[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can't override default token age?



That looks like the right config value. Some things to check:

1. Are there duplicate `oauthConfig` stanzas (or tokenConfig, etc) in your config file? I think the last one wins.
2. Do you have multiple API servers, and if so, do they have identical configs?
3. Have you restarted the API server since changing that config value?
4. Are you sure the server is being started from the config you modified?

As an aside, for external integrations with machine accounts, service account tokens are recommended (https://docs.openshift.org/latest/dev_guide/service_accounts.html)... they don't expire, but can be revoked.



On Tue, Jun 28, 2016 at 3:18 PM, Alex Wauck <alexwauck exosite com> wrote:
I have this in my master-config.yaml:

oauthConfig:
  tokenConfig:
    accessTokenMaxAgeSeconds: 2628000

Yet, I have to log in every morning, which makes me think the token age is still the default 24 hours.  Why?

Context: I want Nagios to be able to check services in our OpenShift Origin cluster to ensure that they have at least two healthy pods, among other things.  I don't want to have to continually regenerate tokens for Nagios to use.  Also, it's kind of a pain for the human users.

--
Alex Wauck // DevOps Engineer

E X O S I T E 
www.exosite.com 

Making Machines More Human.

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]