# vim /etc/keystone/keystone.conf
....................
[token]
provider = uuid
#driver = memcache
driver = sql # DB »ó¿¡¼ °ü¸®
expiration = 1800 # ¸¸·á½Ã°£
¡Ø keystone.token Å×ÀÌºí³» ÀúÀåµÇ°í ¸¸·á½Ã°£µµ 1800ÃÊ(30ºÐ)À¸·Î º¯°æ
MariaDB [(none)]> select count(*) from keystone.token;
+----------+
| count(*) |
+----------+
|
22 |
+----------+
root@con-210-21:~# date
2016. 05. 12. (¸ñ) 15:
07:00 KST
# openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2016-05-12T06:
36:57.437373Z |
| id | e38a481a2b7e45a79eaf91027c52fd4f |
| project_id | 860c2d7242a44776a566fd8fbe73030c |
| user_id | 0a9078c1003046cca6ff3124161f8ad7 |
+------------+----------------------------------+
https://ask.openstack.org/en/question/1740/keystone-never-delete-expires-token-in-database/http://www.sebastien-han.fr/blog/2012/12/12/cleanup-keystone-tokens/http://docs.openstack.org/developer/keystone/configuration.html
Token Persistence Driver
Keystone supports customizable token persistence drivers. These can be
specified in the [token] section of the configuration file. Keystone
provides three non-test persistence backends. These can be set with the
[token] driver configuration option.
The drivers Keystone provides are:
- memcache_pool - The pooled memcached token persistence engine. This
backend supports the concept of pooled memcache client object (allowing for
the re-use of the client objects). This backend has a number of extra tunable
options in the [memcache] section of the config. Implemented by
keystone.token.persistence.backends.memcache_pool.Token
- sql - The SQL-based (default) token persistence engine. Implemented by
keystone.token.persistence.backends.sql.Token
- memcache - The memcached based token persistence backend. This backend
relies on dogpile.cache and stores the token data in a set of memcached
servers. The servers URLs are specified in the [memcache] servers
configuration option in the Keystone config. Implemented by
keystone.token.persistence.backends.memcache.Token
Warning
It is recommended you use the memcache_pool backend instead of
memcache as the token persistence driver if you are deploying Keystone
under eventlet instead of Apache httpd with mod_wsgi. This
recommendation is due to known issues with the use of thread.local
under eventlet that can allow the leaking of memcache client objects and
consumption of extra sockets.
