Using sql as default driver for tokens

kvs driver for tokens is not a production quality storage method.
The shortcomings of using kvs as storage driver for tokens:
    1. It requires load balancer to persist connections to a single
keystone server by token.
    2. The memory will grow out of control until token_flush is run.
    3. At some point kvs lookups get very slow because there are millions
of keys in the dict.
    4. Process restart invalidates all tokens.

Fixes: bug #1188370
Change-Id: Ic726e12d798b843412158a7b92f5e3e3a654811f

3 files changed, 5 insertions, 2 deletions

diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index f65eab5b..08154124 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -119,7 +119,7 @@
 # template_file = default_catalog.templates
 
 [token]
-# driver = keystone.token.backends.kvs.Token
+# driver = keystone.token.backends.sql.Token
 
 # Amount of time a token should remain valid (in seconds)
 # expiration = 86400
diff --git a/keystone/common/config.py b/keystone/common/config.py
index 5ff0f4bb..51fdab72 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -273,7 +273,7 @@ def configure():
         group='policy',
         default='keystone.policy.backends.sql.Policy')
     register_str(
-        'driver', group='token', default='keystone.token.backends.kvs.Token')
+        'driver', group='token', default='keystone.token.backends.sql.Token')
     register_str(
         'driver', group='trust', default='keystone.trust.backends.sql.Trust')
     register_str(
diff --git a/tests/test_overrides.conf b/tests/test_overrides.conf
index 0e41fd32..ef7524b7 100644
--- a/tests/test_overrides.conf
+++ b/tests/test_overrides.conf
@@ -11,6 +11,9 @@ template_file = default_catalog.templates
 [trust]
 driver = keystone.trust.backends.kvs.Trust
 
+[token]
+driver = keystone.token.backends.kvs.Token
+
 [signing]
 certfile = ../examples/pki/certs/signing_cert.pem
 keyfile = ../examples/pki/private/signing_key.pem