When I launch an instance and after that I logout in Horizon and login again, at some point the instance will go to ERROR state due to an authentication error.
How to reproduce:
1. Login in Horizon
2. Launch a new instance. It will keep in some state of the creation workflow, like NETWORKING (Nova).
3. Logout from Horizon and login again
4. You will see the instance in the same state than before to logout
5. The instance workflow change to other state, like SPAWING (Glance)
6. Horizon raises an error: "Failed to perform requested operation on instance ... Not authorized for image ..."
The description is:
- When to login into Horizon and launch a new instance, that instance starts the instance creation workflow with your current token, let's name it TOKEN_A.
- Then, when you logout -> login, you have a new token, TOKEN_B. Why? because django_openstack_auth deletes the token [1] from Keystone when you logout from Horizon.
- So, we are in Horizon again with a new token (TOKEN_B) and the status of the instance is the same than before (NETWORKING), it didn't move forward yet.
- When a new step of the instance creation workflow happens, like SPAWING, that new step will ask for the TOKEN_A (because the instance creation started with TOKEN_A) to Keystone... but there is no TOKEN_A any more, we have TOKEN_B because TOKEN_A was deleted from Keystone when we logout.
-- In this example, Nova started working with TOKEN_A and, for SPAWING task, Nova sent the request (with TOKEN_A) to Glance. Glance get TOKEN_A and tries to authenticate to Keystone with it. Keystone says: There is no TOKEN_A anymore.
- So, authentication fails.
[1] https://github.com/cernops/django_openstack_auth/blob/cern/liberty/openstack_auth/views.py#L185
I would suggest add a configuration parameter to "disable" the delete_token call.