OpenStack Identity (keystone)

PKI key_size=2048 causes truncation errors on 'id' column

Bug #1031191 reported by Dan Prince
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Dan Prince
OpenStack Identity (keystone) 2012.2 "folsom"

Bug Description

When running Keystone w/ PKI enabled I'm seeing the following errors using MySQL:

/usr/lib64/python2.7/site-packages/sqlalchemy/engine/default.py:331: Warning: Data truncated for column 'id' at row 1
  cursor.execute(statement, parameters)

On PostgreSQL you'll see this exception:

2012-07-30 20:33:41 ERROR [root] (DataError) value too long for type character varying(2048)

----

I added some diagnostics to the cms module and it looks like its trying to store the following text in the 'id' column (quite a bit bigger than the column size which is VARCHAR 2048):

-----BEGIN CMS-----
MIILkwYJKoZIhvcNAQcCoIILhDCCC4ACAQExCTAHBgUrDgMCGjCCCekGCSqGSIb3
DQEHAaCCCdoEggnWeyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw
MTItMDgtMDFUMDM6MTM6NTdaIiwgImlkIjogInBsYWNlaG9sZGVyIiwgInRlbmFu
dCI6IHsiZW5hYmxlZCI6IHRydWUsICJkZXNjcmlwdGlvbiI6IG51bGwsICJuYW1l
IjogImFkbWluIiwgImlkIjogIjVlNGQ1ZDRmYmRkNzRkNDNhNTZjMTU1MWRlZjQ2
OTY0In19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRwb2ludHMiOiBbeyJhZG1p
blVSTCI6ICJodHRwOi8vbG9jYWxob3N0Ojg3NzQvdjEuMS81ZTRkNWQ0ZmJkZDc0
ZDQzYTU2YzE1NTFkZWY0Njk2NCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgInB1
YmxpY1VSTCI6ICJodHRwOi8vbG9jYWxob3N0Ojg3NzQvdjEuMS81ZTRkNWQ0ZmJk
ZDc0ZDQzYTU2YzE1NTFkZWY0Njk2NCIsICJpbnRlcm5hbFVSTCI6ICJodHRwOi8v
bG9jYWxob3N0Ojg3NzQvdjEuMS81ZTRkNWQ0ZmJkZDc0ZDQzYTU2YzE1NTFkZWY0
Njk2NCJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRl
IiwgIm5hbWUiOiAiJ0NvbXB1dGUgU2VydmljZScifSwgeyJlbmRwb2ludHMiOiBb
eyJhZG1pblVSTCI6ICJodHRwOi8vbG9jYWxob3N0OjMzMzMiLCAicmVnaW9uIjog
IlJlZ2lvbk9uZSIsICJwdWJsaWNVUkwiOiAiaHR0cDovL2xvY2FsaG9zdDozMzMz
IiwgImludGVybmFsVVJMIjogImh0dHA6Ly9sb2NhbGhvc3Q6MzMzMyJ9XSwgImVu
ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJzMyIsICJuYW1lIjogIidTMyBT
ZXJ2aWNlJyJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly9s
b2NhbGhvc3Q6OTI5Mi92MSIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgInB1Ymxp
Y1VSTCI6ICJodHRwOi8vbG9jYWxob3N0OjkyOTIvdjEiLCAiaW50ZXJuYWxVUkwi
OiAiaHR0cDovL2xvY2FsaG9zdDo5MjkyL3YxIn1dLCAiZW5kcG9pbnRzX2xpbmtz
IjogW10sICJ0eXBlIjogImltYWdlIiwgIm5hbWUiOiAiJ0ltYWdlIFNlcnZpY2Un
In0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovL2xvY2FsaG9z
dDo4Nzc2L3YxLzVlNGQ1ZDRmYmRkNzRkNDNhNTZjMTU1MWRlZjQ2OTY0IiwgInJl
Z2lvbiI6ICJSZWdpb25PbmUiLCAicHVibGljVVJMIjogImh0dHA6Ly9sb2NhbGhv
c3Q6ODc3Ni92MS81ZTRkNWQ0ZmJkZDc0ZDQzYTU2YzE1NTFkZWY0Njk2NCIsICJp
bnRlcm5hbFVSTCI6ICJodHRwOi8vbG9jYWxob3N0Ojg3NzYvdjEvNWU0ZDVkNGZi
ZGQ3NGQ0M2E1NmMxNTUxZGVmNDY5NjQifV0sICJlbmRwb2ludHNfbGlua3MiOiBb
XSwgInR5cGUiOiAidm9sdW1lIiwgIm5hbWUiOiAiJ1ZvbHVtZSBTZXJ2aWNlJyJ9
LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly9sb2NhbGhvc3Q6
ODc3My9zZXJ2aWNlcy9BZG1pbiIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgInB1
YmxpY1VSTCI6ICJodHRwOi8vbG9jYWxob3N0Ojg3NzMvc2VydmljZXMvQ2xvdWQi
LCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovL2xvY2FsaG9zdDo4NzczL3NlcnZpY2Vz
L0Nsb3VkIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImVjMiIs
ICJuYW1lIjogIidFQzIgU2VydmljZScifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1p
blVSTCI6ICJodHRwOi8vbG9jYWxob3N0OjgwODAvIiwgInJlZ2lvbiI6ICJSZWdp
b25PbmUiLCAicHVibGljVVJMIjogImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC92MS9B
VVRIXzVlNGQ1ZDRmYmRkNzRkNDNhNTZjMTU1MWRlZjQ2OTY0IiwgImludGVybmFs
VVJMIjogImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC92MS9BVVRIXzVlNGQ1ZDRmYmRk
NzRkNDNhNTZjMTU1MWRlZjQ2OTY0In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10s
ICJ0eXBlIjogIm9iamVjdC1zdG9yZSIsICJuYW1lIjogIidPYmplY3QgU3RvcmFn
ZSBTZXJ2aWNlJyJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6
Ly9sb2NhbGhvc3Q6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwg
InB1YmxpY1VSTCI6ICJodHRwOi8vbG9jYWxob3N0OjUwMDAvdjIuMCIsICJpbnRl
cm5hbFVSTCI6ICJodHRwOi8vbG9jYWxob3N0OjM1MzU3L3YyLjAifV0sICJlbmRw
b2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICIn
SWRlbnRpdHkgU2VydmljZScifV0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJhZG1p
biIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiNTIwMWQ0MWRiOTVjNGZhZGJk
NzdiMGQ5NjcyNWIyYzAiLCAicm9sZXMiOiBbeyJuYW1lIjogIktleXN0b25lU2Vy
dmljZUFkbWluIn0sIHsibmFtZSI6ICJhZG1pbiJ9LCB7Im5hbWUiOiAiS2V5c3Rv
bmVBZG1pbiJ9XSwgIm5hbWUiOiAiYWRtaW4ifSwgIm1ldGFkYXRhIjogeyJpc19h
ZG1pbiI6IDAsICJyb2xlcyI6IFsiMGNhMGIxMDlkYTIzNDBjMGJjMjlkYjBjYTA5
NDk1ZDYiLCAiYTg3Y2JiZTFhMjQxNDM4ZGExMzE2N2NlNThmMzM3NzQiLCAiNTM1
YTBiZTRjYjQ3NGU3MWExZDI0NDZlNzQ5OTc2OGEiXX19fTGCAYEwggF9AgEBMFww
VzELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNldDEO
MAwGA1UEChMFVW5zZXQxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAHBgUr
DgMCGjANBgkqhkiG9w0BAQEFAASCAQCYODSKvjKTCHIDGdwvMMUKQ6C7y6V6t5Wp
+7JENx4bp4nI5QL3elSDiLMNRD8jcQoe0IaAWvxO0QaVoTZMsfvbfNU60lKKXvmQ
kwoFKD3+F4NS7ZJMyWFyT1PEmYxwD/ntjmGgR3VcwNCjQTu7Ihl4FZ2KN+ZmupDP
wUDHg5B8NPZLWb1itCcvGO5EiOan3OdKdZw5mEiTLmc/8OjEXG+RsOlYsWTwCj1l
4D3Z8aMvf740lkS7rHl/NiWNjMBA13mvTwzYbMmWJn9RV7tXKWoZGwW5ug9BilLJ
7AM9tsn3svR2jybWPFvl4HS71cdLUKNzafcMOxnBPszSptB3wPMu
-----END CMS-----

---

Setting key_size = 1024 in the keystone.conf file resolves the issue for now. The default size is 2048 so we should probably change that.

Alternately we could increase the size/type of the id column. Long term it would be nice not to store these in the database... (if possible)

Dan Prince (dan-prince)
Changed in keystone:
assignee: nobody → Dan Prince (dan-prince)
importance: Undecided → High
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/10584

Revision history for this message
Dan Prince (dan-prince) wrote :

For reference the DB table looks like this:

mysql> desc token
    -> ;
+---------+---------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
 +---------+---------------+------+-----+---------+-------+
| id_hash | varchar(64) | NO | PRI | | |
| expires | datetime | YES | | NULL | |
| extra | text | YES | | NULL | |
| id | varchar(2048) | YES | | NULL | |
 +---------+---------------+------+-----+---------+-------+

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/10584
Committed: http://github.com/openstack/keystone/commit/bc12215b2fec371b543ed671cb4ae02c3f77aa5b
Submitter: Jenkins
Branch: master

commit bc12215b2fec371b543ed671cb4ae02c3f77aa5b
Author: Dan Prince <email address hidden>
Date: Mon Jul 30 23:22:21 2012 -0400

    Set example key_size to 1024.

    Updates the default key_size and config file example to 1024.
    Using the previous value of 2048 would cause database truncation
    and/or column size errors because the 'id' column isn't big enough
    to hold that much data.

    Works around LP Bug #1031191.

    Change-Id: Ic28bf0945a65fb80a4b610a4de7afa485d09e2bb

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → folsom-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: folsom-3 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.