On 08/23/2013 12:43 PM, Joe Gordon wrote:
On Aug 23, 2013 12:24 PM, "Dolph Mathews" <dolph.math...@gmail.com
<mailto:dolph.math...@gmail.com>> wrote:
>
>
> On Fri, Aug 23, 2013 at 10:51 AM, Miller, Mark M (EB SW Cloud - R&D
- Corvallis) <mark.m.mil...@hp.com <mailto:mark.m.mil...@hp.com>> wrote:
>>
>> Hello,
>>
>>
>>
>> I would think you would want to reuse the same token but update the
expiration time as if it were the first time the token had been generated.
>
>
> That wouldn't work for PKI tokens, as the resulting signature would
have to change.
>
>>
>>
>>
>> Mark
>>
>>
>>
>> From: Yongsheng Gong [mailto:gong...@unitedstack.com
<mailto:gong...@unitedstack.com>]
>> Sent: Friday, August 23, 2013 12:40 AM
>> To: OpenStack Development Mailing List
>> Subject: [openstack-dev] [keystone] Two BPs for managing the tokens
>>
>>
>>
>> Hi,
>>
>> Talked with Henry Nash and Jamie Lennox on IRC, I have created two
BPs to manage the keystone tokens:
>>
>> 1.
https://blueprints.launchpad.net/keystone/+spec/periodically-flush-expired-token
Not sure that this is worth writing or maintaining. The system services
for Cron are much more robust, and we don;t have to maintain them.
I do have this review for your consideration, though:
https://review.openstack.org/#/c/43510/
In conjunction with the caching layer, it might be the right approach:
flush the old tokens upon revocation list regeneration.
>>
>> which is used to delete expired token
>>
>> 2. https://blueprints.launchpad.net/keystone/+spec/reuse-token
>>
>> which will re-use valid token
>>
>>
>>
>> These two BPs will help us to reduce the token records in token
table enormously.
>>
>>
>>
>> I have put some ideas on the BP description.
>>
>>
>>
>> Any comments are welcome.
>>
What about Adam Young's vision for keystone, which I like,
http://adam.younglogic.com/2013/07/a-vision-for-keystone/
These two blueprints don't appear to be in line with it.
Also, instead of making keystone reuse tokens why not make the token
reuse in the clients better (keyring based). Last I checked it was
disabled and broken in nova (there was a patch to fix it, but keep it
disabled)
>>
>>
>>
>>
>> Regards,
>>
>> Yong Sheng Gong
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
<mailto:OpenStack-dev@lists.openstack.org>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
>
> -Dolph
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
<mailto:OpenStack-dev@lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
