Bug 1029671 - Keystone SQL Backend does not remove expired tokens
Keystone SQL Backend does not remove expired tokens
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
4.0
Unspecified Unspecified
high Severity high
: z2
: 4.0
Assigned To: Martin Magr
Udi
: Triaged, ZStream
Depends On: 908355 990584
Blocks: RHOS50RFE 1011091 1011093 1049118
  Show dependency treegraph
 
Reported: 2013-11-12 16:31 EST by Adam Young
Modified: 2016-04-26 23:37 EDT (History)
13 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.2.1-0.23.dev979.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 908355
Environment:
Last Closed: 2014-03-04 14:12:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1032633 None None None Never
OpenStack gerrit 28133 None None None Never
OpenStack gerrit 68616 None None None Never
OpenStack gerrit 69598 None None None Never

  None (edit)
Comment 1 Adam Young 2013-11-12 16:35:23 EST
To support cleaning the token table, puppet needs to schedule a periodic task: keystone-manage token-flush.  This should probably run once a minute, since the longer we go between runsm, the more of a performance impact we might see from table locking.
Comment 3 Alvaro Lopez Ortega 2014-01-07 12:40:19 EST
It'll require us to use a new Puppet module. Setting Mid-Feb so we have time to test it properly.
Comment 4 Martin Magr 2014-01-23 06:17:16 EST
After investigating I found that Puppet actually has cron job resource. Since this bug is A2 targeted we need patch ASAP, hence I'm taking it.
Comment 7 Udi 2014-02-19 04:41:04 EST
Tested with:
openstack-keystone-2013.2.2-1.el6ost.noarch
python-keystoneclient-0.4.1-4.el6ost.noarch
python-keystone-2013.2.2-1.el6ost.noarch
Comment 11 errata-xmlrpc 2014-03-04 14:12:38 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0233.html

Note You need to log in before you can comment on or make changes to this bug.