Bug 1127788
Summary: | [RFE] keystone-manage token_flush fails when there is a huge number of tokens to flush | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Eduard Barrera <ebarrera> |
Component: | openstack-keystone | Assignee: | Adam Young <ayoung> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | yeylon <yeylon> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 4.0 | CC: | ayoung, jruzicka, nkinder, srevivo, ukalifon, yeylon |
Target Milestone: | --- | Keywords: | FutureFeature, ZStream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-28 17:52:35 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eduard Barrera
2014-08-07 14:41:27 UTC
We recommend to run the token flush once a minute by a cron job, to prevent the database from inflating. Packstack sets up this cron job: */1 * * * * /usr/bin/keystone-manage token_flush >/dev/null 2>&1 Note that upstream Keystone is moving to Fernet tokens, which do not have to be persisted to the database. Since their is a work-around (one time flush) for people with large Token tables, and the right solution is to have the token-flush run on a periodic basis, there is no support for a more complex flush mechanism from upstream Keystone development. Note that the token-flush has had a batch_size parameter for several releases: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/token/persistence/backends/sql.py#n278 This was reported on 4.0, which is no longer accepting backports, but the feature desired is in later versions of the product. |