From b2da4ea131da5e801c860194845acecb4ef6d808 Mon Sep 17 00:00:00 2001
From: Wu Wenxiang <wu.wenxiang@99cloud.net>
Date: Sun, 9 Jun 2013 12:17:34 +0800
Subject: Using sql as default driver for tokens

kvs driver for tokens is not a production quality storage method.
The shortcomings of using kvs as storage driver for tokens:
    1. It requires load balancer to persist connections to a single
keystone server by token.
    2. The memory will grow out of control until token_flush is run.
    3. At some point kvs lookups get very slow because there are millions
of keys in the dict.
    4. Process restart invalidates all tokens.

Fixes: bug #1188370
Change-Id: Ic726e12d798b843412158a7b92f5e3e3a654811f
---
 etc/keystone.conf.sample  | 2 +-
 keystone/common/config.py | 2 +-
 tests/test_overrides.conf | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index f65eab5b..08154124 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -119,7 +119,7 @@
 # template_file = default_catalog.templates
 
 [token]
-# driver = keystone.token.backends.kvs.Token
+# driver = keystone.token.backends.sql.Token
 
 # Amount of time a token should remain valid (in seconds)
 # expiration = 86400
diff --git a/keystone/common/config.py b/keystone/common/config.py
index 5ff0f4bb..51fdab72 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -273,7 +273,7 @@ def configure():
         group='policy',
         default='keystone.policy.backends.sql.Policy')
     register_str(
-        'driver', group='token', default='keystone.token.backends.kvs.Token')
+        'driver', group='token', default='keystone.token.backends.sql.Token')
     register_str(
         'driver', group='trust', default='keystone.trust.backends.sql.Trust')
     register_str(
diff --git a/tests/test_overrides.conf b/tests/test_overrides.conf
index 0e41fd32..ef7524b7 100644
--- a/tests/test_overrides.conf
+++ b/tests/test_overrides.conf
@@ -11,6 +11,9 @@ template_file = default_catalog.templates
 [trust]
 driver = keystone.trust.backends.kvs.Trust
 
+[token]
+driver = keystone.token.backends.kvs.Token
+
 [signing]
 certfile = ../examples/pki/certs/signing_cert.pem
 keyfile = ../examples/pki/private/signing_key.pem
-- 
cgit