Periodically flush the expired tokens
With the H release, keystone-manage has a new parameter called "token_flush" to flush the expired tokens (see https:/
This is still a manual task which needs to be done by operations.
There should be a periodic task in keystone to flush the expired tokens automatically.
I propose to add a new config parameter to the [token] section called "flush_period". This value is an integer (in seconds). If 0, the automatic flushing is disabled. So a possible keystone.conf looks like:
[token]
...
flush_period=3600
...
With this configuration, the expired tokens are every hour deleted.
To implement this, a ThreadGroup.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- Thomas Bechtold
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Needs Code Review
- Milestone target:
- None
- Started by
- Dolph Mathews
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
(morganfainberg): As discussed in IRC, design sessions, and on the review, this will not be implemented in this way, Keystone does not have a periodic scheduler and this should be a Cron job with the ultimate goal of reaching non-persistent tokens (or other similar improvements).
Bumping this to m3 pending further conversation on the topic, as requested by Steven Hardy in https:/
Gerrit topic: https:/
Addressed by: https:/
Periodically flush expired tokens