keystone token flushing

asked 2018-12-17 05:45:37 -0600

updated 2018-12-27 23:53:57 -0600

Hi Techies,

I am using OpenStack Mitaka version, I have done a multi-node installation. In my keystone database's token table all expired tokens are not flushed. There are 10,000,00 token remains in my token table. I know keystone-manage token_flush is used to flush the token.

My question is how to enable auto flushing for Keystone tokens?

If changing token provider from UUID to fernet, will it affect OpenStack environment's authentication?

edit retag flag offensive close merge delete

Comments

1

You could use Fernet tokens, they are not persistent as far as I know. This is from Pike, but I guess Mitaka is no different: https://docs.openstack.org/keystone/p....

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-17 06:31:02 -0600 )edit

I found an email thread that seems to indicate it's possible.

Bernd Bausch gravatar imageBernd Bausch ( 2018-12-28 01:45:29 -0600 )edit