rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#13787 — FS#19345 — Authentication tokens

Attached to Project— Cloud
Maintenance
Cloud
CLOSED
100%
Hello,

we recently found that many Public Cloud users generate a lot of tokens with Keystone (record: 3000 per minutes!). This behavior creates few problems:
- overloading of the Keystone servers
- tokens are stored in databases, so it fulfills the database servers

Starting from next week, we will set a limit to the numbers of tokens a user can generate, to protect our infrastructures. At first, this limit will be set to 60 tokens per minutes, so that our most intensive users are impacted and fix their code. Soon later, this limit will be decreased to few tokens per minutes. Some of you may noticed we already did this announce few weeks ago. But a last minute bug prevented us from enabling it. This time, it's the good one.

As a reminder, a token can be used for many requests. Its expiration date is in the JSON payload (access > token > expires). As a best practice, I also recommend that you don't assume a token is valid for 24h. Expiration delay vary across Keystone version (eg: Fernet token, that might be deployed at OVH during 2016, are valid only 1h).

Thanks.
Date:  Tuesday, 30 August 2016, 04:33AM
Reason for closing:  Done