Fix horizon user session timeout

If a horizon user's token expires during long running operations, those
operations can fail. This occurred during long running heat operations
(eg multiple stack deletions).

We correct this by setting the TOKEN_TIMEOUT_MARGIN parameter in
local_settings.py. In this way the user will be logged out 10 minutes
before the keystone token expires.

For clarity, we also set the horizon session to 50 minutes. The keystone
token is 60 minutes so this will match the maximum session length.

Change-Id: I80912ad3cd198b114a60886e2760f93805562028
Partial-Bug: 1797186
Signed-off-by: David Sullivan <david.sullivan@windriver.com>
This commit is contained in:
David Sullivan 2018-10-12 13:24:22 -04:00
parent 5487646a40
commit 5c0c2057ba

View File

@ -1187,3 +1187,16 @@ LOGGING = {
},
},
}
# Session timeout overrides
# SESSION_TIMEOUT is a method to supersede the token timeout with a shorter
# horizon session timeout (in seconds). So if your token expires in 60
# minutes, a value of 1800 will log users out after 30 minutes
SESSION_TIMEOUT = 3000
# TOKEN_TIMEOUT_MARGIN ensures the user is logged out before the token
# expires. This parameter specifies the number of seconds before the
# token expiry to log users out. If the token expires in 60 minutes, a
# value of 600 will log users out after 50 minutes.
TOKEN_TIMEOUT_MARGIN = 600