack Reporter: Adam Young <ayoung>
Component: openstack-packstackAssignee: Martin Magr <mmagr>
Status: CLOSED ERRATA QA Contact: Udi Kalifon <ukalifon>
Severity: high Docs Contact:
Priority: high    
Version: 4.0CC: aberezin, ajeain, aortega, apevec, ayoung, derekh, dpal, mmagr, ohochman, psedlak, sclewis, slong, yeylon
Target Milestone: z2Keywords: Triaged, ZStream
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-packstack-2013.2.1-0.23.dev979.el6ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 908355 Environment:
Last Closed: 2014-03-04 19:12:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 908355, 990584    
Bug Blocks: 1003878, 1011091, 1011093, 1049118    

Comment 1 Adam Young 2013-11-12 21:35:23 UTC 
To support cleaning the token table, puppet needs to schedule a periodic task: keystone-manage token-flush.  This should probably run once a minute, since the longer we go between runsm, the more of a performance impact we might see from table locking.
Comment 3 Alvaro Lopez Ortega 2014-01-07 17:40:19 UTC 
It'll require us to use a new Puppet module. Setting Mid-Feb so we have time to test it properly.
Comment 4 Martin Magr 2014-01-23 11:17:16 UTC 
After investigating I found that Puppet actually has cron job resource. Since this bug is A2 targeted we need patch ASAP, hence I'm taking it.
Comment 7 Udi Kalifon 2014-02-19 09:41:04 UTC 
Tested with:
openstack-keystone-2013.2.2-1.el6ost.noarch
python-keystoneclient-0.4.1-4.el6ost.noarch
python-keystone-2013.2.2-1.el6ost.noarch
Comment 11 errata-xmlrpc 2014-03-04 19:12:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0233.html