Skip to content

Commit

Permalink
Using sql as default driver for tokens
Browse files Browse the repository at this point in the history 
kvs driver for tokens is not a production quality storage method.
The shortcomings of using kvs as storage driver for tokens:
    1. It requires load balancer to persist connections to a single
keystone server by token.
    2. The memory will grow out of control until token_flush is run.
    3. At some point kvs lookups get very slow because there are millions
of keys in the dict.
    4. Process restart invalidates all tokens.

Fixes: bug #1188370
Change-Id: Ic726e12d798b843412158a7b92f5e3e3a654811f
  • Loading branch information
@wu-wenxiang
wu-wenxiang committed Jun 14, 2013
1 parent 6111bc9 commit b2da4ea
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion etc/keystone.conf.sample
View file
Expand Up @@ -119,7 +119,7 @@
# template_file = default_catalog.templates

[token]
# driver = keystone.token.backends.kvs.Token
# driver = keystone.token.backends.sql.Token

# Amount of time a token should remain valid (in seconds)
# expiration = 86400
Expand Down
2 changes: 1 addition & 1 deletion keystone/common/config.py
View file
Expand Up @@ -273,7 +273,7 @@ def configure():
group='policy',
default='keystone.policy.backends.sql.Policy')
register_str(
'driver', group='token', default='keystone.token.backends.kvs.Token')
'driver', group='token', default='keystone.token.backends.sql.Token')
register_str(
'driver', group='trust', default='keystone.trust.backends.sql.Trust')
register_str(
Expand Down
3 changes: 3 additions & 0 deletions tests/test_overrides.conf
View file
Expand Up @@ -11,6 +11,9 @@ template_file = default_catalog.templates
[trust]
driver = keystone.trust.backends.kvs.Trust

[token]
driver = keystone.token.backends.kvs.Token

[signing]
certfile = ../examples/pki/certs/signing_cert.pem
keyfile = ../examples/pki/private/signing_key.pem
Expand Down

0 comments on commit b2da4ea

Please sign in to comment.