tripleo

radosgw should only be checking revocation lists for PKI tokens

Bug #1748137 reported by Giulio Fidente
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Low
Giulio Fidente
tripleo rocky-1

Bug Description

radosgw seems to be checking for the revoked tokens even though we don't use PKI

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/542107

Changed in tripleo:
assignee: nobody → Giulio Fidente (gfidente)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/541826
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=2895fbe982769392fef87d6b05f9335018f4ebee
Submitter: Zuul
Branch: master

commit 2895fbe982769392fef87d6b05f9335018f4ebee
Author: Keith Schincke <email address hidden>
Date: Wed Feb 7 13:25:51 2018 -0500

    Set rgw_keystone_revocation_interval to 0 for ceph::rgw::keystone

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled. This check
    needs to be disabled.

    Partial-Bug: #1748137
    Change-Id: I2487ce8e5cb5d3dc0d7fb8e547a4abe0e086ff4b

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/546073

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/546084

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/546086

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/546087

Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/542107
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=05b8f5ef67b98d9fc284835c9411c40ead8cf095
Submitter: Zuul
Branch: master

commit 05b8f5ef67b98d9fc284835c9411c40ead8cf095
Author: Giulio Fidente <email address hidden>
Date: Thu Feb 8 10:32:34 2018 +0100

    Set rgw_keystone_revocation_interval to 0 for ceph-ansible

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled.
    This check needs to be disabled.

    Change-Id: I9d87ff5226ab55df05e68f6639e6679fb0566484
    Closes-Bug: #1748137

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 8.0.0.0rc1

This issue was fixed in the openstack/tripleo-heat-templates 8.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/pike)

Reviewed: https://review.openstack.org/546073
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=6f41f74cb8bdf99df89253031277ce368bee979b
Submitter: Zuul
Branch: stable/pike

commit 6f41f74cb8bdf99df89253031277ce368bee979b
Author: Keith Schincke <email address hidden>
Date: Wed Feb 7 13:25:51 2018 -0500

    Set rgw_keystone_revocation_interval to 0 for ceph::rgw::keystone

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled. This check
    needs to be disabled.

    Partial-Bug: #1748137
    Change-Id: I2487ce8e5cb5d3dc0d7fb8e547a4abe0e086ff4b
    (cherry picked from commit 2895fbe982769392fef87d6b05f9335018f4ebee)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/newton)

Reviewed: https://review.openstack.org/546086
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=419afe4003ce802c81aae7ad885c1683fbf3e340
Submitter: Zuul
Branch: stable/newton

commit 419afe4003ce802c81aae7ad885c1683fbf3e340
Author: Keith Schincke <email address hidden>
Date: Wed Feb 7 13:25:51 2018 -0500

    Set rgw_keystone_revocation_interval to 0 for ceph::rgw::keystone

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled. This check
    needs to be disabled.

    Closes-Bug: #1748137
    Change-Id: I2487ce8e5cb5d3dc0d7fb8e547a4abe0e086ff4b
    (cherry picked from commit 8396e8b61e54f067638779d2c7f2b4cb8d31193b)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/ocata)

Reviewed: https://review.openstack.org/546084
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=8396e8b61e54f067638779d2c7f2b4cb8d31193b
Submitter: Zuul
Branch: stable/ocata

commit 8396e8b61e54f067638779d2c7f2b4cb8d31193b
Author: Keith Schincke <email address hidden>
Date: Wed Feb 7 13:25:51 2018 -0500

    Set rgw_keystone_revocation_interval to 0 for ceph::rgw::keystone

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled. This check
    needs to be disabled.

    Closes-Bug: #1748137
    Change-Id: I2487ce8e5cb5d3dc0d7fb8e547a4abe0e086ff4b
    (cherry picked from commit 9aa495d8abdd96d47533c37a0009cfe74533f276)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/pike)

Reviewed: https://review.openstack.org/546087
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=737bbcb98a0ed571498cab35de89c32d9295e408
Submitter: Zuul
Branch: stable/pike

commit 737bbcb98a0ed571498cab35de89c32d9295e408
Author: Giulio Fidente <email address hidden>
Date: Thu Feb 8 10:32:34 2018 +0100

    Set rgw_keystone_revocation_interval to 0 for ceph-ansible

    Ceph RGW defaults to checking every 600 seconds for a revocation.
    This is only useful for PKI tokens. PKI is not enabled.
    This check needs to be disabled.

    Change-Id: I9d87ff5226ab55df05e68f6639e6679fb0566484
    Closes-Bug: #1748137
    (cherry picked from commit 05b8f5ef67b98d9fc284835c9411c40ead8cf095)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 6.5.11

This issue was fixed in the openstack/puppet-tripleo 6.5.11 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 7.0.11

This issue was fixed in the openstack/tripleo-heat-templates 7.0.11 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 5.6.9

This issue was fixed in the openstack/puppet-tripleo 5.6.9 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.