periodically flush expired token
Now we need the deployer to add a cron-like job to call 'keystone-manage token_flush' to remove the expired token records in the token backend (kvs, mysql, memcache, etc) so that the token persistence mechanism will not be filled up with expired tokens.
This BP adds a periodic thread in keystone-all process, which will run at a configurable interval to flush the expired token from DB. The interval should be configured more than CONF.token.
It also flushes the oauth token.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- yong sheng gong
- Direction:
- Needs approval
- Assignee:
- yong sheng gong
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Sprints
Whiteboard
Dolph Mathews said: i'd suggest breaking the oauth token flushing into a separate blueprint, since there's considerably extra work around that
why should the configured interval be greater than CONF.token.
yong sheng gong said: If the interval is less than CONF.token.
Robert C. Barth said: Does it make sense to create a whole thread to do this, or how about just clear the expired tokens on token creation via SQL script? E.g. modify the token creation process to also clear the expired tokens when storing the new token. That will introduce some overhead into token creation, but it should be minimal. I think this it would be a simpler change. A config value for whether the user wants this behavior would be convenient, as well.
Doug Schaapveld said: Why include the memcache driver? Doesn't memcached handle expiration on its own?
-- This is duplicated by bp keystone-
