Comment 15 for bug 1443913

Okay, the problem is that valid token is cached in keystone_middleware, but originally it was stored in memcached server on the destroyed controller. At some point cached token is expired and keystone_middleware tries to check authentication on the local Keystone server, but it obviously fails, because token instance was stored on the switched off controller.

This situation cannot be fixed now, but in MOS 7.0 there will be Fernet tokens, that aren't stored on a server (see https://mirantis.jira.com/browse/PROD-232). That's why any Keystone server will be able to authenticate a token.

Workaround for now is to wait 5 minutes (cached token expiration time) after removing a controller before next running of the tests.

So, status of this bug is Won't Fix for 6.1 and Invalid for 7.0+.