Juniper Openstack

Contrail-api should have keystone signing_dir setting

Series r4.0
Bug #1722787

Bug #1722787 reported by Sriram Bhamidipati on 2017-10-11

This bug affects 4 people

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.2	Fix Committed	High	Nagendra Prasath	Juniper Openstack r3.2.7.0
R4.0	Fix Committed	High	Nagendra Prasath	Juniper Openstack r4.0.3.0
R4.1	Fix Committed	High	Nagendra Prasath	Juniper Openstack r4.1.0.0-fcs "r4.1"
Trunk	Fix Committed	High	Nagendra Prasath	Juniper Openstack r5.0.0

Bug Description

during contrail-api<--> Keystone interactions,
contrail-api is continuously creating folders names prefix /tmp/keystone-siginig-xxxx
Over a period of time, the root partition is getting filled.
While this could be an issue in keystone middleware, keystone also provisions clients to
pass a fixed folder name as a parameter to Authtoken object.

/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py
...

      # signing
        self.signing_dirname = self._conf_get('signing_dir')
        if self.signing_dirname is None:
            self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
        self.LOG.info('Using %s as cache directory for signing certificate',

The 'signing_dir' can be a parameter in
/etc/contrail/contrail-keystone-auth.conf
[KEYSTONE]
...
signing_dir='/tmp/keystone'

So that the initialization of contrail-api can read it from there. Or, it can be hardcoded as well.

/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/utils.py
  # keystone options
    ksopts = {
        'signing_dir': '/tmp/keystone', << new param
        'auth_host': '127.0.0.1',
        'auth_port': '35357',
        'auth_protocol': 'http',
        'admin_user': '',
        'admin_password': '',
        'admin_tenant_name': '',
        'insecure': True,
        'cafile': ''
    }

Tags:

Jeba Paulaiyan (jebap) on 2017-10-11

tags:

added: config

Revision history for this message

Nagendra Prasath (npchandran) wrote on 2017-10-11:

Please post build Info as well. Thanks!

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-11: [Review update] master

Review in progress for https://review.opencontrail.org/36435
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-11: [Review update] R3.2

Review in progress for https://review.opencontrail.org/36436
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-11: [Review update] R4.1

Review in progress for https://review.opencontrail.org/36437
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-11: [Review update] R4.0

Review in progress for https://review.opencontrail.org/36438
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-12: [Review update] R3.2

#10

Review in progress for https://review.opencontrail.org/36436
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-12: [Review update] R4.0

#12

Review in progress for https://review.opencontrail.org/36438
Submitter: Nagendra Prasath (<email address hidden>)

Jim Reilly (jpreilly) on 2017-10-21

information type:	Public → Private
tags:	added: att-aic-contrail

Revision history for this message

Nimit Pathak (nimitpathak) wrote on 2017-10-23:

#14

this issue is critical as we are seeing this issue in ATT lab. The gist of it is that on the contrail nodes, it is filling up the /tmp directories with keystone-signing-xxxxx rather rapidly….. and eventually there are so many that the OS is not able to write or access /tmp anymore. A few contrail services require writing and read the /tmp directory during startup, and that is causing some contrail servers to fail to come up. This is observed in a few labs with contrail 3.2.5

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-25: [Review update] master

#15

Review in progress for https://review.opencontrail.org/36435
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-25: [Review update] R4.1

#17

Review in progress for https://review.opencontrail.org/36437
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-26: [Review update] R3.2

#19

Review in progress for https://review.opencontrail.org/36436
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-26: [Review update] R4.0

#21

Review in progress for https://review.opencontrail.org/36438
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-26: [Review update] master

#23

Review in progress for https://review.opencontrail.org/36435
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-26: [Review update] R4.1

#25

Review in progress for https://review.opencontrail.org/36848
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-26: A change has been merged

#27

Reviewed: https://review.opencontrail.org/36436
Committed: http://github.com/Juniper/contrail-controller/commit/5693ffc05d30a61592996b0e089c4ba516d1ee56
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 5693ffc05d30a61592996b0e089c4ba516d1ee56
Author: Nagendra Maynattamai <email address hidden>
Date: Wed Oct 11 16:46:39 2017 -0700

Adding Default signing_dir as /var/cache/contrail/keystone-signing
Closes-Bug: 1722787

Change-Id: I61d865c0213cd0ac0f1322f8725afcc4c56fc726

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-29: [Review update] R4.1

#29

Review in progress for https://review.opencontrail.org/36437
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-29: [Review update] master

#31

Review in progress for https://review.opencontrail.org/36435
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-29: [Review update] R4.0

#33

Review in progress for https://review.opencontrail.org/36438
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-29: [Review update] R4.1

#35

Review in progress for https://review.opencontrail.org/36848
Submitter: Nagendra Prasath (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-10-30: [Review update] master

#37

Review in progress for https://review.opencontrail.org/36978
Submitter: Mithun Mistry (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-11-04: A change has been merged

#39

Reviewed: https://review.opencontrail.org/36437
Committed: http://github.com/Juniper/contrail-controller/commit/e86619d889dedf0ec61f3aba3d5ed39ede9655d3
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit e86619d889dedf0ec61f3aba3d5ed39ede9655d3
Author: Nagendra Maynattamai <email address hidden>
Date: Wed Oct 11 16:51:55 2017 -0700

Configure Default value of Keystone signing_dir as /var/lib/contrail/keystone-signing
Closes-Bug: 1722787

Change-Id: Iaa9e2573d139632aaa6394eeb01deb8a2e8f4059

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-11-04:

#40

Reviewed: https://review.opencontrail.org/36438
Committed: http://github.com/Juniper/contrail-controller/commit/6e9db951d6f18de50dc643b57cc417e7d51ffa6c
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 6e9db951d6f18de50dc643b57cc417e7d51ffa6c
Author: Nagendra Maynattamai <email address hidden>
Date: Wed Oct 11 16:46:39 2017 -0700

Adding Default signing_dir as /var/lib/contrail/keystone-signing
Closes-Bug: 1722787

Change-Id: I61d865c0213cd0ac0f1322f8725afcc4c56fc726

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-11-09:

#41

Reviewed: https://review.opencontrail.org/36435
Committed: http://github.com/Juniper/contrail-controller/commit/a8c058f74dec9ac74430671c8640505a07195299
Submitter: Zuul (<email address hidden>)
Branch: master

commit a8c058f74dec9ac74430671c8640505a07195299
Author: Nagendra Maynattamai <email address hidden>
Date: Wed Oct 11 16:51:55 2017 -0700

Configure Default value of Keystone signing_dir as /var/lib/contrail/keystone-signing
Closes-Bug: 1722787

Change-Id: Iaa9e2573d139632aaa6394eeb01deb8a2e8f4059

Sriram Bhamidipati (bsriram) on 2018-03-20

tags:

added: jtac

Ning Zhong (nzhong) on 2019-05-02

information type:

Private → Public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.