Sign out break long-runing Cinder backup (token revoked) (Glance snapshot also)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned | ||
Glance |
New
|
Undecided
|
Unassigned | ||
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Gloria Gu |
Bug Description
If you initiate a long-running operation (such as a Cinder volume backup) and then sign out, the operation will fail. The reason it fails is that Cinder is using the token to authenticate it's requests with Swift. When you sign out, Horizon revokes the token. The next time Cinder attempts to PUT an object, it gets 401.
There may be better ways for Cinder/Glance to handle bearer tokens (e..g, trusts). Note, Cinder's behavior is similar to Glance (when used in multi-tenant backing store mode). IHowever, Cinder/Glance's behavior with long-running actions (or more specifically when they make multiple requests to Swift) pre-dates Horizon.
It would also break Swift static large object (SLO) downloads...though that will soon be fixed by a re-org of the pipeline.
(BTE: I fudged "the next time Cinder attempts o PUT" a bit; Swift caches the token for 10 minutes, so if all PUTs complete within 10 minutes, then you are ok)
Changed in horizon: | |
assignee: | nobody → Gary W. Smith (gary-w-smith) |
Changed in horizon: | |
assignee: | Gary W. Smith (gary-w-smith) → gloria gu (gloria-gu) |
I agree, this is an issue; sadly, Horizon can't do anything about it. The same situation happens, if the keystone token is revoked on the console.
And not revoking the token on log-out is not an option as well.