OVHcloud Public Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS#19345 — Authentication tokens
Scheduled Maintenance Report for Public Cloud
Completed
Hello,

we recently found that many Public Cloud users generate a lot of tokens with Keystone (record: 3000 per minutes!). This behavior creates few problems:
- overloading of the Keystone servers
- tokens are stored in databases, so it fulfills the database servers

Starting from next week, we will set a limit to the numbers of tokens a user can generate, to protect our infrastructures. At first, this limit will be set to 60 tokens per minutes, so that our most intensive users are impacted and fix their code. Soon later, this limit will be decreased to few tokens per minutes. Some of you may noticed we already did this announce few weeks ago. But a last minute bug prevented us from enabling it. This time, it's the good one.

As a reminder, a token can be used for many requests. Its expiration date is in the JSON payload (access > token > expires). As a best practice, I also recommend that you don't assume a token is valid for 24h. Expiration delay vary across Keystone version (eg: Fernet token, that might be deployed at OVH during 2016, are valid only 1h).

Thanks.
Posted Jul 26, 2016 - 14:35 UTC