Hi adam, Can u explain more about 'In conjunction with the caching layer, it might be the right approach: flush the old tokens upon revocation list regeneration.'?
when is the list_revoked_tokens called? thanks On Sat, Aug 24, 2013 at 1:51 AM, Adam Young <ayo...@redhat.com> wrote: > On 08/23/2013 12:43 PM, Joe Gordon wrote: > > > On Aug 23, 2013 12:24 PM, "Dolph Mathews" <dolph.math...@gmail.com> wrote: > > > > > > On Fri, Aug 23, 2013 at 10:51 AM, Miller, Mark M (EB SW Cloud - R&D - > Corvallis) <mark.m.mil...@hp.com> wrote: > >> > >> Hello, > >> > >> > >> > >> I would think you would want to reuse the same token but update the > expiration time as if it were the first time the token had been generated. > > > > > > That wouldn't work for PKI tokens, as the resulting signature would have > to change. > > > >> > >> > >> > >> Mark > >> > >> > >> > >> From: Yongsheng Gong [mailto:gong...@unitedstack.com] > >> Sent: Friday, August 23, 2013 12:40 AM > >> To: OpenStack Development Mailing List > >> Subject: [openstack-dev] [keystone] Two BPs for managing the tokens > >> > >> > >> > >> Hi, > >> > >> Talked with Henry Nash and Jamie Lennox on IRC, I have created two BPs > to manage the keystone tokens: > >> > >> 1. > https://blueprints.launchpad.net/keystone/+spec/periodically-flush-expired-token > > > Not sure that this is worth writing or maintaining. The system services > for Cron are much more robust, and we don;t have to maintain them. > > I do have this review for your consideration, though: > > https://review.openstack.org/#/c/43510/ > > In conjunction with the caching layer, it might be the right approach: > flush the old tokens upon revocation list regeneration. > > > > >> > >> which is used to delete expired token > >> > >> 2. https://blueprints.launchpad.net/keystone/+spec/reuse-token > >> > >> which will re-use valid token > >> > >> > >> > >> These two BPs will help us to reduce the token records in token table > enormously. > >> > >> > >> > >> I have put some ideas on the BP description. > >> > >> > >> > >> Any comments are welcome. > >> > > What about Adam Young's vision for keystone, which I like, > http://adam.younglogic.com/2013/07/a-vision-for-keystone/ > These two blueprints don't appear to be in line with it. > > Also, instead of making keystone reuse tokens why not make the token reuse > in the clients better (keyring based). Last I checked it was disabled and > broken in nova (there was a patch to fix it, but keep it disabled) > > >> > >> > >> > >> > >> Regards, > >> > >> Yong Sheng Gong > >> > >> > >> _______________________________________________ > >> OpenStack-dev mailing list > >> OpenStack-dev@lists.openstack.org > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > > > > > > > -- > > > > -Dolph > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > _______________________________________________ > OpenStack-dev mailing > listOpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev