Oh.. oops. Yeah if that's the case then sorry, you can just ignore me!
On Tue, Aug 11, 2015 at 8:39 PM, Tony Breeds
wrote:
> On Tue, Aug 11, 2015 at 08:24:10PM -0600, Matt Fischer wrote:
> > It was covered some here:
> > http://lists.openstack.org/pipermail/openstack-dev/2015-July/069658.html
>
On Tue, Aug 11, 2015 at 08:24:10PM -0600, Matt Fischer wrote:
> It was covered some here:
> http://lists.openstack.org/pipermail/openstack-dev/2015-July/069658.html
> and some graphs here: http://www.mattfischer.com/blog/?p=672
>
> tl;dr is that having revoked tokens affects keystone token validat
It was covered some here:
http://lists.openstack.org/pipermail/openstack-dev/2015-July/069658.html
and some graphs here: http://www.mattfischer.com/blog/?p=672
tl;dr is that having revoked tokens affects keystone token validation and
tokens are validated on almost every API call unless you're usin
On Mon, Aug 10, 2015 at 07:16:43PM -0600, Matt Fischer wrote:
> I'm not excited about making this the default until token revocations don't
> impact performance the way that they do now. I don't know how often this
> would get exercised though, but the impact of 100+ token revokes is
> noticeable
On Mon, Aug 10, 2015 at 01:34:03PM -0400, Andrew Laski wrote:
> I'm only one data point, but we have a short TTL on tokens so it is not
> something that our users could reasonably due. And the Nova default TTL is
> 10 minutes, which is also out of bookmarking range IMO.
So that's a good point.
On 08/10/15 at 03:59pm, Tony Breeds wrote:
Hi All,
Nova has bug: https://bugs.launchpad.net/nova/+bug/1447679 (service No-VNC
(port 6080) doesn't require authentication).
Which explains that if you know the 'token'[1] associated with an instances
console you can get access to said console wit