Glance

Sign out break long-runing Cinder backup (token revoked) (Glance snapshot also)

Bug #1324984 reported by Donagh McCabe on 2014-05-30

This bug report is a duplicate of: Bug #1371121: Glance image-create stuck in SAVING state and when deleted image remains on the filesystem. Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
Cinder	New	Undecided	Unassigned
Glance	New	Undecided	Unassigned
OpenStack Dashboard (Horizon)	Invalid	Undecided	Gloria Gu

Bug Description

If you initiate a long-running operation (such as a Cinder volume backup) and then sign out, the operation will fail. The reason it fails is that Cinder is using the token to authenticate it's requests with Swift. When you sign out, Horizon revokes the token. The next time Cinder attempts to PUT an object, it gets 401.

There may be better ways for Cinder/Glance to handle bearer tokens (e..g, trusts). Note, Cinder's behavior is similar to Glance (when used in multi-tenant backing store mode). IHowever, Cinder/Glance's behavior with long-running actions (or more specifically when they make multiple requests to Swift) pre-dates Horizon.

It would also break Swift static large object (SLO) downloads...though that will soon be fixed by a re-org of the pipeline.

(BTE: I fudged "the next time Cinder attempts o PUT" a bit; Swift caches the token for 10 minutes, so if all PUTs complete within 10 minutes, then you are ok)

Gary W. Smith (gary-w-smith) on 2014-05-30

Changed in horizon:
assignee:	nobody → Gary W. Smith (gary-w-smith)

Gloria Gu (gloria-gu) on 2014-05-30

Changed in horizon:
assignee:	Gary W. Smith (gary-w-smith) → gloria gu (gloria-gu)

Revision history for this message

Matthias Runge (mrunge) wrote on 2014-06-04:

I agree, this is an issue; sadly, Horizon can't do anything about it. The same situation happens, if the keystone token is revoked on the console.
And not revoking the token on log-out is not an option as well.

Changed in horizon:
status:	New → Invalid

Revision history for this message

Duncan Thomas (duncan-thomas) wrote on 2014-06-04:

Why is not revoking the token not an option? Even if services move to bearer tokens, revoking the token can still race with the last few operations run before logging out if people click fast enough, so it seems like a quite fundamental bug?

Revision history for this message

Gloria Gu (gloria-gu) wrote on 2014-06-04:

I am still investigating the issue. Haven't thought through yet. But I think this bug is still valid.

if there is a long lasting task outstanding and user decides to logout...horizon should remind user that there is an task that is still running and takes some time to finish, it could give some options like

ask user to wait until the job is done
logout without revoking the token (if it is possible, how to revoke the token later?)
logout and abandon the task which could cause an error.

Revision history for this message

Donagh McCabe (donagh-mccabe) wrote on 2014-06-04:

What's the origin of the token revoke in Horizon? Was this done based on security review, or some other reason? Is there history (BP, bug, spec, etc) to explain the background? This would help our understanding.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1371121 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.