From ba023042b29ff2f9b4486d8c3276c62523b95b8a Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Mon, 13 Feb 2017 21:27:04 +0800 Subject: [PATCH] Disable revoke_by_id in keystone revoke api is only used when using kvs revoke driver. In most of case it is useless and unnecessary. Change-Id: I6afaf32574330e3ee57435f688c41ae74dbdf7ed Closes-Bug: #1664026 --- ansible/roles/keystone/templates/keystone.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index 55fb614e18..566eaf9ad6 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -21,6 +21,7 @@ domain_config_dir = /etc/keystone/domains {% endif %} [token] +revoke_by_id = False {% if keystone_token_provider == 'uuid' %} provider = uuid {% elif keystone_token_provider == 'fernet' %}