Move token flush documentation to admin-guide
This commit moves the token cleanup documentation we had on our configuration.rst to the official admin-guide. This is an effort to consolidate all admin-like information into a single place for easier discoverability and more consistent documentation. Change-Id: I9e02fbe366a13e86d1be5cba46df71c4ff725b9d
This commit is contained in:
parent
9070172084
commit
3157d0086f
|
@ -78,6 +78,23 @@ provider. UUID tokens are 32 bytes in length and must be persisted in a back
|
|||
end. Clients must pass their UUID token to the Identity service in order to
|
||||
validate it.
|
||||
|
||||
As mentioned above, UUID tokens must be persisted. By default, keystone
|
||||
persists UUID tokens using a SQL backend. An unfortunate side-effect is that
|
||||
the size of the database will grow over time regardless of the token's
|
||||
expiration time. Expired UUID tokens can be pruned from the backend using
|
||||
keystone's command line utility:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ keystone-manage token_flush
|
||||
|
||||
We recommend invoking this command periodically using ``cron``.
|
||||
|
||||
.. NOTE::
|
||||
|
||||
It is not required to run this command at all if using Fernet tokens. Fernet
|
||||
tokens are not persisted and do not contribute to database bloat.
|
||||
|
||||
Fernet tokens
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -1438,24 +1438,6 @@ with the HTTP API, such data import/export and database migrations.
|
|||
|
||||
.. include:: man/commands.rst
|
||||
|
||||
Removing Expired Tokens
|
||||
=======================
|
||||
|
||||
In the SQL backend expired UUID tokens are not automatically removed. These
|
||||
tokens can be removed with:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ keystone-manage token_flush
|
||||
|
||||
It is recommended to run this command periodically with ``cron`` if using UUID
|
||||
tokens.
|
||||
|
||||
.. NOTE::
|
||||
|
||||
It it not required to run this command at all if using Fernet tokens. Fernet
|
||||
tokens are not persisted.
|
||||
|
||||
Supported clients
|
||||
=================
|
||||
|
||||
|
|
Loading…
Reference in New Issue