Hydra Janitor Clarification

[sethtomy]

Apologies if the following is too many in one, I can break into separate issues/discussion if needed. Below are 3 questions (all related to same instance of a problem I'm having).

I'm currently using Hydra (oryd/hydra:v1.11.10) Janitor with the following options:

# 216 hours = 9 days
hydra janitor \
--keep-if-younger 216h \
--read-from-env \
--grants \
--requests \
--tokens \
--batch-size '100' \
--limit '10000' \

Question 1

What do the following options map to in the database?

• --grants <-- ?
• --requests <-- ?
• --tokens <-- hydra_oauth2_access?

Question 2

With the above options I believe rows older than 9 days from hydra_oauth2_(consent | authentication)request and hydra_oauth2(consent | authentication)_request_handled should be removed.

In my database I still have entries from 2021 that are not being removed however.

e.g.

hydra_oauth2_authentication_request

authenticated_at	requested_at	login_session_id
2021-11-05 19:41:12.528371	2021-11-05 19:26:05.387183	03c42c34-6c96-420e-9809-eda46f4af6c9

hydra_oauth2_session

id	remember
03c42c34-6c96-420e-9809-eda46f4af6c9	true

hydra_oauth2_authentication_request_handled

All entries from subject related above are from 2021.

Question 3

Is there a verbose option for the logging from Hydra Janitor? The below is what's being output, but it would be nice to have:

• How much was deleted.
• From which table(s) it was deleted from.

time=2023-01-18T14:48:04Z level=info msg=No tracer configured - skipping tracing setup audience=application service_name=Ory Hydra service_version=v1.11.10
Successfully completed Janitor run on access tokens
Successfully completed Janitor run on refresh tokens
Successfully completed Janitor run on login-consent requests
Successfully completed Janitor run on grants

[sethtomy]

Bump.

[vinckr]

Hello @sethtomy
Thanks for the feedback and questions, Janitor is a somewhat recent addition and not extensively documented.
Any contribution in making the janitor documentation better is much welcomed!
We have it covered for our usecase and I assume other teams who run it in production as well, but I understand that it can be hard to grasp in the beginning.

1. I am not familiar with the hydra db to be honest, but the same place where grants/tokens/requests are stored I assume?
2. Hard to say what the problem is, the janitor options look good to me. Maybe you can open a bug report with a reproducible repo. I have not seen this bug before so it might be related to your setup.
3. I think a more verbose logging would be nice to have! If you are up to it feel free to open a feature request or even design document. Any contribution is welcome! AFAICT there are no plans to implement this so far.

[sethtomy]

@vinckr thank you for your response! I must have notifications turned off.