OpenStack Havana flush token manually

shan

It has always been a huge pain to manage token in MySQL espacially with PKI token since they are larger than UUID token. Almost a year ago I wrote an article to purge token via a script. So finally, we have an easy option to purge all expired token.

1
$ sudo keystone-manage token_flush

Script to execute periodically:

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/bash

# Purpose of the script
# Everytime a service wants to be do 'something' it has to retrieve an autentication token
# Nova/Glance/Cinder services are manage by Pacemaker and monitor functions (from the RA) ask for a token every 10 sec
# There is no cleanup procedure nor periodical task running to delete expire token

logger -t keystone-cleaner "Starting token cleanup"
keystone-manage token_flush
logger -t keystone-cleaner "Ending token cleanup"

exit 0

For those of you who are curious this is what the command does:

DELETE FROM token WHERE token.expires < %s' (datetime.datetime(2013, 11, 19, 15, 20, 26, 115332),)

Where 2013, 11, 19, 15, 20, 26, 115332 are your current date and time.

Hope it helps!