Re: [openstack-dev] [Openstack-operators] [openstack-operators]flush expired tokens and moves deleted instance
On 01/28/2015 01:13 AM, Fischer, Matt wrote: Our keystone database is clustered across regions, so we have this job running on node1 in each site on alternating hours. I don’t think you’d want a bunch of cron jobs firing off all at once to cleanup tokens on multiple clustered nodes. That’s one reason I know not to put this in the code. i prefer a cronjob to something on the code that i have to test, configure and possible troubleshot besides, i think is well documented. i don't see a problem there. maybe distributions could ship the script into /etc/cron.daily by default? i would remove it on my case but is a good default for simple openstack installs -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Openstack-operators] [openstack-operators]flush expired tokens and moves deleted instance
+100 Dani On Mon, Jan 26, 2015 at 1:10 AM, Tim Bell tim.b...@cern.ch wrote: This is often mentioned as one of those items which catches every OpenStack cloud operator at some time. It’s not clear to me that there could not be a scheduled job built into the system with a default frequency (configurable, ideally). If we are all configuring this as a cron job, is there a reason that it could not be built into the code ? Tim *From:* Mike Smith [mailto:mism...@overstock.com] *Sent:* 24 January 2015 18:08 *To:* Daniel Comnea *Cc:* OpenStack Development Mailing List (not for usage questions); openstack-operat...@lists.openstack.org *Subject:* Re: [Openstack-operators] [openstack-dev][openstack-operators]flush expired tokens and moves deleted instance It is still mentioned in the Juno installation docs: By default, the Identity service stores expired tokens in the database indefinitely. The accumulation of expired tokens considerably increases the database size and might degrade service performance, particularly in environments with limited resources. We recommend that you use cron to configure a periodic task that purges expired tokens hourly: # (crontab -l -u keystone 21 | grep -q token_flush) || \ echo '@hourly /usr/bin/keystone-manage token_flush /var/log/keystone/ keystone-tokenflush.log 21' \ /var/spool/cron/keystone Mike Smith Principal Engineer, Website Systems Overstock.com On Jan 24, 2015, at 10:03 AM, Daniel Comnea comnea.d...@gmail.com wrote: Hi all, I just bumped into Sebastien's blog where he suggested a cron job should run in production to tidy up expired tokens - see blog[1] Could you please remind me if this is still required in IceHouse/ Juno? (i kind of remember i've seen some work being done in this direction but i can't find the emails) Thanks, Dani [1] http://www.sebastien-han.fr/blog/2014/08/18/a-must-have-cron-job-on-your-openstack-cloud/ ___ OpenStack-operators mailing list openstack-operat...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators -- CONFIDENTIALITY NOTICE: This message is intended only for the use and review of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message solely to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify sender immediately by telephone or return email. Thank you. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Openstack-operators] [openstack-operators]flush expired tokens and moves deleted instance
This is often mentioned as one of those items which catches every OpenStack cloud operator at some time. It's not clear to me that there could not be a scheduled job built into the system with a default frequency (configurable, ideally). If we are all configuring this as a cron job, is there a reason that it could not be built into the code ? Tim From: Mike Smith [mailto:mism...@overstock.com] Sent: 24 January 2015 18:08 To: Daniel Comnea Cc: OpenStack Development Mailing List (not for usage questions); openstack-operat...@lists.openstack.org Subject: Re: [Openstack-operators] [openstack-dev][openstack-operators]flush expired tokens and moves deleted instance It is still mentioned in the Juno installation docs: By default, the Identity service stores expired tokens in the database indefinitely. The accumulation of expired tokens considerably increases the database size and might degrade service performance, particularly in environments with limited resources. We recommend that you use cron to configure a periodic task that purges expired tokens hourly: # (crontab -l -u keystone 21 | grep -q token_flush) || \ echo '@hourly /usr/bin/keystone-manage token_flush /var/log/keystone/ keystone-tokenflush.log 21' \ /var/spool/cron/keystone Mike Smith Principal Engineer, Website Systems Overstock.comhttp://Overstock.com On Jan 24, 2015, at 10:03 AM, Daniel Comnea comnea.d...@gmail.commailto:comnea.d...@gmail.com wrote: Hi all, I just bumped into Sebastien's blog where he suggested a cron job should run in production to tidy up expired tokens - see blog[1] Could you please remind me if this is still required in IceHouse/ Juno? (i kind of remember i've seen some work being done in this direction but i can't find the emails) Thanks, Dani [1] http://www.sebastien-han.fr/blog/2014/08/18/a-must-have-cron-job-on-your-openstack-cloud/ ___ OpenStack-operators mailing list openstack-operat...@lists.openstack.orgmailto:openstack-operat...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators CONFIDENTIALITY NOTICE: This message is intended only for the use and review of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message solely to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify sender immediately by telephone or return email. Thank you. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Openstack-operators] [openstack-operators]flush expired tokens and moves deleted instance
It is still mentioned in the Juno installation docs: By default, the Identity service stores expired tokens in the database indefinitely. The accumulation of expired tokens considerably increases the database size and might degrade service performance, particularly in environments with limited resources. We recommend that you use cron to configure a periodic task that purges expired tokens hourly: # (crontab -l -u keystone 21 | grep -q token_flush) || \ echo '@hourly /usr/bin/keystone-manage token_flush /var/log/keystone/ keystone-tokenflush.log 21' \ /var/spool/cron/keystone Mike Smith Principal Engineer, Website Systems Overstock.comhttp://Overstock.com On Jan 24, 2015, at 10:03 AM, Daniel Comnea comnea.d...@gmail.commailto:comnea.d...@gmail.com wrote: Hi all, I just bumped into Sebastien's blog where he suggested a cron job should run in production to tidy up expired tokens - see blog[1] Could you please remind me if this is still required in IceHouse/ Juno? (i kind of remember i've seen some work being done in this direction but i can't find the emails) Thanks, Dani [1] http://www.sebastien-han.fr/blog/2014/08/18/a-must-have-cron-job-on-your-openstack-cloud/ ___ OpenStack-operators mailing list openstack-operat...@lists.openstack.orgmailto:openstack-operat...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators CONFIDENTIALITY NOTICE: This message is intended only for the use and review of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message solely to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify sender immediately by telephone or return email. Thank you. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
