Description of problem:
I have 181993 token in the token table in small deployment after 10 day of usage.

Version-Release number of selected component (if applicable):
instack-0.0.8-1.el7ost.noarch
instack-undercloud-2.2.0-1.el7ost.noarch
openstack-tripleo-0.0.7-1.el7ost.noarch
openstack-tripleo-image-elements-0.9.7-1.el7ost.noarch
openstack-tripleo-puppet-elements-0.0.2-1.el7ost.noarch
openstack-tripleo-heat-templates-0.8.7-2.el7ost.noarch
openstack-tripleo-common-0.0.2-4.el7ost.noarch

Expected results:

The expired tokens are removed from the database within 1-3 hour.


Additional info:

On the overcloud I have a crontab entry for the keystone user:
sudo crontab -l -u keystone
# HEADER: This file was autogenerated at 2015-12-11 05:29:31 -0500 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: keystone-manage token_flush
PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh
1 0 * * * sleep `expr ${RANDOM} \% 3600`; keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1


I would like to see a similar crontab entry for the undercloud,
alternatively  KTLW token cloud be used,
which does not populates the token table.