Keystone container crash with openid configuration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello,
We use federation identity with openid for one of our main plateform.
Everything was ok but we faced a recent problem.
After containers updates, keystone keeps crashing with the error:
"realloc(): invalid pointer"
It was not the case before.
Without openid configuration, everything is ok
Each time we enable it, keystone crash on start and loops.
On container, those mod_auth_openid packages are available:
mod_auth_
mod_auth_
mod_auth_
mod_auth_
The problem occurs with 2.4.9.4-1 package version.
With mod_auth_
We can reproduce this problem on production and lab environment. Kolla version and base_distro:
kolla_base_distro: "centos"
kolla_install_type: "binary"
openstack_release: "xena"
Many thanks,
Yves and Tony
Testing several changes to the wsgi-keystone.conf file, the container starts when the line "OIDCOAuthVerif yCertFiles" is commented out. This instruction checks the AC of access tokens.
# The fully qualified names of the files that contain the X.509 certificates with the RSA public r>#]<path- to-cert> yCertFiles ([<kid> #]<filename> )+
# keys that can be used for local JWT access token verification.
# NB: this is one or more key tuples where a key tuple consists of:
# [<key-identifie
# and the key identifier part is required when the JWT access token contains a "kid" in its header.
# When not defined, no access token validation with statically configured certificates will be performed.
#OIDCOAuthVerif