OpenStack Identity (keystone)

memcache backend token can not delete a token

Bug #1290293 reported by Tiantian Gao on 2014-03-10

This bug report is a duplicate of: Bug #1242620: "Unable to add token to revocation list" warning happened when revoking token in memcache. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Incomplete	Undecided	Unassigned

Bug Description

I found the bug in stable/havana, which is handy to re-product.

configure keystone to using memcache backend, so the config file keystone.conf will look like below:

....

[token]
driver = keystone.token.backends.memcache.Token
......
[memcache]
servers=127.0.0.1:11211
......

when delete a token through API: DELETE http://10.120.120.250:35357/v2.0/tokens/89f15a7a3481456780c1254c8225dcb9 will return
500,
{
    "error": {
        "message": "Unable to add token to revocation list.",
        "code": 500,
        "title": "Internal Server Error"
    }
}

Revision history for this message

Juan Antonio Osorio Robles (juan-osorio-robles) wrote on 2014-04-25:

strange, this seems to work in v3.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-06-04:

I am unable to duplicate this running stable/havana code base.

Could you provide a traceback of what is occurring when you are getting the error (keystone server log).

Thanks!

Changed in keystone:
status:	New → Incomplete

Revision history for this message

Michiel Blokzijl (code-p) wrote on 2014-07-17:

I hit the same issue, on a h1-based OpenStack installation with memcached as auth token backend, while trying to delete a tenant. Here's my keystone log:

$ sudo cat /var/log/keystone/keystone.log
2014-07-17 06:41:22.170 5244 INFO keystone.common.environment [-] Environment configured as: eventlet
2014-07-17 06:41:22.408 5244 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:35357
2014-07-17 06:41:22.409 5244 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:5000
2014-07-17 08:50:06.066 5244 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from xx.xx.xx.xx
2014-07-17 08:54:17.637 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:02:47.342 5244 WARNING keystone.common.wsgi [-] Conflict occurred attempting to store project. (1062, "Duplicate entry 'default-Core' for key 'domain_id'")
2014-07-17 09:02:55.809 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:02:55.828 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:03:05.974 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:03:05.992 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:03:12.285 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:03:29.654 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:03:37.678 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:04:16.029 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.
2014-07-17 09:06:43.640 5244 WARNING keystone.common.wsgi [-] Unable to add token to revocation list.

Revision history for this message

Michiel Blokzijl (code-p) wrote on 2014-07-17:

Restarting memcached and keystone seems to work around the issue. I suspect this is because the tokens are flushed from memcached on restart (at least with my config). Restarting the keystone service may not be necessary.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1242620 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.