Since it's not already mentioned in this bug, the long term solution here is to simply not persist tokens at all:
https://blueprints.launchpad.net/keystone/+spec/ephemeral-pki-tokens ** Also affects: openstack-manuals Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1032633 Title: Keystone's token table grows unconditionally when using SQL backend. Status in OpenStack Identity (Keystone): Fix Released Status in OpenStack Manuals: New Status in “keystone” package in Ubuntu: Fix Released Bug description: Keystone's `token` table grows unconditionally with expired tokens when using the SQL backend. Keystone should provide a backend-agnostic method to find and delete these tokens. This could be run via a periodic task or supplied as a script to run as a cron job. An example SQL statement (if you're using a SQL backend) to workaround this problem: sql> DELETE FROM token WHERE expired <= NOW(); It may be ideal to allow a date smear to allow older tokens to persist if needed. Choosing the `memcache` backend may workaround this issue, but SQL is the package default. System Information: $ dpkg-query --show keystone keystone 2012.1+stable~20120608-aff45d6-0ubuntu1 $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS" To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1032633/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
