Keystone token can be missed due keystone+memcached design
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Won't Fix
|
Medium
|
MOS Keystone |
Bug Description
During boot_and_
from rally.log: http://
500 code from haproxy at the time: http://
from nova-all.log on node-227: http://
from glance-all.log on node-224: http://
401 code from haproxy at the time: http://
from keystone_
test was started at 29 07:46:07.175. Rally created tokens around 29 07:50:54. It seems keystone token was expired therefore nova/nova_client couldn't be authorized to get image from glance.
Cluster configuration:
Ubuntu,
Controllers:3 Computes:180 Copmutes+Ceph: 20
api: '1.0'
astute_sha: e24ca066bf6160b
auth_required: true
build_id: 2015-08-17_03-04-59
build_number: '182'
feature_groups:
- mirantis
fuel-agent_sha: 57145b1d8804389
fuel-library_sha: 9de2625d26c3b88
fuel-nailgun-
fuel-ostf_sha: 17786b86b78e5b6
fuelmain_sha: d8c726645be087b
nailgun_sha: 4710801a2f4a6d6
openstack_version: 2015.1.0-7.0
production: docker
python-
release: '7.0'
Diagnostic snapshot: http://
Changed in mos: | |
assignee: | MOS Keystone (mos-keystone) → Boris Bobrov (bbobrov) |
Changed in mos: | |
assignee: | Boris Bobrov (bbobrov) → MOS Nova (mos-nova) |
affects: | mos → rally |
Changed in rally: | |
milestone: | 7.0 → none |
assignee: | MOS Nova (mos-nova) → nobody |
summary: |
- Nova doesn't request new keystone token if old token expires. + Keystone token can be missed due keystone+memcached design |
Changed in mos: | |
importance: | Undecided → Medium |
Changed in mos: | |
status: | New → Confirmed |
Changed in mos: | |
milestone: | 7.0 → 8.0 |
If token is expired we can see the line like this in keystone log: token.persisten ce.backends. kvs [-] Token `7a06d0ebeb9142 c6883d148e92d63 93a` is expired, removing from `usertokens- 4bfc4dec0774451 c8eeba4761eb51f 3e`. _update_ user_token_ list /usr/lib/ python2. 7/dist- packages/ keystone/ token/persisten ce/backends/ kvs.py: 183
2015-09-01 12:13:55.175 33001 DEBUG keystone.
We can't see the similar string for 300c8d6c6dce45c 4a6a377eb070fd1 af token