Fuel for OpenStack

keystone-manage token_flush command fails

Bug #1520321 reported by Swann Croiset on 2015-11-26

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	Low	Max Yatsenko	Fuel for OpenStack 8.0
	OpenStack Identity (keystone)	Fix Released	Low	Richard	OpenStack Identity (keystone) newton-3 "n3"

Bug Description

Description:
===========
The token flush command fails on MOS 8.0 build #207
(launch by the crontab /etc/cron.hourly/keystone)

To reproduce:
=============
run this command on a controller node:

su -c '/usr/bin/keystone-manage token_flush' keystone
No handlers could be found for logger "oslo_config.cfg"

Log: /var/log/keystone/keystone-manage.log

2015-11-26 17:13:39.145 670 WARNING oslo_log.versionutils [-] Deprecated: direct import of driver is deprecated as of Liberty in favor of entrypoints and may be removed in N.
2015-11-26 17:13:39.153 670 INFO keystone.common.kvs.core [-] Using default dogpile sha1_mangle_key as KVS region token-driver key_mangler
2015-11-26 17:13:39.156 670 CRITICAL keystone [-] NotImplemented: The action you have requested has not been implemented.
2015-11-26 17:13:39.156 670 ERROR keystone Traceback (most recent call last):
2015-11-26 17:13:39.156 670 ERROR keystone File "/usr/bin/keystone-manage", line 10, in <module>
2015-11-26 17:13:39.156 670 ERROR keystone sys.exit(main())
2015-11-26 17:13:39.156 670 ERROR keystone File "/usr/lib/python2.7/dist-packages/keystone/cmd/manage.py", line 47, in main
2015-11-26 17:13:39.156 670 ERROR keystone cli.main(argv=sys.argv, config_files=config_files)
2015-11-26 17:13:39.156 670 ERROR keystone File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 685, in main
2015-11-26 17:13:39.156 670 ERROR keystone CONF.command.cmd_class.main()
2015-11-26 17:13:39.156 670 ERROR keystone File "/usr/lib/python2.7/dist-packages/keystone/cmd/cli.py", line 244, in main
2015-11-26 17:13:39.156 670 ERROR keystone token_manager.flush_expired_tokens()
2015-11-26 17:13:39.156 670 ERROR keystone File "/usr/lib/python2.7/dist-packages/keystone/token/persistence/backends/kvs.py", line 356, in flush_expired_tokens
2015-11-26 17:13:39.156 670 ERROR keystone raise exception.NotImplemented()
2015-11-26 17:13:39.156 670 ERROR keystone NotImplemented: The action you have requested has not been implemented.
2015-11-26 17:13:39.156 670 ERROR keyston

Expected result:
no error

Tags:

Maciej Relewicz (rlu) on 2015-11-27

tags:	added: area-mos
Changed in fuel:
importance:	Undecided → High

Dmitry Klenov (dklenov) on 2015-11-30

Changed in fuel:
milestone:	none → 8.0
assignee:	nobody → MOS Keystone (mos-keystone)

Revision history for this message

Boris Bobrov (bbobrov) wrote on 2015-11-30:

Don't run this command and it from the cron job.

Changed in fuel:
importance:	High → Medium
importance:	Medium → Low

Revision history for this message

Boris Bobrov (bbobrov) wrote on 2015-11-30:

*and remove it from the cron job

Boris Bobrov (bbobrov) on 2015-12-01

Changed in fuel:
assignee:	MOS Keystone (mos-keystone) → Max Yatsenko (myatsenko)

Revision history for this message

Roman Podoliaka (rpodolyaka) wrote on 2015-12-01:

Boris, could you please elaborate why this can't be done and there is no clear error message on this?

Changed in fuel:
assignee:	Max Yatsenko (myatsenko) → Boris Bobrov (bbobrov)
status:	New → Confirmed

Revision history for this message

Boris Bobrov (bbobrov) wrote on 2015-12-01:

This can't be done because it is not implemented. This is intended to be used with sql backend, not with memcache_pool or with fernet tokens.
There is a clear error message on this -- not implemented. This is a common practice to show such errors in keystone-manage.

Changed in fuel:
assignee:	Boris Bobrov (bbobrov) → Max Yatsenko (myatsenko)

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-12-16: Fix proposed to openstack-build/keystone-build (master)

Fix proposed to branch: master
Change author: Max Yatsenko <email address hidden>
Review: https://review.fuel-infra.org/14752

Changed in fuel:
status:	Confirmed → In Progress

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-12-16: Fix proposed to openstack-build/keystone-build (openstack-ci/fuel-8.0/liberty)

Fix proposed to branch: openstack-ci/fuel-8.0/liberty
Change author: Max Yatsenko <email address hidden>
Review: https://review.fuel-infra.org/14753

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-12-16: Change abandoned on openstack-build/keystone-build (master)

Change abandoned by Max Yatsenko <email address hidden> on branch: master
Review: https://review.fuel-infra.org/14752

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-12-18: Fix merged to openstack-build/keystone-build (openstack-ci/fuel-8.0/liberty)

Reviewed: https://review.fuel-infra.org/14753
Submitter: Pkgs Jenkins <email address hidden>
Branch: openstack-ci/fuel-8.0/liberty

Commit: aeb45352bc1e82f298eff4be6c13dd8c404dce8d
Author: Max Yatsenko <email address hidden>
Date: Wed Dec 16 14:21:35 2015

Remove keystone.cron.hourly file.

Its needed to remove a cron job that runs
'/usr/bin/keystone-manage token_flush' command
that can't be used with fernet tokens, memcache_pool.

Change-Id: Id0e12ff634ee141851687860f5d2438fbd02a11b
Closes-Bug:#1520321

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

Timur Nurlygayanov (tnurlygayanov) wrote on 2016-02-10:

Verified on MOS 8.0 RC1:

root@node-1:~# /usr/bin/keystone-manage token_flush
No handlers could be found for logger "oslo_config.cfg"
root@node-1:~#

Changed in fuel:
status:	Fix Committed → Fix Released

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-05-19:

#10

I also added keystone to this bug report. Running token_flush shouldn't fail like that, regardless if fernet is the token provider. At minimum, I think we could make keystone-manage catch the NotImplemented exception and log a warning message.

Revision history for this message

Dolph Mathews (dolph) wrote on 2016-07-06:

#11

Agree, this could have a better user experience in keystone. Keystone manage could catch the exception, and the Not Implemented error could be raised with a specific explanation as to why that backend does not need to flush tokens manually. Or, especially with memcache, the implementation could just pass instead of raising, since basically the behavior is implemented by memcached itself.

tags:	added: low-hanging-fruit
Changed in keystone:
status:	New → Triaged
tags:	added: user-experience
Changed in keystone:
importance:	Undecided → Low

Richard (csravelar) on 2016-07-06

Changed in keystone:
assignee:	nobody → Richard (csravelar)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-07-12: Fix proposed to keystone (master)

#12

Fix proposed to branch: master
Review: https://review.openstack.org/341165

Changed in keystone:
status:	Triaged → In Progress

Steve Martinelli (stevemar) on 2016-07-12

Changed in keystone:
milestone:	none → newton-2

Steve Martinelli (stevemar) on 2016-07-14

Changed in keystone:
milestone:	newton-2 → newton-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-07-14: Fix merged to keystone (master)

#13

Reviewed: https://review.openstack.org/341165
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=21d868618139872454a1ca63485297a8b42d1cca
Submitter: Jenkins
Branch: master

commit 21d868618139872454a1ca63485297a8b42d1cca
Author: “Richard <email address hidden>
Date: Tue Jul 12 19:51:55 2016 +0000

Improve user experience involving token flush

    Currently with the use of memcache it is no longer necessary to use
    the token_flush command. Running this command with KVS driver enabled
    fails and throws a Traceback and NotImplemented errors. For a better
    UX, we allow the implementation to pass and log a warning message

Change-Id: I95addc8df3a39135fb3fe3c63b6b21c1c279ace8
Closes-Bug: #1520321

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-09-02: Fix included in openstack/keystone 10.0.0.0b3

#14

This issue was fixed in the openstack/keystone 10.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1526299

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.