54 lines
1.4 KiB
ReStructuredText
54 lines
1.4 KiB
ReStructuredText
|
|
.. jzo1552681837074
|
|
.. _configure-the-keystone-token-expiration-time:
|
|
|
|
============================================
|
|
Configure the Keystone Token Expiration Time
|
|
============================================
|
|
|
|
You can change the default Keystone token expiration setting. This may be
|
|
required to provide sustained access for operations that take more than an
|
|
hour.
|
|
|
|
.. rubric:: |context|
|
|
|
|
By default, the Keystone token expiration time is set to 3600 seconds (1
|
|
hour). This is the amount of time a token remains valid. The new setting
|
|
must be between 3600 seconds and 14400 seconds.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
#. On the active controller, become the Keystone admin user.
|
|
|
|
.. code-block:: none
|
|
|
|
$ source /etc/platform/openrc
|
|
|
|
#. Ensure that the token_expiration parameter is defined for the identity
|
|
service.
|
|
|
|
.. code-block:: none
|
|
|
|
$ system service-parameter-list | grep token_expiration
|
|
|
|
| 712e4a45-777c-4e83-9d56-5042cde482f7 | identity | config | token_expiration | 3600
|
|
|
|
|
|
#. Modify the service parameter using the following command:
|
|
|
|
.. code-block:: none
|
|
|
|
$ system service-parameter-modify identity config token_expiration=7200
|
|
|
|
#. Apply the configuration change.
|
|
|
|
.. code-block:: none
|
|
|
|
$ system service-parameter-apply identity
|
|
|
|
Applying identity service parameters
|
|
|
|
Allow a few minutes for the change to take an effect.
|
|
|
|
|