由于测试时间长，本人keystone 1小时后token超期，本人ubuntu系统。

失败方法：

用openstack-cofig来扩展token，根本找不到openstack-config命令，有博客说centos下安装openstack-utils即可，但是在ubuntu下我没找到

成功方法：

参考 https://access.redhat.com/solutions/1527533

修改 /etc/keystone/keystone.conf 下

# Amount of time a token should remain valid (in seconds). # (integer value) expiration=86400 重启keystone服务，本人直接重启了机器

===================================以下是我个人想保存一下网页内容===================================================================

How to increase OpenStack Keystone Ticket Timeout?

Solution Verified - Updated June 5 2017 at 10:46 AM - English No translations currently exist.

Environment

Red Hat Enterprise Linux OpenStack Platform 6.Red Hat Enterprise Linux OpenStack Platform 7.Red Hat OpenStack Platform 8.Red Hat OpenStack Platform 9.Red Hat OpenStack Platform 10.Keystone

Issue

How to increase the OpenStack Keystone Ticket Timeout?Some operations are getting a Timeout from Keystone before it completes. Is it possible to increase the ticket validation?

Resolution

If you are experiencing some kind of timeout or the Keystone Ticket is expiring during an operation, for instance when you upload a glance image and it takes more time than the ticket, you can increase the keystone ticket changing the keystone.conf file: Inside the /etc/keystone/keystone.conf you have the following option: Raw # Amount of time a token should remain valid (in seconds). # (integer value) expiration=3600

You can safely change it to a new value in order to fit in your needs, for instance 7200 or another value:

Raw # Amount of time a token should remain valid (in seconds). # (integer value) expiration=7200

Since openstack-keynote doesn't have a "reload" method in the systemctl openstack-keystone neither the keystone-all command could be used to reload since this is only used to start the keystone:

Raw NAME keystone-all - Keystone Startup Command ... DESCRIPTION keystone-all starts both the service and administrative APIs in a sin‐ gle process to provide catalog, authorization, and authentication ser‐ vices for OpenStack.

You should restart the service using the following command:

Raw # systemctl restart openstack-keystone.service

Note: If you have more than one controller and runs it behind an HAProxy, you can safely change the parameter expiration in the keystone.conf in each controller and then restart each one separately. HAProxy will take care to redirect the services to a active service.