openstack/openstack-manuals
Code Issues Proposed changes

Do not use root user to flush Keystone tokens

Browse Source 
If you run keystone-manage token_flush as root and you have verbosity
enabled, the log file keystone.log will be owned by root user if it does
not exist. If Keystone is not started, it won't be able to start the
first time due to permission issue.

Using "keytone" user by default to flush the logs avoids to face this
situation and let the user know he has to use OpenStack users when
running CLI.

Change-Id: I9c806d13c727a79869485cd5f5d5d51b757a783e
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
This commit is contained in:
Emilien Macchi 2014-05-21 19:24:38 +02:00
parent 512e54b68b
commit 561c9ab9c9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/install-guide/section_keystone-install.xml
View File

@ -218,11 +218,11 @@ log_dir = /var/log/keystone</programlisting>
hour and log the output to
<filename>/var/log/keystone/keystone-tokenflush.log</filename>:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>(crontab -l 2>&amp;1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/crontabs/root</userinput></screen>
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/crontabs/keystone</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>(crontab -l 2>&amp;1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/root</userinput></screen>
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/keystone</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>(crontab -l 2>&amp;1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/tabs/root</userinput></screen>
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&amp;1' >> /var/spool/cron/tabs/keystone</userinput></screen>
</step>
</substeps>
</step>