Using sql as default driver for tokens
kvs driver for tokens is not a production quality storage method. The shortcomings of using kvs as storage driver for tokens: 1. It requires load balancer to persist connections to a single keystone server by token. 2. The memory will grow out of control until token_flush is run. 3. At some point kvs lookups get very slow because there are millions of keys in the dict. 4. Process restart invalidates all tokens. Fixes: bug #1188370 Change-Id: Ic726e12d798b843412158a7b92f5e3e3a654811f
This commit is contained in:
parent
6111bc9dfe
commit
b2da4ea131
|
@ -119,7 +119,7 @@
|
|||
# template_file = default_catalog.templates
|
||||
|
||||
[token]
|
||||
# driver = keystone.token.backends.kvs.Token
|
||||
# driver = keystone.token.backends.sql.Token
|
||||
|
||||
# Amount of time a token should remain valid (in seconds)
|
||||
# expiration = 86400
|
||||
|
|
|
@ -273,7 +273,7 @@ def configure():
|
|||
group='policy',
|
||||
default='keystone.policy.backends.sql.Policy')
|
||||
register_str(
|
||||
'driver', group='token', default='keystone.token.backends.kvs.Token')
|
||||
'driver', group='token', default='keystone.token.backends.sql.Token')
|
||||
register_str(
|
||||
'driver', group='trust', default='keystone.trust.backends.sql.Trust')
|
||||
register_str(
|
||||
|
|
|
@ -11,6 +11,9 @@ template_file = default_catalog.templates
|
|||
[trust]
|
||||
driver = keystone.trust.backends.kvs.Trust
|
||||
|
||||
[token]
|
||||
driver = keystone.token.backends.kvs.Token
|
||||
|
||||
[signing]
|
||||
certfile = ../examples/pki/certs/signing_cert.pem
|
||||
keyfile = ../examples/pki/private/signing_key.pem
|
||||
|
|
Loading…
Reference in New Issue