Move token flush documentation to admin-guide

This commit moves the token cleanup documentation we had on our
configuration.rst to the official admin-guide. This is an effort to
consolidate all admin-like information into a single place for easier
discoverability and more consistent documentation.

Change-Id: I9e02fbe366a13e86d1be5cba46df71c4ff725b9d
This commit is contained in:
Lance Bragstad 2017-06-26 19:30:23 +00:00 committed by Samuel de Medeiros Queiroz
parent 9070172084
commit 3157d0086f
2 changed files with 17 additions and 18 deletions

View File

@ -78,6 +78,23 @@ provider. UUID tokens are 32 bytes in length and must be persisted in a back
end. Clients must pass their UUID token to the Identity service in order to
validate it.
As mentioned above, UUID tokens must be persisted. By default, keystone
persists UUID tokens using a SQL backend. An unfortunate side-effect is that
the size of the database will grow over time regardless of the token's
expiration time. Expired UUID tokens can be pruned from the backend using
keystone's command line utility:
.. code-block:: bash
$ keystone-manage token_flush
We recommend invoking this command periodically using ``cron``.
.. NOTE::
It is not required to run this command at all if using Fernet tokens. Fernet
tokens are not persisted and do not contribute to database bloat.
Fernet tokens
~~~~~~~~~~~~~

View File

@ -1438,24 +1438,6 @@ with the HTTP API, such data import/export and database migrations.
.. include:: man/commands.rst
Removing Expired Tokens
=======================
In the SQL backend expired UUID tokens are not automatically removed. These
tokens can be removed with:
.. code-block:: bash
$ keystone-manage token_flush
It is recommended to run this command periodically with ``cron`` if using UUID
tokens.
.. NOTE::
It it not required to run this command at all if using Fernet tokens. Fernet
tokens are not persisted.
Supported clients
=================