It would be helpful to identify which SDK? You're probably aware the auth service and the object storage service are different http endpoints - you get a token from auth, you provide the token to swift with the request - swift validates the token and authorizes the request. If the token provided to swift can not be validated - you should get a new one and retry the request to Swift. The specifics of what's required here depend on the SDK - it may be able to "re-auth" for you.
Tokens are not account/container based - but rather tied to the user making the request. With Keystone roles associate a user to a project and grant access to accounts in Swift. Container's can individually grant access via ACL's - but it's still a scoping to a user (or perhaps a role on a project). You could use tempurls tho [1]. I thought the default token lifetime was 24 hours, it's curious they only last 1hr for you. There was a issue pre-swift 2.0 which required keystone auth to be placed in the pipeline after the large object middleware which could cause token expiration to interrupt a long running download of a static or dynamic large object - but I don't see how that would effect writes. Generally the application (or the SDK) deals with a 401 error from Swift by simply asking the auth service for a fresh token - you could try avoid the re-auth by periodically identifying with the auth service and using the token it returns - but most of the time it doesn't obviate the need for the retry on 401 code so people tend to stick with EAFP. -Clay 1. http://docs.openstack.org/developer/swift/middleware.html#tempurl On Wed, Apr 22, 2015 at 11:13 AM, Forrest Townsend <forrest.tow...@gmail.com > wrote: > Hey all, > > I am writing an application that writes and reads from Swift using an SDK > to communicate to Openstack. Would like to hear some insight as to avoid > the default 60 minute token expiration. What I was looking into was > recreating the connection to Openstack but wasn't sure if this actually > created a new token. The use case where I hit an expiration is when I have > a connection open and doing many writes that exceed 60 minutes, at the 60 > minute mark, I get a disconnection. > > Are token's account/container based? > > Rather than setting the token expiration in the keystone.conf to a custom > value, I would like to know from an application point of view how to get > around this. > > Thanks, > Forrest T. > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
