Bug 1470227

Summary: Token flush does not complete when expired tokens becomes large enough
Product: Red Hat OpenStack Reporter: Harry Rybacki <hrybacki>
Component: openstack-puppet-modulesAssignee: Harry Rybacki <hrybacki>
Status: CLOSED ERRATA QA Contact: Prasanth Anbalagan <panbalag>
Severity: high Docs Contact:
Priority: urgent    
Version: 10.0 (Newton)CC: akrzos, aschultz, ccollett, cshastri, dhill, dshevrin, ggillies, hrybacki, jdennis, jjoyce, josorior, jschluet, kbasil, lmiccini, mlopes, nchandek, nkinder, panbalag, rcritten, slinaber, srevivo, tvignaud, vcojot
Target Milestone: zstreamKeywords: Triaged, ZStream
Target Release: 7.0 (Kilo)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-puppet-modules-2015.1.8-56.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1404324 Environment:
Last Closed: 2017-09-12 17:15:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1404324, 1470230, 1473713    
Bug Blocks: 1451122, 1467120, 1469457, 1470221, 1470226    

Comment 3 Prasanth Anbalagan 2017-08-31 12:43:51 UTC 
Verified as follows - Token database gets flushed as expected.

*************
VERSION
*************

[root@lynx13 ~]# yum list installed | grep openstack-puppet
openstack-puppet-modules.noarch      2015.1.8-56.el7ost      @rhelosp-7.0-puddle

*********
LOGS
*********

[root@lynx13 ~]# sudo crontab -u keystone -l
# HEADER: This file was autogenerated at 2017-08-31 04:04:03 +0300 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: token-flush
*/1 * * * * /usr/bin/keystone-manage token_flush >/dev/null 2>&1


MariaDB [keystone]> select count(*) from token;
+----------+
| count(*) |
+----------+
|     1813 |
+----------+
1 row in set (0.00 sec)

MariaDB [keystone]> select count(*) from token;
+----------+
| count(*) |
+----------+
|     1814 |
+----------+
1 row in set (0.00 sec)
Database changed
+----------+
| count(*) |
+----------+
|     8725 |
+----------+
1 row in set (0.00 sec)

MariaDB [keystone]> Bye
[root@lynx13 ~]# date
Thu Aug 31 07:26:56 IDT 2017
[root@lynx13 ~]# 

MariaDB [(none)]> use keystone; select count(*) from token;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
+----------+
| count(*) |
+----------+
|       42 |
+----------+
1 row in set (0.00 sec)

MariaDB [keystone]> Bye
[root@lynx13 ~]# date
Thu Aug 31 15:41:49 IDT 2017
Comment 5 errata-xmlrpc 2017-09-12 17:15:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2697